summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.Test/OpenId/RelyingParty
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.Test/OpenId/RelyingParty')
-rw-r--r--src/DotNetOpenAuth.Test/OpenId/RelyingParty/OpenIdRelyingPartyTests.cs41
-rw-r--r--src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs14
2 files changed, 54 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/OpenIdRelyingPartyTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/OpenIdRelyingPartyTests.cs
index 68bbff3..f6a57e7 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/OpenIdRelyingPartyTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/OpenIdRelyingPartyTests.cs
@@ -63,6 +63,21 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
Assert.AreEqual(1, requests.Count());
}
+ [TestMethod]
+ public void CreateRequestsWithEndpointFilter() {
+ var rp = this.CreateRelyingParty();
+ StoreAssociation(rp, OPUri, HmacShaAssociation.Create("somehandle", new byte[20], TimeSpan.FromDays(1)));
+ Identifier id = Identifier.Parse(GetMockIdentifier(ProtocolVersion.V20));
+
+ rp.EndpointFilter = opendpoint => true;
+ var requests = rp.CreateRequests(id, RPRealmUri, RPUri);
+ Assert.AreEqual(1, requests.Count());
+
+ rp.EndpointFilter = opendpoint => false;
+ requests = rp.CreateRequests(id, RPRealmUri, RPUri);
+ Assert.AreEqual(0, requests.Count());
+ }
+
[TestMethod, ExpectedException(typeof(ProtocolException))]
public void CreateRequestOnNonOpenID() {
Uri nonOpenId = new Uri("http://www.microsoft.com/");
@@ -79,5 +94,31 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
var requests = rp.CreateRequests(nonOpenId, RPRealmUri, RPUri);
Assert.AreEqual(0, requests.Count());
}
+
+ /// <summary>
+ /// Verifies that incoming positive assertions throw errors if they come from
+ /// OPs that are not approved by <see cref="OpenIdRelyingParty.EndpointFilter"/>.
+ /// </summary>
+ [TestMethod]
+ public void AssertionWithEndpointFilter() {
+ var coordinator = new OpenIdCoordinator(
+ rp => {
+ // register with RP so that id discovery passes
+ rp.Channel.WebRequestHandler = this.MockResponder.MockWebRequestHandler;
+
+ // Rig it to always deny the incoming OP
+ rp.EndpointFilter = op => false;
+
+ // Receive the unsolicited assertion
+ var response = rp.GetResponse();
+ Assert.AreEqual(AuthenticationStatus.Failed, response.Status);
+ },
+ op => {
+ Identifier id = GetMockIdentifier(ProtocolVersion.V20);
+ op.SendUnsolicitedAssertion(OPUri, GetMockRealm(false), id, id);
+ AutoProvider(op);
+ });
+ coordinator.Run();
+ }
}
}
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
index 7701090..701bcae 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/PositiveAuthenticationResponseTests.cs
@@ -38,7 +38,7 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status);
Assert.IsNull(authResponse.Exception);
Assert.AreEqual<string>(assertion.ClaimedIdentifier, authResponse.ClaimedIdentifier);
- Assert.AreEqual<string>(authResponseAccessor.endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay);
+ Assert.AreEqual<string>(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay);
Assert.AreSame(extension, authResponse.GetUntrustedExtension(typeof(ClaimsResponse)));
Assert.AreSame(extension, authResponse.GetUntrustedExtension<ClaimsResponse>());
Assert.IsNull(authResponse.GetCallbackArgument("a"));
@@ -59,6 +59,18 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
Assert.AreEqual(AuthenticationStatus.Failed, authResponse.Status);
}
+ /// <summary>
+ /// Verifies that the RP rejects positive assertions with HTTP Claimed
+ /// Cdentifiers when RequireSsl is set to true.
+ /// </summary>
+ [TestMethod, ExpectedException(typeof(ProtocolException))]
+ public void InsecureIdentifiersRejectedWithRequireSsl() {
+ PositiveAssertionResponse assertion = this.GetPositiveAssertion();
+ var rp = CreateRelyingParty();
+ rp.SecuritySettings.RequireSsl = true;
+ var authResponse = new PositiveAuthenticationResponse(assertion, rp);
+ }
+
[TestMethod]
public void GetCallbackArguments() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
generated by cgit v1.1 at 2025-06-04 20:50:04 +0000