diff options
Diffstat (limited to 'src/DotNetOpenId.Test')
19 files changed, 792 insertions, 36 deletions
diff --git a/src/DotNetOpenId.Test/DotNetOpenId.Test.csproj b/src/DotNetOpenId.Test/DotNetOpenId.Test.csproj index 0a20915..451f497 100644 --- a/src/DotNetOpenId.Test/DotNetOpenId.Test.csproj +++ b/src/DotNetOpenId.Test/DotNetOpenId.Test.csproj @@ -53,14 +53,20 @@ <Compile Include="Extensions\AttributeExchangeFetchResponseTests.cs" />
<Compile Include="Extensions\AttributeExchangeTests.cs" />
<Compile Include="Extensions\AttributeRequestTests.cs" />
+ <Compile Include="Extensions\ExtensionsTestSetup.cs" />
<Compile Include="Extensions\ExtensionTestBase.cs" />
+ <Compile Include="Extensions\PapeTests.cs" />
+ <Compile Include="Extensions\PolicyRequestTests.cs" />
+ <Compile Include="Extensions\PolicyResponseTests.cs" />
<Compile Include="Extensions\SimpleRegistrationTests.cs" />
<Compile Include="Hosting\EncodingInterceptor.cs" />
<Compile Include="IdentifierTests.cs" />
<Compile Include="NonceTest.cs" />
<Compile Include="PiecewiseJointTesting.cs" />
<Compile Include="Provider\IAuthenticationRequestTest.cs" />
+ <Compile Include="RelyingParty\AuthenticationRequestTests.cs" />
<Compile Include="RelyingParty\AuthenticationResponseTests.cs" />
+ <Compile Include="RelyingParty\IProviderEndpointTests.cs" />
<Compile Include="RelyingParty\OpenIdMobileTextBoxTest.cs" />
<Compile Include="RelyingParty\OpenIdRelyingPartyTest.cs" />
<Compile Include="RelyingParty\OpenIdTextBoxTest.cs" />
@@ -73,13 +79,14 @@ <Compile Include="Hosting\HttpHost.cs" />
<Compile Include="TestSupport.cs" />
<Compile Include="Hosting\TestingWorkerRequest.cs" />
- <Compile Include="ProfileFieldValuesTests.cs" />
+ <Compile Include="Extensions\ClaimsResponseTests.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Provider\IdentityEndpointTest.cs" />
<Compile Include="Provider\OpenIdProviderTest.cs" />
<Compile Include="Provider\ProviderEndpointTest.cs" />
<Compile Include="RelyingParty\TokenTest.cs" />
<Compile Include="RealmTestSuite.cs" />
+ <Compile Include="UntrustedWebRequestTests.cs" />
<Compile Include="UriIdentifierTests.cs" />
<Compile Include="UriUtilTest.cs" />
<Compile Include="UtilTest.cs" />
diff --git a/src/DotNetOpenId.Test/EndToEndTesting.cs b/src/DotNetOpenId.Test/EndToEndTesting.cs index 4879c47..8f94744 100644 --- a/src/DotNetOpenId.Test/EndToEndTesting.cs +++ b/src/DotNetOpenId.Test/EndToEndTesting.cs @@ -18,6 +18,8 @@ namespace DotNetOpenId.Test { [SetUp]
public void Setup() {
appStore = new ApplicationMemoryStore();
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
}
void parameterizedTest(UriIdentifier identityUrl,
@@ -34,10 +36,10 @@ namespace DotNetOpenId.Test { Uri redirectToProviderUrl;
var returnTo = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
var realm = new Realm(TestSupport.GetFullUrl(TestSupport.ConsumerPage).AbsoluteUri);
- var consumer = new OpenIdRelyingParty(store, null);
+ var consumer = new OpenIdRelyingParty(store, null, null);
Assert.IsNull(consumer.Response);
var request = consumer.CreateRequest(identityUrl, realm, returnTo);
- Protocol protocol = Protocol.Lookup(request.ProviderVersion);
+ Protocol protocol = Protocol.Lookup(request.Provider.Version);
// Test properties and defaults
Assert.AreEqual(AuthenticationRequestMode.Setup, request.Mode);
@@ -47,11 +49,11 @@ namespace DotNetOpenId.Test { request.Mode = requestMode;
// Verify the redirect URL
- Assert.IsNotNull(request.RedirectToProviderUrl);
- var consumerToProviderQuery = HttpUtility.ParseQueryString(request.RedirectToProviderUrl.Query);
+ Assert.IsNotNull(request.RedirectingResponse);
+ var consumerToProviderQuery = HttpUtility.ParseQueryString(request.RedirectingResponse.ExtractUrl().Query);
Assert.IsTrue(consumerToProviderQuery[protocol.openid.return_to].StartsWith(returnTo.AbsoluteUri, StringComparison.Ordinal));
Assert.AreEqual(realm.ToString(), consumerToProviderQuery[protocol.openid.Realm]);
- redirectToProviderUrl = request.RedirectToProviderUrl;
+ redirectToProviderUrl = request.RedirectingResponse.ExtractUrl();
HttpWebRequest providerRequest = (HttpWebRequest)WebRequest.Create(redirectToProviderUrl);
providerRequest.AllowAutoRedirect = false;
@@ -70,7 +72,7 @@ namespace DotNetOpenId.Test { }
throw;
}
- consumer = new OpenIdRelyingParty(store, redirectUrl);
+ consumer = new OpenIdRelyingParty(store, redirectUrl, HttpUtility.ParseQueryString(redirectUrl.Query));
Assert.AreEqual(expectedResult, consumer.Response.Status);
Assert.AreEqual(identityUrl, consumer.Response.ClaimedIdentifier);
@@ -81,7 +83,7 @@ namespace DotNetOpenId.Test { // the consumer, and tries the same query to the consumer in an
// attempt to spoof the identity of the authenticating user.
try {
- var replayAttackConsumer = new OpenIdRelyingParty(store, redirectUrl);
+ var replayAttackConsumer = new OpenIdRelyingParty(store, redirectUrl, HttpUtility.ParseQueryString(redirectUrl.Query));
Assert.AreNotEqual(AuthenticationStatus.Authenticated, replayAttackConsumer.Response.Status, "Replay attack");
} catch (OpenIdException) { // nonce already used
// another way to pass
diff --git a/src/DotNetOpenId.Test/Extensions/AttributeExchangeTests.cs b/src/DotNetOpenId.Test/Extensions/AttributeExchangeTests.cs index 5f4fd26..62efbc2 100644 --- a/src/DotNetOpenId.Test/Extensions/AttributeExchangeTests.cs +++ b/src/DotNetOpenId.Test/Extensions/AttributeExchangeTests.cs @@ -95,7 +95,7 @@ namespace DotNetOpenId.Test.Extensions { var identityUrl = TestSupport.GetIdentityUrl(TestSupport.Scenarios.ExtensionFullCooperation, Version);
var returnTo = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
var realm = new Realm(TestSupport.GetFullUrl(TestSupport.ConsumerPage).AbsoluteUri);
- var consumer = new OpenIdRelyingParty(AppStore, null);
+ var consumer = new OpenIdRelyingParty(AppStore, null, null);
var request = consumer.CreateRequest(identityUrl, realm, returnTo);
request.AddExtension(new FetchRequest());
request.AddExtension(new StoreRequest());
diff --git a/src/DotNetOpenId.Test/ProfileFieldValuesTests.cs b/src/DotNetOpenId.Test/Extensions/ClaimsResponseTests.cs index 51f6eca..afc2e03 100644 --- a/src/DotNetOpenId.Test/ProfileFieldValuesTests.cs +++ b/src/DotNetOpenId.Test/Extensions/ClaimsResponseTests.cs @@ -16,11 +16,11 @@ using NUnit.Framework; using DotNetOpenId.Extensions.SimpleRegistration;
using DotNetOpenId.Extensions;
-namespace DotNetOpenId.Test {
+namespace DotNetOpenId.Test.Extensions {
[TestFixture]
- public class ProfileFieldValuesTests {
+ public class ClaimsResponseTests {
ClaimsResponse getFilledData() {
- return new ClaimsResponse() {
+ return new ClaimsResponse(Constants.sreg_ns) {
BirthDate = new DateTime(2005, 2, 3),
Culture = new System.Globalization.CultureInfo("en-US"),
Email = "a@b.com",
@@ -33,6 +33,13 @@ namespace DotNetOpenId.Test { }
[Test]
+ public void EmptyMailAddress() {
+ ClaimsResponse response = new ClaimsResponse(Constants.sreg_ns);
+ response.Email = "";
+ Assert.IsNull(response.MailAddress);
+ }
+
+ [Test]
public void BinarySerialization() {
ClaimsResponse fields = getFilledData();
MemoryStream ms = new MemoryStream();
@@ -104,6 +111,26 @@ namespace DotNetOpenId.Test { Assert.AreNotEqual(fields1, fields2);
}
+ void parameterizedPreserveVersionFromRequest(string versionTypeUri) {
+ Dictionary<string, string> fields = new Dictionary<string, string>{
+ {"optional", "nickname"},
+ };
+ var req = new ClaimsRequest();
+ Assert.IsTrue(((IExtensionRequest)req).Deserialize(fields, null, versionTypeUri));
+ Assert.AreEqual(DemandLevel.Request, req.Nickname);
+ ClaimsResponse resp = req.CreateResponse();
+ Assert.AreEqual(versionTypeUri, ((IExtensionResponse)resp).TypeUri);
+ }
+
+ [Test]
+ public void PreserveVersionFromRequest() {
+ // some unofficial type URIs...
+ parameterizedPreserveVersionFromRequest("http://openid.net/sreg/1.0");
+ parameterizedPreserveVersionFromRequest("http://openid.net/sreg/1.1");
+ // and the official one.
+ parameterizedPreserveVersionFromRequest("http://openid.net/extensions/sreg/1.1");
+ }
+
//[Test]
public void AddToResponse() {
// TODO
diff --git a/src/DotNetOpenId.Test/Extensions/ExtensionTestBase.cs b/src/DotNetOpenId.Test/Extensions/ExtensionTestBase.cs index ea3379c..825ef58 100644 --- a/src/DotNetOpenId.Test/Extensions/ExtensionTestBase.cs +++ b/src/DotNetOpenId.Test/Extensions/ExtensionTestBase.cs @@ -8,6 +8,7 @@ using System.Net; using DotNetOpenId.Extensions;
using System.IO;
using System.Diagnostics;
+using System.Web;
namespace DotNetOpenId.Test.Extensions {
public class ExtensionTestBase {
@@ -24,12 +25,12 @@ namespace DotNetOpenId.Test.Extensions { Debug.Assert(identityUrl != null);
var returnTo = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
var realm = new Realm(TestSupport.GetFullUrl(TestSupport.ConsumerPage).AbsoluteUri);
- var consumer = new OpenIdRelyingParty(AppStore, null);
+ var consumer = new OpenIdRelyingParty(AppStore, null, null);
var request = consumer.CreateRequest(identityUrl, realm, returnTo);
if (extension != null)
request.AddExtension(extension);
- HttpWebRequest providerRequest = (HttpWebRequest)WebRequest.Create(request.RedirectToProviderUrl);
+ HttpWebRequest providerRequest = (HttpWebRequest)WebRequest.Create(request.RedirectingResponse.ExtractUrl());
providerRequest.AllowAutoRedirect = false;
Uri redirectUrl;
try {
@@ -46,7 +47,7 @@ namespace DotNetOpenId.Test.Extensions { }
throw;
}
- consumer = new OpenIdRelyingParty(AppStore, redirectUrl);
+ consumer = new OpenIdRelyingParty(AppStore, redirectUrl, HttpUtility.ParseQueryString(redirectUrl.Query));
Assert.AreEqual(AuthenticationStatus.Authenticated, consumer.Response.Status);
Assert.AreEqual(identityUrl, consumer.Response.ClaimedIdentifier);
return consumer.Response.GetExtension<T>();
diff --git a/src/DotNetOpenId.Test/Extensions/ExtensionsTestSetup.cs b/src/DotNetOpenId.Test/Extensions/ExtensionsTestSetup.cs new file mode 100644 index 0000000..1bde812 --- /dev/null +++ b/src/DotNetOpenId.Test/Extensions/ExtensionsTestSetup.cs @@ -0,0 +1,16 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+
+namespace DotNetOpenId.Test.Extensions {
+ [SetUpFixture]
+ public class ExtensionsTestSetup {
+ [SetUp]
+ public void SetUp() {
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/Extensions/PapeTests.cs b/src/DotNetOpenId.Test/Extensions/PapeTests.cs new file mode 100644 index 0000000..914089e --- /dev/null +++ b/src/DotNetOpenId.Test/Extensions/PapeTests.cs @@ -0,0 +1,33 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using DotNetOpenId.Extensions.ProviderAuthenticationPolicy;
+
+namespace DotNetOpenId.Test.Extensions {
+ [TestFixture]
+ public class PapeTests : ExtensionTestBase {
+ [Test]
+ public void None() {
+ var response = ParameterizedTest<PolicyResponse>(
+ TestSupport.GetIdentityUrl(TestSupport.Scenarios.ExtensionFullCooperation, Version), null);
+ Assert.IsNull(response);
+ }
+
+ [Test]
+ public void Full() {
+ var request = new PolicyRequest();
+ request.MaximumAuthenticationAge = TimeSpan.FromMinutes(10);
+ request.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ var response = ParameterizedTest<PolicyResponse>(
+ TestSupport.GetIdentityUrl(TestSupport.Scenarios.ExtensionFullCooperation, Version), request);
+ Assert.IsNotNull(response);
+ Assert.IsNotNull(response.AuthenticationTimeUtc);
+ Assert.IsTrue(response.AuthenticationTimeUtc.Value > DateTime.UtcNow - request.MaximumAuthenticationAge);
+ Assert.IsTrue(response.AssuranceLevels.ContainsKey(Constants.AuthenticationLevels.NistTypeUri));
+ Assert.AreEqual("1", response.AssuranceLevels[Constants.AuthenticationLevels.NistTypeUri]);
+ Assert.AreEqual(NistAssuranceLevel.Level1, response.NistAssuranceLevel);
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/Extensions/PolicyRequestTests.cs b/src/DotNetOpenId.Test/Extensions/PolicyRequestTests.cs new file mode 100644 index 0000000..40155db --- /dev/null +++ b/src/DotNetOpenId.Test/Extensions/PolicyRequestTests.cs @@ -0,0 +1,194 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using DotNetOpenId.Extensions.ProviderAuthenticationPolicy;
+using DotNetOpenId.Extensions;
+using System.Globalization;
+
+namespace DotNetOpenId.Test.Extensions {
+ [TestFixture]
+ public class PolicyRequestTests {
+ [Test]
+ public void Ctor() {
+ PolicyRequest req = new PolicyRequest();
+ Assert.IsNull(req.MaximumAuthenticationAge);
+ Assert.IsNotNull(req.PreferredPolicies);
+ Assert.AreEqual(0, req.PreferredPolicies.Count);
+ }
+
+ [Test]
+ public void MaximumAuthenticationAgeTest() {
+ PolicyRequest req = new PolicyRequest();
+ req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
+ Assert.IsNotNull(req.MaximumAuthenticationAge);
+ Assert.AreEqual(TimeSpan.FromHours(1), req.MaximumAuthenticationAge);
+ req.MaximumAuthenticationAge = null;
+ Assert.IsNull(req.MaximumAuthenticationAge);
+ }
+
+ [Test]
+ public void AddPolicies() {
+ PolicyRequest resp = new PolicyRequest();
+ resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ resp.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreEqual(2, resp.PreferredPolicies.Count);
+ Assert.AreEqual(AuthenticationPolicies.MultiFactor, resp.PreferredPolicies[0]);
+ Assert.AreEqual(AuthenticationPolicies.PhishingResistant, resp.PreferredPolicies[1]);
+ }
+
+ [Test]
+ public void AddPolicyMultipleTimes() {
+ // Although this isn't really the desired behavior (we'd prefer to see an
+ // exception thrown), since we're using a List<string> internally we can't
+ // expect anything better (for now). But if this is ever fixed, by all means
+ // change this test to expect an exception or something else.
+ PolicyRequest resp = new PolicyRequest();
+ resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ resp.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreEqual(2, resp.PreferredPolicies.Count);
+ }
+
+ [Test]
+ public void AddAuthLevelTypes() {
+ PolicyRequest req = new PolicyRequest();
+ req.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ Assert.AreEqual(1, req.PreferredAuthLevelTypes.Count);
+ Assert.IsTrue(req.PreferredAuthLevelTypes.Contains(Constants.AuthenticationLevels.NistTypeUri));
+ }
+
+ [Test]
+ public void EqualsTest() {
+ PolicyRequest req = new PolicyRequest();
+ PolicyRequest req2 = new PolicyRequest();
+ Assert.AreEqual(req, req2);
+ Assert.AreNotEqual(req, null);
+ Assert.AreNotEqual(null, req);
+
+ // Test PreferredPolicies list comparison
+ req.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreNotEqual(req, req2);
+ req2.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreNotEqual(req, req2);
+ req2.PreferredPolicies.Clear();
+ req2.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreEqual(req, req2);
+
+ // Test PreferredPolicies list comparison when that list is not in the same order.
+ req.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreNotEqual(req, req2);
+ req2.PreferredPolicies.Insert(0, AuthenticationPolicies.MultiFactor);
+ Assert.AreEqual(req, req2);
+
+ // Test MaximumAuthenticationAge comparison.
+ req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
+ Assert.AreNotEqual(req, req2);
+ req2.MaximumAuthenticationAge = req.MaximumAuthenticationAge;
+ Assert.AreEqual(req, req2);
+
+ // Test PreferredAuthLevelTypes comparison.
+ req.PreferredAuthLevelTypes.Add("authlevel1");
+ Assert.AreNotEqual(req, req2);
+ req2.PreferredAuthLevelTypes.Add("authlevel2");
+ Assert.AreNotEqual(req, req2);
+ req.PreferredAuthLevelTypes.Add("authlevel2");
+ req2.PreferredAuthLevelTypes.Add("authlevel1");
+ Assert.AreEqual(req, req2);
+ }
+
+ [Test]
+ public void DeserializeNull() {
+ PolicyRequest req = new PolicyRequest();
+ Assert.IsFalse(((IExtensionRequest)req).Deserialize(null, null, Constants.TypeUri));
+ }
+
+ [Test]
+ public void DeserializeEmpty() {
+ PolicyRequest req = new PolicyRequest();
+ Assert.IsFalse(((IExtensionRequest)req).Deserialize(new Dictionary<string, string>(), null, Constants.TypeUri));
+ }
+
+ [Test]
+ public void SerializeRoundTrip() {
+ // This test relies on the PolicyRequest.Equals method. If this and that test
+ // are failing, work on EqualsTest first.
+
+ // Most basic test
+ PolicyRequest req = new PolicyRequest(), req2 = new PolicyRequest();
+ var fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.IsTrue(((IExtensionRequest)req2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(req, req2);
+
+ // Test with all fields set
+ req2 = new PolicyRequest();
+ req.PreferredPolicies.Add(AuthenticationPolicies.MultiFactor);
+ req.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.IsTrue(((IExtensionRequest)req2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(req, req2);
+
+ // Test with an extra policy and auth level
+ req2 = new PolicyRequest();
+ req.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ req.PreferredAuthLevelTypes.Add("customAuthLevel");
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.IsTrue(((IExtensionRequest)req2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(req, req2);
+
+ // Test with a policy added twice. We should see it intelligently leave one of
+ // the doubled policies out.
+ req2 = new PolicyRequest();
+ req.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ req.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.IsTrue(((IExtensionRequest)req2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreNotEqual(req, req2);
+ // Now go ahead and add the doubled one so we can do our equality test.
+ req2.PreferredPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ req2.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ Assert.AreEqual(req, req2);
+ }
+
+ [Test]
+ public void Serialize() {
+ PolicyRequest req = new PolicyRequest();
+ var fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual(1, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("preferred_auth_policies"));
+ Assert.IsEmpty(fields["preferred_auth_policies"]);
+
+ req.MaximumAuthenticationAge = TimeSpan.FromHours(1);
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual(2, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("max_auth_age"));
+ Assert.AreEqual(TimeSpan.FromHours(1).TotalSeconds.ToString(CultureInfo.InvariantCulture), fields["max_auth_age"]);
+
+ req.PreferredPolicies.Add("http://pol1/");
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual("http://pol1/", fields["preferred_auth_policies"]);
+
+ req.PreferredPolicies.Add("http://pol2/");
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual("http://pol1/ http://pol2/", fields["preferred_auth_policies"]);
+
+ req.PreferredAuthLevelTypes.Add("http://authtype1/");
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual(4, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias1"));
+ Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias1"]);
+ Assert.IsTrue(fields.ContainsKey("preferred_auth_level_types"));
+ Assert.AreEqual("alias1", fields["preferred_auth_level_types"]);
+
+ req.PreferredAuthLevelTypes.Add(Constants.AuthenticationLevels.NistTypeUri);
+ fields = ((IExtensionRequest)req).Serialize(null);
+ Assert.AreEqual(5, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
+ Assert.AreEqual("http://authtype1/", fields["auth_level.ns.alias2"]);
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
+ Assert.AreEqual(Constants.AuthenticationLevels.NistTypeUri, fields["auth_level.ns.nist"]);
+ Assert.AreEqual("alias2 nist", fields["preferred_auth_level_types"]);
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/Extensions/PolicyResponseTests.cs b/src/DotNetOpenId.Test/Extensions/PolicyResponseTests.cs new file mode 100644 index 0000000..7fe240b --- /dev/null +++ b/src/DotNetOpenId.Test/Extensions/PolicyResponseTests.cs @@ -0,0 +1,258 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using DotNetOpenId.Extensions.ProviderAuthenticationPolicy;
+using DotNetOpenId.Extensions;
+
+namespace DotNetOpenId.Test.Extensions {
+ [TestFixture]
+ public class PolicyResponseTests {
+ DateTime someLocalTime = new DateTime(2008, 1, 1, 1, 1, 1, 0, DateTimeKind.Local);
+ DateTime someUtcTime = new DateTime(2008, 1, 1, 1, 1, 1, 0, DateTimeKind.Utc);
+ DateTime someUnspecifiedTime = new DateTime(2008, 1, 1, 1, 1, 1, 0, DateTimeKind.Unspecified);
+ [Test]
+ public void Ctor() {
+ PolicyResponse resp = new PolicyResponse();
+ Assert.IsNotNull(resp.ActualPolicies);
+ Assert.AreEqual(0, resp.ActualPolicies.Count);
+ Assert.IsNull(resp.AuthenticationTimeUtc);
+ Assert.IsNull(resp.NistAssuranceLevel);
+ }
+
+ [Test]
+ public void AddPolicies() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreEqual(2, resp.ActualPolicies.Count);
+ Assert.AreEqual(AuthenticationPolicies.MultiFactor, resp.ActualPolicies[0]);
+ Assert.AreEqual(AuthenticationPolicies.PhishingResistant, resp.ActualPolicies[1]);
+ }
+
+ [Test]
+ public void AddPolicyMultipleTimes() {
+ // Although this isn't really the desired behavior (we'd prefer to see an
+ // exception thrown), since we're using a List<string> internally we can't
+ // expect anything better (for now). But if this is ever fixed, by all means
+ // change this test to expect an exception or something else.
+ PolicyResponse resp = new PolicyResponse();
+ resp.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ resp.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreEqual(2, resp.ActualPolicies.Count);
+ }
+
+ [Test]
+ public void AuthenticationTimeUtcConvertsToUtc() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.AuthenticationTimeUtc = someLocalTime;
+ Assert.IsNotNull(resp.AuthenticationTimeUtc);
+ Assert.AreEqual(DateTimeKind.Utc, resp.AuthenticationTimeUtc.Value.Kind);
+ Assert.AreEqual(someLocalTime.ToUniversalTime(), resp.AuthenticationTimeUtc.Value);
+ }
+
+ [Test]
+ public void AuthenticationTimeUtcSetUtc() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.AuthenticationTimeUtc = someUtcTime;
+ Assert.AreEqual(someUtcTime, resp.AuthenticationTimeUtc);
+ }
+
+ [Test, ExpectedException(typeof(ArgumentException))]
+ public void AuthenticationTimeUtcSetUnspecified() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.AuthenticationTimeUtc = someUnspecifiedTime;
+ }
+
+ [Test]
+ public void AuthenticationTimeUtcSetNull() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.AuthenticationTimeUtc = null;
+ Assert.IsNull(resp.AuthenticationTimeUtc);
+ resp.AuthenticationTimeUtc = someUtcTime;
+ Assert.IsNotNull(resp.AuthenticationTimeUtc);
+ resp.AuthenticationTimeUtc = null;
+ Assert.IsNull(resp.AuthenticationTimeUtc);
+ }
+
+ [Test]
+ public void NistAssuranceLevelSetVarious() {
+ PolicyResponse resp = new PolicyResponse();
+ resp.NistAssuranceLevel = NistAssuranceLevel.Level1;
+ Assert.AreEqual(NistAssuranceLevel.Level1, resp.NistAssuranceLevel);
+ resp.NistAssuranceLevel = null;
+ Assert.IsNull(resp.NistAssuranceLevel);
+ resp.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
+ Assert.AreEqual(NistAssuranceLevel.InsufficientForLevel1, resp.NistAssuranceLevel);
+ }
+
+ [Test]
+ public void AssuranceLevels() {
+ PolicyResponse resp = new PolicyResponse();
+ Assert.AreEqual(0, resp.AssuranceLevels.Count);
+ resp.NistAssuranceLevel = NistAssuranceLevel.Level2;
+ Assert.AreEqual(1, resp.AssuranceLevels.Count);
+ Assert.AreEqual("2", resp.AssuranceLevels[Constants.AuthenticationLevels.NistTypeUri]);
+ resp.AssuranceLevels[Constants.AuthenticationLevels.NistTypeUri] = "3";
+ Assert.AreEqual(NistAssuranceLevel.Level3, resp.NistAssuranceLevel);
+ resp.AssuranceLevels.Clear();
+ Assert.IsNull(resp.NistAssuranceLevel);
+ }
+
+ [Test]
+ public void EqualsTest() {
+ PolicyResponse resp = new PolicyResponse();
+ PolicyResponse resp2 = new PolicyResponse();
+ Assert.AreEqual(resp, resp2);
+ Assert.AreNotEqual(resp, null);
+ Assert.AreNotEqual(null, resp);
+
+ // Test ActualPolicies list comparison
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreNotEqual(resp, resp2);
+ resp2.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreNotEqual(resp, resp2);
+ resp2.ActualPolicies.Clear();
+ resp2.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreEqual(resp, resp2);
+
+ // Test ActualPolicies list comparison when that list is not in the same order.
+ resp.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ Assert.AreNotEqual(resp, resp2);
+ resp2.ActualPolicies.Insert(0, AuthenticationPolicies.MultiFactor);
+ Assert.AreEqual(resp, resp2);
+
+ // Test AuthenticationTimeUtc comparison.
+ resp.AuthenticationTimeUtc = DateTime.Now;
+ Assert.AreNotEqual(resp, resp2);
+ resp2.AuthenticationTimeUtc = resp.AuthenticationTimeUtc;
+ Assert.AreEqual(resp, resp2);
+ resp2.AuthenticationTimeUtc += TimeSpan.FromSeconds(1);
+ Assert.AreNotEqual(resp, resp2);
+ resp2.AuthenticationTimeUtc = resp.AuthenticationTimeUtc;
+ Assert.AreEqual(resp, resp2);
+
+ // Test NistAssuranceLevel comparison.
+ resp.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
+ Assert.AreNotEqual(resp, resp2);
+ resp2.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
+ Assert.AreEqual(resp, resp2);
+ resp.NistAssuranceLevel = NistAssuranceLevel.Level2;
+ Assert.AreNotEqual(resp, resp2);
+ resp2.NistAssuranceLevel = NistAssuranceLevel.Level2;
+ Assert.AreEqual(resp, resp2);
+
+ // Test AssuranceLevels comparison.
+ resp.AssuranceLevels.Add("custom", "b");
+ Assert.AreNotEqual(resp, resp2);
+ resp2.AssuranceLevels.Add("custom", "2");
+ Assert.AreNotEqual(resp, resp2);
+ resp2.AssuranceLevels["custom"] = "b";
+ Assert.AreEqual(resp, resp2);
+ resp.AssuranceLevels[Constants.AuthenticationLevels.NistTypeUri] = "1";
+ Assert.AreNotEqual(resp, resp2);
+ resp2.AssuranceLevels[Constants.AuthenticationLevels.NistTypeUri] = "1";
+ Assert.AreEqual(resp, resp2);
+ }
+
+ [Test]
+ public void DeserializeNull() {
+ PolicyResponse resp = new PolicyResponse();
+ Assert.IsFalse(((IExtensionResponse)resp).Deserialize(null, null, Constants.TypeUri));
+ }
+
+ [Test]
+ public void DeserializeEmpty() {
+ PolicyResponse resp = new PolicyResponse();
+ Assert.IsFalse(((IExtensionResponse)resp).Deserialize(new Dictionary<string, string>(), null, Constants.TypeUri));
+ }
+
+ [Test]
+ public void SerializeRoundTrip() {
+ // This test relies on the PolicyResponse.Equals method. If this and that test
+ // are failing, work on EqualsTest first.
+
+ // Most basic test
+ PolicyResponse resp = new PolicyResponse(), resp2 = new PolicyResponse();
+ var fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.IsTrue(((IExtensionResponse)resp2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(resp, resp2);
+
+ // Test with all fields set
+ resp2 = new PolicyResponse();
+ resp.ActualPolicies.Add(AuthenticationPolicies.MultiFactor);
+ resp.AuthenticationTimeUtc = someUtcTime;
+ resp.NistAssuranceLevel = NistAssuranceLevel.Level2;
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.IsTrue(((IExtensionResponse)resp2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(resp, resp2);
+
+ // Test with an extra policy
+ resp2 = new PolicyResponse();
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ resp.AssuranceLevels.Add("customlevel", "ABC");
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.IsTrue(((IExtensionResponse)resp2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreEqual(resp, resp2);
+
+ // Test with a policy added twice. We should see it intelligently leave one of
+ // the doubled policies out.
+ resp2 = new PolicyResponse();
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.IsTrue(((IExtensionResponse)resp2).Deserialize(fields, null, Constants.TypeUri));
+ Assert.AreNotEqual(resp, resp2);
+ // Now go ahead and add the doubled one so we can do our equality test.
+ resp2.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ Assert.AreEqual(resp, resp2);
+ }
+
+ [Test]
+ public void Serialize() {
+ PolicyResponse resp = new PolicyResponse(), resp2 = new PolicyResponse();
+ var fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(1, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_policies"));
+ Assert.AreEqual(AuthenticationPolicies.None, fields["auth_policies"]);
+
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhishingResistant);
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(1, fields.Count);
+ Assert.AreEqual(AuthenticationPolicies.PhishingResistant, fields["auth_policies"]);
+
+ resp.ActualPolicies.Add(AuthenticationPolicies.PhysicalMultiFactor);
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(1, fields.Count);
+ Assert.AreEqual(
+ AuthenticationPolicies.PhishingResistant + " " + AuthenticationPolicies.PhysicalMultiFactor,
+ fields["auth_policies"]);
+
+ resp.AuthenticationTimeUtc = DateTime.UtcNow;
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(2, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_time"));
+
+ resp.NistAssuranceLevel = NistAssuranceLevel.Level3;
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(4, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
+ Assert.AreEqual(Constants.AuthenticationLevels.NistTypeUri, fields["auth_level.ns.nist"]);
+ Assert.IsTrue(fields.ContainsKey("auth_level.nist"));
+ Assert.AreEqual("3", fields["auth_level.nist"]);
+
+ resp.AssuranceLevels.Add("custom", "CU");
+ fields = ((IExtensionResponse)resp).Serialize(null);
+ Assert.AreEqual(6, fields.Count);
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.alias2"));
+ Assert.AreEqual("custom", fields["auth_level.ns.alias2"]);
+ Assert.IsTrue(fields.ContainsKey("auth_level.alias2"));
+ Assert.AreEqual("CU", fields["auth_level.alias2"]);
+ // and make sure the NIST is still there.
+ Assert.IsTrue(fields.ContainsKey("auth_level.ns.nist"));
+ Assert.AreEqual(Constants.AuthenticationLevels.NistTypeUri, fields["auth_level.ns.nist"]);
+ Assert.IsTrue(fields.ContainsKey("auth_level.nist"));
+ Assert.AreEqual("3", fields["auth_level.nist"]);
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/Hosting/AspNetHost.cs b/src/DotNetOpenId.Test/Hosting/AspNetHost.cs index 8b92e23..f171f5a 100644 --- a/src/DotNetOpenId.Test/Hosting/AspNetHost.cs +++ b/src/DotNetOpenId.Test/Hosting/AspNetHost.cs @@ -19,7 +19,9 @@ namespace DotNetOpenId.Test.Hosting { public AspNetHost() {
httpHost = HttpHost.CreateHost(this);
- DotNetOpenId.Provider.SigningEncoder.Signing += (s, e) => {
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ DotNetOpenId.Provider.SigningMessageEncoder.Signing += (s, e) => {
if (MessageInterceptor != null) MessageInterceptor.OnSigningMessage(e.Message);
};
}
diff --git a/src/DotNetOpenId.Test/Provider/IAuthenticationRequestTest.cs b/src/DotNetOpenId.Test/Provider/IAuthenticationRequestTest.cs index b574c97..3ea7d9c 100644 --- a/src/DotNetOpenId.Test/Provider/IAuthenticationRequestTest.cs +++ b/src/DotNetOpenId.Test/Provider/IAuthenticationRequestTest.cs @@ -9,14 +9,20 @@ using System.Net; namespace DotNetOpenId.Test.Provider {
[TestFixture]
public class IAuthenticationRequestTest {
+ [SetUp]
+ public void Setup() {
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ }
+
[Test, ExpectedException(typeof(WebException), UserMessage = "OP should throw WebException when return URL is unverifiable.")]
public void UnverifiableReturnUrl() {
Uri returnTo;
Realm realm;
getUnverifiableRP(out returnTo, out realm);
- var consumer = new OpenIdRelyingParty(new ApplicationMemoryStore(), null);
+ var consumer = new OpenIdRelyingParty(new ApplicationMemoryStore(), null, null);
var request = consumer.CreateRequest(TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20), realm, returnTo);
- WebRequest.Create(request.RedirectToProviderUrl).GetResponse(); // the OP should return 500, causing exception here.
+ WebRequest.Create(request.RedirectingResponse.ExtractUrl()).GetResponse(); // the OP should return 500, causing exception here.
}
static void getUnverifiableRP(out Uri returnTo, out Realm realm) {
diff --git a/src/DotNetOpenId.Test/RelyingParty/AuthenticationRequestTests.cs b/src/DotNetOpenId.Test/RelyingParty/AuthenticationRequestTests.cs new file mode 100644 index 0000000..399e4e7 --- /dev/null +++ b/src/DotNetOpenId.Test/RelyingParty/AuthenticationRequestTests.cs @@ -0,0 +1,32 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using DotNetOpenId.RelyingParty;
+using DotNetOpenId.Extensions.SimpleRegistration;
+using DotNetOpenId.Extensions.AttributeExchange;
+
+namespace DotNetOpenId.Test.RelyingParty {
+ [TestFixture]
+ public class AuthenticationRequestTests {
+ IRelyingPartyApplicationStore store;
+ Realm realm = new Realm(TestSupport.GetFullUrl(TestSupport.ConsumerPage).AbsoluteUri);
+ Uri returnTo = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
+
+ [SetUp]
+ public void SetUp() {
+ store = new ApplicationMemoryStore();
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ }
+
+ [Test]
+ public void Provider() {
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(store, null, null);
+ Identifier id = TestSupport.GetFullUrl("xrdsdiscovery/xrds20.aspx");
+ IAuthenticationRequest request = rp.CreateRequest(id, realm, returnTo);
+ Assert.IsNotNull(request.Provider);
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/RelyingParty/AuthenticationResponseTests.cs b/src/DotNetOpenId.Test/RelyingParty/AuthenticationResponseTests.cs index 6cc85ab..7dcb792 100644 --- a/src/DotNetOpenId.Test/RelyingParty/AuthenticationResponseTests.cs +++ b/src/DotNetOpenId.Test/RelyingParty/AuthenticationResponseTests.cs @@ -29,14 +29,16 @@ namespace DotNetOpenId.Test.RelyingParty { [SetUp]
public void SetUp() {
store = new ApplicationMemoryStore();
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
}
Uri getPositiveAssertion(ProtocolVersion version) {
try {
- OpenIdRelyingParty rp = new OpenIdRelyingParty(store, null);
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(store, null, null);
Identifier id = TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, version);
var request = rp.CreateRequest(id, realm, returnTo);
- HttpWebRequest providerRequest = (HttpWebRequest)WebRequest.Create(request.RedirectToProviderUrl);
+ HttpWebRequest providerRequest = (HttpWebRequest)WebRequest.Create(request.RedirectingResponse.ExtractUrl());
providerRequest.AllowAutoRedirect = false;
Uri redirectUrl;
try {
@@ -104,7 +106,7 @@ namespace DotNetOpenId.Test.RelyingParty { // which should cause a failure because the return_to argument
// says that parameter is supposed to be there.
removeQueryParameter(ref assertion, returnToRemovableParameter);
- var response = new OpenIdRelyingParty(store, assertion).Response;
+ var response = new OpenIdRelyingParty(store, assertion, HttpUtility.ParseQueryString(assertion.Query)).Response;
Assert.AreEqual(AuthenticationStatus.Failed, response.Status);
Assert.IsNotNull(response.Exception);
}
@@ -138,7 +140,7 @@ namespace DotNetOpenId.Test.RelyingParty { resign(ref assertion); // resign changed URL to simulate a contrived OP for breaking into RPs.
// (triggers exception) "... you're in trouble up to your ears."
- var response = new OpenIdRelyingParty(store, assertion).Response;
+ var response = new OpenIdRelyingParty(store, assertion, HttpUtility.ParseQueryString(assertion.Query)).Response;
Assert.AreEqual(AuthenticationStatus.Failed, response.Status);
Assert.IsNotNull(response.Exception);
}
diff --git a/src/DotNetOpenId.Test/RelyingParty/IProviderEndpointTests.cs b/src/DotNetOpenId.Test/RelyingParty/IProviderEndpointTests.cs new file mode 100644 index 0000000..04f5873 --- /dev/null +++ b/src/DotNetOpenId.Test/RelyingParty/IProviderEndpointTests.cs @@ -0,0 +1,52 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using DotNetOpenId.RelyingParty;
+using DotNetOpenId.Extensions.SimpleRegistration;
+using DotNetOpenId.Extensions.AttributeExchange;
+
+namespace DotNetOpenId.Test.RelyingParty {
+ [TestFixture]
+ public class IProviderEndpointTests {
+ IRelyingPartyApplicationStore store;
+ Realm realm = new Realm(TestSupport.GetFullUrl(TestSupport.ConsumerPage).AbsoluteUri);
+ Uri returnTo = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
+
+ [SetUp]
+ public void SetUp() {
+ store = new ApplicationMemoryStore();
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ }
+
+ [Test]
+ public void IsExtensionSupportedTest() {
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(store, null, null);
+ Identifier id = TestSupport.GetFullUrl("xrdsdiscovery/xrds20.aspx");
+ IAuthenticationRequest request = rp.CreateRequest(id, realm, returnTo);
+ IProviderEndpoint provider = request.Provider;
+ Assert.IsTrue(provider.IsExtensionSupported<ClaimsRequest>());
+ Assert.IsTrue(provider.IsExtensionSupported(typeof(ClaimsRequest)));
+ Assert.IsFalse(provider.IsExtensionSupported<FetchRequest>());
+ Assert.IsFalse(provider.IsExtensionSupported(typeof(FetchRequest)));
+
+ // Test the AdditionalTypeUris list by pulling from an XRDS page with one of the
+ // TypeURIs that only shows up in that list.
+ id = TestSupport.GetFullUrl("xrdsdiscovery/xrds10.aspx");
+ request = rp.CreateRequest(id, realm, returnTo);
+ Assert.IsTrue(provider.IsExtensionSupported<ClaimsRequest>());
+ Assert.IsTrue(provider.IsExtensionSupported(typeof(ClaimsRequest)));
+ }
+
+ [Test]
+ public void UriTest() {
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(store, null, null);
+ Identifier id = TestSupport.GetFullUrl("xrdsdiscovery/xrds20.aspx");
+ IAuthenticationRequest request = rp.CreateRequest(id, realm, returnTo);
+ IProviderEndpoint provider = request.Provider;
+ Assert.AreEqual(new Uri("http://a/b"), provider.Uri);
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/RelyingParty/OpenIdRelyingPartyTest.cs b/src/DotNetOpenId.Test/RelyingParty/OpenIdRelyingPartyTest.cs index 4a31cbf..a2ca984 100644 --- a/src/DotNetOpenId.Test/RelyingParty/OpenIdRelyingPartyTest.cs +++ b/src/DotNetOpenId.Test/RelyingParty/OpenIdRelyingPartyTest.cs @@ -3,6 +3,7 @@ using DotNetOpenId.RelyingParty; using NUnit.Framework;
using ProviderMemoryStore = DotNetOpenId.AssociationMemoryStore<DotNetOpenId.AssociationRelyingPartyType>;
using System.Web;
+using System.Collections.Specialized;
namespace DotNetOpenId.Test.RelyingParty {
[TestFixture]
@@ -16,6 +17,8 @@ namespace DotNetOpenId.Test.RelyingParty { [SetUp]
public void Setup() {
store = new ApplicationMemoryStore();
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
}
[Test]
@@ -26,25 +29,25 @@ namespace DotNetOpenId.Test.RelyingParty { [Test]
public void CtorWithNullRequestUri() {
- new OpenIdRelyingParty(store, null);
+ new OpenIdRelyingParty(store, null, null);
}
[Test]
public void CtorWithNullStore() {
- var consumer = new OpenIdRelyingParty(null, simpleNonOpenIdRequest);
+ var consumer = new OpenIdRelyingParty(null, simpleNonOpenIdRequest, new NameValueCollection());
}
[Test]
[ExpectedException(typeof(InvalidOperationException))]
public void CreateRequestWithoutContext1() {
- var consumer = new OpenIdRelyingParty(store, simpleNonOpenIdRequest);
+ var consumer = new OpenIdRelyingParty(store, simpleNonOpenIdRequest, new NameValueCollection());
consumer.CreateRequest(simpleOpenId);
}
[Test]
[ExpectedException(typeof(InvalidOperationException))]
public void CreateRequestWithoutContext2() {
- var consumer = new OpenIdRelyingParty(store, simpleNonOpenIdRequest);
+ var consumer = new OpenIdRelyingParty(store, simpleNonOpenIdRequest, new NameValueCollection());
consumer.CreateRequest(simpleOpenId, realm);
}
@@ -52,7 +55,7 @@ namespace DotNetOpenId.Test.RelyingParty { public void AssociationCreationWithStore() {
var providerStore = new ProviderMemoryStore();
- OpenIdRelyingParty rp = new OpenIdRelyingParty(new ApplicationMemoryStore(), null);
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(new ApplicationMemoryStore(), null, null);
var idUrl = TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
DotNetOpenId.RelyingParty.IAuthenticationRequest req;
@@ -70,7 +73,7 @@ namespace DotNetOpenId.Test.RelyingParty { public void NoAssociationRequestWithoutStore() {
var providerStore = new ProviderMemoryStore();
- OpenIdRelyingParty rp = new OpenIdRelyingParty(null, null);
+ OpenIdRelyingParty rp = new OpenIdRelyingParty(null, null, null);
var idUrl = TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
DotNetOpenId.RelyingParty.IAuthenticationRequest req;
@@ -111,10 +114,10 @@ namespace DotNetOpenId.Test.RelyingParty { private static void testExplicitPortOnRealmAndReturnTo(Uri returnTo, Realm realm) {
var identityUrl = TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
- var consumer = new OpenIdRelyingParty(null, null);
+ var consumer = new OpenIdRelyingParty(null, null, null);
var request = consumer.CreateRequest(identityUrl, realm, returnTo);
- Protocol protocol = Protocol.Lookup(request.ProviderVersion);
- var nvc = HttpUtility.ParseQueryString(request.RedirectToProviderUrl.Query);
+ Protocol protocol = Protocol.Lookup(request.Provider.Version);
+ var nvc = HttpUtility.ParseQueryString(request.RedirectingResponse.ExtractUrl().Query);
string realmString = nvc[protocol.openid.Realm];
string returnToString = nvc[protocol.openid.return_to];
bool realmPortExplicitlyGiven = realmString.Contains(":80");
@@ -131,11 +134,11 @@ namespace DotNetOpenId.Test.RelyingParty { public void ReturnToUrlEncodingTest() {
Uri origin = TestSupport.GetFullUrl(TestSupport.ConsumerPage);
var identityUrl = TestSupport.GetIdentityUrl(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20);
- var consumer = new OpenIdRelyingParty(null, null);
+ var consumer = new OpenIdRelyingParty(null, null, null);
var request = consumer.CreateRequest(identityUrl, origin, origin);
- Protocol protocol = Protocol.Lookup(request.ProviderVersion);
+ Protocol protocol = Protocol.Lookup(request.Provider.Version);
request.AddCallbackArguments("a+b", "c+d");
- var requestArgs = HttpUtility.ParseQueryString(request.RedirectToProviderUrl.Query);
+ var requestArgs = HttpUtility.ParseQueryString(request.RedirectingResponse.ExtractUrl().Query);
var returnToArgs = HttpUtility.ParseQueryString(requestArgs[protocol.openid.return_to]);
Assert.AreEqual("c+d", returnToArgs["a+b"]);
}
diff --git a/src/DotNetOpenId.Test/TestSupport.cs b/src/DotNetOpenId.Test/TestSupport.cs index d45aad3..be17494 100644 --- a/src/DotNetOpenId.Test/TestSupport.cs +++ b/src/DotNetOpenId.Test/TestSupport.cs @@ -93,3 +93,16 @@ public class TestSupport { nvc[protocol.openid.sig] = Convert.ToBase64String(assoc.Sign(subsetDictionary, signed));
}
}
+
+static class TestExtensions {
+ /// <summary>
+ /// Gets a URL that can be requested to send an indirect message.
+ /// </summary>
+ public static Uri ExtractUrl(this IResponse message) {
+ DotNetOpenId.Response response = (DotNetOpenId.Response)message;
+ IEncodable encodable = response.EncodableMessage;
+ UriBuilder builder = new UriBuilder(encodable.RedirectUrl);
+ UriUtil.AppendQueryArgs(builder, encodable.EncodedFields);
+ return builder.Uri;
+ }
+}
diff --git a/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs b/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs new file mode 100644 index 0000000..c44354c --- /dev/null +++ b/src/DotNetOpenId.Test/UntrustedWebRequestTests.cs @@ -0,0 +1,93 @@ +using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NUnit.Framework;
+using System.Text.RegularExpressions;
+using System.Net;
+
+namespace DotNetOpenId.Test {
+ [TestFixture]
+ public class UntrustedWebRequestTests {
+ TimeSpan timeoutDefault;
+ [SetUp]
+ public void SetUp() {
+ UntrustedWebRequest.WhitelistHosts.Clear();
+ UntrustedWebRequest.WhitelistHostsRegex.Clear();
+ UntrustedWebRequest.BlacklistHosts.Clear();
+ UntrustedWebRequest.BlacklistHostsRegex.Clear();
+ timeoutDefault = UntrustedWebRequest.Timeout;
+ }
+ [TearDown]
+ public void TearDown() {
+ UntrustedWebRequest.Timeout = timeoutDefault; // in case a test changed it
+ }
+
+ [Test]
+ public void DisallowUnsafeHosts() {
+ string[] unsafeHosts = new [] {
+ // IPv4 loopback representations
+ "http://127.0.0.1",
+ "http://127.100.0.1",
+ "http://127.0.0.100",
+ "http://2130706433", // 127.0.0.1 in decimal format
+ "http://0x7f000001", // 127.0.0.1 in hex format
+ // IPv6 loopback representation
+ "http://[::1]",
+ // disallowed schemes
+ "ftp://ftp.microsoft.com",
+ "xri://boo",
+ };
+ foreach (string unsafeHost in unsafeHosts) {
+ try {
+ UntrustedWebRequest.Request(new Uri(unsafeHost));
+ Assert.Fail("ArgumentException expected but none thrown.");
+ } catch (ArgumentException) {
+ // expected exception caught.
+ }
+ }
+ }
+
+ [Test]
+ public void Whitelist() {
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ // if this works, then we'll be waiting around for localhost to not respond
+ // for a while unless we take the timeout to zero.
+ UntrustedWebRequest.Timeout = TimeSpan.Zero; // will be reset in TearDown method
+ try {
+ UntrustedWebRequest.Request(new Uri("http://localhost:1234"));
+ // We're verifying that an ArgumentException is not thrown
+ // since we requested localhost to be allowed.
+ } catch (WebException) {
+ // It's ok, we're not expecting the request to succeed.
+ }
+ }
+
+ [Test]
+ public void WhitelistRegex() {
+ UntrustedWebRequest.WhitelistHostsRegex.Add(new Regex(@"^127\.\d+\.\d+\.\d+$"));
+ // if this works, then we'll be waiting around for localhost to not respond
+ // for a while unless we take the timeout to zero.
+ UntrustedWebRequest.Timeout = TimeSpan.Zero; // will be reset in TearDown method
+ try {
+ UntrustedWebRequest.Request(new Uri("http://127.0.0.1:1234"));
+ // We're verifying that an ArgumentException is not thrown
+ // since we requested localhost to be allowed.
+ } catch (WebException) {
+ // It's ok, we're not expecting the request to succeed.
+ }
+ }
+
+ [Test, ExpectedException(typeof(ArgumentException))]
+ public void Blacklist() {
+ UntrustedWebRequest.BlacklistHosts.Add("www.microsoft.com");
+ UntrustedWebRequest.Request(new Uri("http://WWW.MICROSOFT.COM"));
+ }
+
+ [Test, ExpectedException(typeof(ArgumentException))]
+ public void BlacklistRegex() {
+ UntrustedWebRequest.BlacklistHostsRegex.Add(new Regex(@"\Wmicrosoft.com$"));
+ UntrustedWebRequest.Request(new Uri("http://WWW.MICROSOFT.COM"));
+ }
+ }
+}
diff --git a/src/DotNetOpenId.Test/UriIdentifierTests.cs b/src/DotNetOpenId.Test/UriIdentifierTests.cs index c8fcf6a..cd42d48 100644 --- a/src/DotNetOpenId.Test/UriIdentifierTests.cs +++ b/src/DotNetOpenId.Test/UriIdentifierTests.cs @@ -13,6 +13,12 @@ namespace DotNetOpenId.Test { string relativeUri = "host/path";
string badUri = "som%-)830w8vf/?.<>,ewackedURI";
+ [SetUp]
+ public void SetUp() {
+ if (!UntrustedWebRequest.WhitelistHosts.Contains("localhost"))
+ UntrustedWebRequest.WhitelistHosts.Add("localhost");
+ }
+
[Test, ExpectedException(typeof(ArgumentNullException))]
public void CtorNullUri() {
new UriIdentifier((Uri)null);
@@ -84,8 +90,7 @@ namespace DotNetOpenId.Test { Assert.AreEqual(expectedLocalId, se.ProviderLocalIdentifier);
Assert.AreEqual(expectSreg ? 2 : 1, se.ProviderSupportedServiceTypeUris.Length);
Assert.IsTrue(Array.IndexOf(se.ProviderSupportedServiceTypeUris, protocol.ClaimedIdentifierServiceTypeURI)>=0);
- if (expectSreg)
- Assert.IsTrue(Array.IndexOf(se.ProviderSupportedServiceTypeUris, Constants.TypeUri) >= 0);
+ Assert.AreEqual(expectSreg, se.IsExtensionSupported(new ClaimsRequest()));
}
void discoverXrds(string page, ProtocolVersion version, Identifier expectedLocalId) {
discover("/xrdsdiscovery/" + page + ".aspx", version, expectedLocalId, true, false);
diff --git a/src/DotNetOpenId.Test/UtilTest.cs b/src/DotNetOpenId.Test/UtilTest.cs index 2f995c5..f6a3dbe 100644 --- a/src/DotNetOpenId.Test/UtilTest.cs +++ b/src/DotNetOpenId.Test/UtilTest.cs @@ -24,5 +24,15 @@ namespace DotNetOpenId.Test { IDictionary<string, string> dict = Util.NameValueCollectionToDictionary(nvc);
Assert.IsTrue(dict["a"] == "b");
}
+
+ [Test]
+ public void NameValueCollectionToDictionaryNull() {
+ Assert.IsNull(Util.NameValueCollectionToDictionary(null));
+ }
+
+ [Test]
+ public void DictionaryToNameValueCollectionNull() {
+ Assert.IsNull(Util.DictionaryToNameValueCollection(null));
+ }
}
}
|