diff options
| author | tailor <cygnus@janrain.com> | 2007-10-16 20:40:40 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-10-16 20:40:40 +0000 |
| commit | 8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289 (patch) | |
| tree | f6c870681a3c4d433572931ddee69935fe5189bd | |
| parent | 4f881d41750bed0df9951a4c12f4c97a8c3833dc (diff) | |
| download | php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.zip php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.tar.gz php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.tar.bz2 | |
[project @ r300: update_url must match openid.realm]
| -rw-r--r-- | Auth/OpenID/AX.php | 21 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/AX.php | 60 |
2 files changed, 81 insertions, 0 deletions
diff --git a/Auth/OpenID/AX.php b/Auth/OpenID/AX.php index a919b26..aeb9f15 100644 --- a/Auth/OpenID/AX.php +++ b/Auth/OpenID/AX.php @@ -7,6 +7,7 @@ require_once "Auth/OpenID/Extension.php"; require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/TrustRoot.php"; define('Auth_OpenID_AX_NS_URI', 'http://openid.net/srv/ax/1.0'); @@ -347,6 +348,26 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { return $result; } + if ($obj->update_url) { + // Update URL must match the openid.realm of the + // underlying OpenID 2 message. + $realm = $message->getArg(Auth_OpenID_OPENID_NS, 'realm', + $message->getArg( + Auth_OpenID_OPENID_NS, + 'return_to')); + + if (!$realm) { + $obj = new Auth_OpenID_AX_Error( + sprintf("Cannot validate update_url %s " . + "against absent realm", $obj->update_url)); + } else if (!Auth_OpenID_TrustRoot::match($realm, + $obj->update_url)) { + $obj = new Auth_OpenID_AX_Error( + sprintf("Update URL %s failed validation against realm %s", + $obj->update_url, $realm)); + } + } + return $obj; } diff --git a/Tests/Auth/OpenID/AX.php b/Tests/Auth/OpenID/AX.php index c2990fe..5487fdd 100644 --- a/Tests/Auth/OpenID/AX.php +++ b/Tests/Auth/OpenID/AX.php @@ -449,6 +449,66 @@ class FetchRequestTest extends PHPUnit_TestCase { $this->msg->parseExtensionArgs($extension_args); $this->assertEquals($extension_args_norm, $this->msg->getExtensionArgs()); } + + function test_openidNoRealm() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://different.site/path', + 'ax.mode' => 'fetch_request', + )); + + $result = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest( + $openid_req_msg); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_openidUpdateURLVerificationError() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'realm' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://different.site/path', + 'ax.mode' => 'fetch_request', + )); + + $result = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req_msg); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_openidUpdateURLVerificationSuccess() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'realm' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://example.com/realm/update_path', + 'ax.mode' => 'fetch_request', + )); + + $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req_msg); + $this->assertFalse(Auth_OpenID_AX::isError($fr)); + } + + function test_openidUpdateURLVerificationSuccessReturnTo() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'return_to' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://example.com/realm/update_path', + 'ax.mode' => 'fetch_request', + )); + + $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req_msg); + $this->assertFalse(Auth_OpenID_AX::isError($fr)); + } } class FetchResponseTest extends PHPUnit_TestCase { |