diff options
| author | tailor <cygnus@janrain.com> | 2007-02-02 00:36:30 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-02-02 00:36:30 +0000 |
| commit | 91d359b432e5402415669a7f323b247db400e4e6 (patch) | |
| tree | 9c3cfe5997f504c7e087dcaed048eaafc27978e8 | |
| parent | 0895e5d309960804da1774c1b84eaeead66bef27 (diff) | |
| download | php-openid-91d359b432e5402415669a7f323b247db400e4e6.zip php-openid-91d359b432e5402415669a7f323b247db400e4e6.tar.gz php-openid-91d359b432e5402415669a7f323b247db400e4e6.tar.bz2 | |
[project @ Added tests from Python test suite]
| -rw-r--r-- | Auth/OpenID/Server.php | 38 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/Server.php | 166 |
2 files changed, 197 insertions, 7 deletions
diff --git a/Auth/OpenID/Server.php b/Auth/OpenID/Server.php index 35fb120..6c60d56 100644 --- a/Auth/OpenID/Server.php +++ b/Auth/OpenID/Server.php @@ -244,6 +244,12 @@ class Auth_OpenID_ServerError { } class Auth_OpenID_NoReturnToError extends Auth_OpenID_ServerError { + function Auth_OpenID_NoReturnToError($message = null, + $text = "No return_to URL available") + { + parent::Auth_OpenID_ServerError($message, $text); + } + function toString() { return "No return_to available"; @@ -269,6 +275,12 @@ class Auth_OpenID_MalformedReturnURL extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_MalformedTrustRoot extends Auth_OpenID_ServerError { + function Auth_OpenID_MalformedTrustRoot($message = null, + $text = "Malformed trust root") + { + parent::Auth_OpenID_ServerError($message, $text); + } + function toString() { return "Malformed trust root"; @@ -670,6 +682,18 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } } + function equals($other) + { + return ( + (is_a($other, 'Auth_OpenID_CheckIDRequest')) && + ($this->namespace == $other->namespace) && + ($this->assoc_handle == $other->assoc_handle) && + ($this->identity == $other->identity) && + ($this->claimed_id == $other->claimed_id) && + ($this->return_to == $other->return_to) && + ($this->trust_root == $other->trust_root)); + } + function fromMessage(&$message, $server) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); @@ -703,7 +727,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { 'claimed_id'); if (!$claimed_id) { return new Auth_OpenID_ServerError($message, - "OpenID 2.0 message contained openid.identity " + + "OpenID 2.0 message contained openid.identity " . "but not claimed_id"); } } else { @@ -796,7 +820,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if (($this->namespace != Auth_OpenID_OPENID1_NS) && (!$this->server->op_endpoint)) { return new Auth_OpenID_ServerError(null, - "server should be constructed with op_endpoint to " + + "server should be constructed with op_endpoint to " . "respond to OpenID 2.0 messages."); } @@ -830,7 +854,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if ($claimed_id && ($this->namespace == Auth_OpenID_OPENID1_NS)) { return new Auth_OpenID_ServerError(null, - "claimed_id is new in OpenID 2.0 and not " + + "claimed_id is new in OpenID 2.0 and not " . "available for ".$this->namespace); } @@ -843,7 +867,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if ($this->identity == Auth_OpenID_IDENTIFIER_SELECT) { if (!$identity) { return new Auth_OpenID_ServerError(null, - "This request uses IdP-driven identifier selection. " + + "This request uses IdP-driven identifier selection. " . "You must supply an identifier in the response."); } @@ -863,7 +887,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } else { if ($identity) { return new Auth_OpenID_ServerError(null, - "This request specified no identity and " + + "This request specified no identity and " . "you supplied ".$identity); } @@ -873,7 +897,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { if (($this->namespace == Auth_OpenID_OPENID1_NS) && ($response_identity === null)) { return new Auth_OpenID_ServerError(null, - "Request was an OpenID 1 request, so response must " + + "Request was an OpenID 1 request, so response must " . "include an identifier."); } @@ -1364,7 +1388,7 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { function Auth_OpenID_UntrustedReturnURL($message, $return_to, $trust_root) { - parent::Auth_OpenID_ServerError($message); + parent::Auth_OpenID_ServerError($message, "Untrusted return_to URL"); $this->return_to = $return_to; $this->trust_root = $trust_root; } diff --git a/Tests/Auth/OpenID/Server.php b/Tests/Auth/OpenID/Server.php index 70129df..e6ea3f4 100644 --- a/Tests/Auth/OpenID/Server.php +++ b/Tests/Auth/OpenID/Server.php @@ -842,6 +842,11 @@ class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase { function _expectAnswer($answer, $identity=null, $claimed_id=null) { + if (is_a($answer, 'Auth_OpenID_ServerError')) { + $this->fail("Got ServerError, expected valid response in ".$this->getName()); + return; + } + $expected_list = array( array('mode', 'id_res'), array('return_to', $this->request->return_to), @@ -884,6 +889,167 @@ class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase { $this->_expectAnswer($answer, $this->request->identity); } + function test_answerAllowDelegatedIdentity() + { + $this->request->claimed_id = 'http://delegating.unittest/'; + $answer = $this->request->answer(true); + $this->_expectAnswer($answer, $this->request->identity, + $this->request->claimed_id); + } + + function test_answerAllowWithoutIdentityReally() + { + $this->request->identity = null; + $answer = $this->request->answer(true); + $this->assertEquals($answer->request, $this->request); + $this->_expectAnswer($answer); + } + + function test_answerAllowAnonymousFail() + { + $this->request->identity = null; + // XXX - Check on this, I think this behavior is legal in + // OpenID 2.0? + // $this->failUnlessRaises( + // ValueError, $this->request->answer, true, identity="=V"); + $this->assertTrue(is_a($this->request->answer(true, null, "=V"), + 'Auth_OpenID_ServerError')); + } + + function test_answerAllowWithIdentity() + { + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $answer = $this->request->answer(true, null, $selected_id); + $this->_expectAnswer($answer, $selected_id); + } + + function test_answerAllowWithDelegatedIdentityOpenID2() + { + // Answer an IDENTIFIER_SELECT case with a delegated + // identifier. claimed_id delegates to selected_id here. + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $claimed_id = 'http://monkeyhat.unittest/'; + $answer = $this->request->answer(true, null, $selected_id, + $claimed_id); + $this->_expectAnswer($answer, $selected_id, $claimed_id); + } + + function test_answerAllowWithDelegatedIdentityOpenID1() + { + // claimed_id parameter doesn't exist in OpenID 1. + $this->request->namespace = Auth_OpenID_OPENID1_NS; + // claimed_id delegates to selected_id here. + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $claimed_id = 'http://monkeyhat.unittest/'; + + $result = $this->request->answer(true, + null, + $selected_id, + $claimed_id); + + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_answerAllowWithAnotherIdentity() + { + // XXX - Check on this, I think this behavior is legal is + // OpenID 2.0? + // $this->failUnlessRaises(ValueError, $this->request->answer, true, + // identity="http://pebbles.unittest/"); + $result = $this->request->answer(true, null, "http://pebbles.unittest/"); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_answerAllowNoIdentityOpenID1() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $this->request->identity = null; + // $this->failUnlessRaises(ValueError, $this->request->answer, true, + // identity=null); + $result = $this->request->answer(true); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_answerAllowForgotEndpoint() + { + $this->server->op_endpoint = null; + // $this->failUnlessRaises(RuntimeError, $this->request->answer, true); + $result = $this->request->answer(true); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_checkIDWithNoIdentityOpenID1() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + + // $this->failUnlessRaises(server->ProtocolError, + // server->CheckIDRequest->fromMessage, + // msg, $this->server); + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_trustRootOpenID1() + { + // Ignore openid.realm in OpenID 1 + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'http://real_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'realm', 'http://fake_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'http://real_trust_root/foo'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue($result->trust_root == 'http://real_trust_root/'); + } + + function test_trustRootOpenID2() + { + // Ignore openid.trust_root in OpenID 2 + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'realm', 'http://real_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'http://fake_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'http://real_trust_root/foo'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue($result->trust_root == 'http://real_trust_root/'); + } + + function test_encodeToURL() + { + $server_url = 'http://openid-server.unittest/'; + $result = $this->request->encodeToURL($server_url); + + $this->assertFalse(is_a($result, 'Auth_OpenID_ServerError')); + + // How to check? How about a round-trip test. + list($base, $result_args) = explode("?", $result, 2); + $args = array(); + parse_str($result_args, $args); + $args = Auth_OpenID::fixArgs($args); + $message = Auth_OpenID_Message::fromPostArgs($args); + + $rebuilt_request = Auth_OpenID_CheckIDRequest::fromMessage($message, + $this->server); + // argh, lousy hack + $this->assertTrue($rebuilt_request->equals($this->request)); + } + function test_answerAllowNoTrustRoot() { $this->request->trust_root = null; |