diff options
| author | tailor <cygnus@janrain.com> | 2007-12-05 21:43:38 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-12-05 21:43:38 +0000 |
| commit | ee6960fbef50e8dbcc951305d5676d77a2e53f37 (patch) | |
| tree | b451da3223bbcb4f2e12bc5201007efe62255eef | |
| parent | 350de628a743e433c2abf42c0e4d752e8a587984 (diff) | |
| download | php-openid-ee6960fbef50e8dbcc951305d5676d77a2e53f37.zip php-openid-ee6960fbef50e8dbcc951305d5676d77a2e53f37.tar.gz php-openid-ee6960fbef50e8dbcc951305d5676d77a2e53f37.tar.bz2 | |
[project @ Add PAPE tests and update PAPE extension]
| -rw-r--r-- | Auth/OpenID/PAPE.php | 42 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/PAPE.php | 244 | ||||
| -rw-r--r-- | Tests/TestDriver.php | 1 |
3 files changed, 279 insertions, 8 deletions
diff --git a/Auth/OpenID/PAPE.php b/Auth/OpenID/PAPE.php index 214deb1..ba9f9f6 100644 --- a/Auth/OpenID/PAPE.php +++ b/Auth/OpenID/PAPE.php @@ -84,6 +84,11 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { { $obj = new Auth_OpenID_PAPE_Request(); $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI); + + if ($args === null || $args === array()) { + return null; + } + $obj->parseExtensionArgs($args); return $obj; } @@ -112,7 +117,7 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { // max_auth_age is base-10 integer number of seconds $max_auth_age_str = Auth_OpenID::arrayGet($args, 'max_auth_age'); if ($max_auth_age_str) { - $this->max_auth_age = intval($max_auth_age_str); + $this->max_auth_age = Auth_OpenID::intval($max_auth_age_str); } else { $this->max_auth_age = null; } @@ -201,7 +206,13 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { // PAPE requires that the args be signed. $args = $success_response->getSignedNS(Auth_OpenID_PAPE_NS_URI); - if ($obj->parseExtensionArgs($args) === false) { + if ($args === null || $args === array()) { + return null; + } + + $result = $obj->parseExtensionArgs($args); + + if ($result === false) { return null; } else { return $obj; @@ -229,8 +240,17 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { } $nist_level_str = Auth_OpenID::arrayGet($args, 'nist_auth_level'); - if ($nist_level_str) { - $nist_level = intval($nist_level_str); + if ($nist_level_str !== null) { + $nist_level = Auth_OpenID::intval($nist_level_str); + + if ($nist_level === false) { + if ($strict) { + return false; + } else { + $nist_level = null; + } + } + if (0 <= $nist_level && $nist_level < 5) { $this->nist_auth_level = $nist_level; } else if ($strict) { @@ -239,8 +259,8 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { } $auth_age_str = Auth_OpenID::arrayGet($args, 'auth_age'); - if ($auth_age_str) { - $auth_age = intval($auth_age_str); + if ($auth_age_str !== null) { + $auth_age = Auth_OpenID::intval($auth_age_str); if ($auth_age === false) { if ($strict) { return false; @@ -263,7 +283,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { ); if ($this->nist_auth_level !== null) { - if (!in_array($this->nist_auth_level, range(0, 4))) { + if (!in_array($this->nist_auth_level, range(0, 4), true)) { return false; } $ns_args['nist_auth_level'] = strval($this->nist_auth_level); @@ -274,8 +294,14 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { return false; } + $result = Auth_OpenID::intval($this->auth_age); + + if ($result === false) { + return false; + } + $ns_args['auth_age'] = - strval(Auth_OpenID::intval($this->auth_age)); + strval($result); } return $ns_args; diff --git a/Tests/Auth/OpenID/PAPE.php b/Tests/Auth/OpenID/PAPE.php new file mode 100644 index 0000000..52e6c7a --- /dev/null +++ b/Tests/Auth/OpenID/PAPE.php @@ -0,0 +1,244 @@ +<?php + +require_once "PHPUnit.php"; + +require_once "Auth/OpenID/PAPE.php"; +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Server.php"; + +class PapeRequestTestCase extends PHPUnit_TestCase { + function setUp() + { + $this->req = new Auth_OpenID_PAPE_Request(); + } + + function test_construct() + { + $this->assertEquals(array(), $this->req->preferred_auth_policies); + $this->assertEquals(null, $this->req->max_auth_age); + $this->assertEquals('pape', $this->req->ns_alias); + + $req2 = new Auth_OpenID_PAPE_Request(array(PAPE_AUTH_MULTI_FACTOR), 1000); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $req2->preferred_auth_policies); + $this->assertEquals(1000, $req2->max_auth_age); + } + + function test_add_policy_uri() + { + $this->assertEquals(array(), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), + $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), + $this->req->preferred_auth_policies); + } + + function test_getExtensionArgs() { + $this->assertEquals(array('preferred_auth_policies' => ''), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://uri'); + $this->assertEquals(array('preferred_auth_policies' => 'http://uri'), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://zig'); + $this->assertEquals(array('preferred_auth_policies' => 'http://uri http://zig'), $this->req->getExtensionArgs()); + $this->req->max_auth_age = 789; + $this->assertEquals(array('preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'), $this->req->getExtensionArgs()); + } + + function test_parseExtensionArgs() { + $args = array('preferred_auth_policies' => 'http://foo http://bar', + 'max_auth_age' => '9'); + $this->req->parseExtensionArgs($args); + $this->assertEquals(9, $this->req->max_auth_age); + $this->assertEquals(array('http://foo','http://bar'), $this->req->preferred_auth_policies); + } + + function test_parseExtensionArgs_empty() { + $this->req->parseExtensionArgs(array()); + $this->assertEquals(null, $this->req->max_auth_age); + $this->assertEquals(array(), $this->req->preferred_auth_policies); + } + + function test_fromOpenIDRequest() { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.pape' => Auth_OpenID_PAPE_NS_URI, + 'pape.preferred_auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'pape.max_auth_age' => '5476' + )); + $oid_req = new Auth_OpenID_Request(); + $oid_req->message = $openid_req_msg; + $req = Auth_OpenID_PAPE_Request::fromOpenIDRequest($oid_req); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $req->preferred_auth_policies); + $this->assertEquals(5476, $req->max_auth_age); + } + + function test_fromOpenIDRequest_no_pape() { + $message = new Auth_OpenID_Message(); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message = $message; + $pape_req = Auth_OpenID_PAPE_Request::fromOpenIDRequest($openid_req); + $this->assertTrue($pape_req === null); + } + + function test_preferred_types() { + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $pt = $this->req->preferredTypes(array(PAPE_AUTH_MULTI_FACTOR, + PAPE_AUTH_MULTI_FACTOR_PHYSICAL)); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $pt); + } +} + +class PAPE_DummySuccessResponse { + function PAPE_DummySuccessResponse($message, $signed_stuff) + { + $this->message = $message; + $this->signed_stuff = $signed_stuff; + } + + function getSignedNS($ns_uri) + { + return $this->signed_stuff; + } +} + +class PapeResponseTestCase extends PHPUnit_TestCase { + function setUp() { + $this->req = new Auth_OpenID_PAPE_Response(); + } + + function test_construct() { + $this->assertEquals(array(), $this->req->auth_policies); + $this->assertEquals(null, $this->req->auth_age); + $this->assertEquals('pape', $this->req->ns_alias); + $this->assertEquals(null, $this->req->nist_auth_level); + + $req2 = new Auth_OpenID_PAPE_Response(array(PAPE_AUTH_MULTI_FACTOR), 1000, 3); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $req2->auth_policies); + $this->assertEquals(1000, $req2->auth_age); + $this->assertEquals(3, $req2->nist_auth_level); + } + + function test_add_policy_uri() { + $this->assertEquals(array(), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $this->req->auth_policies); + } + + function test_getExtensionArgs() { + $this->assertEquals(array('auth_policies' => ''), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://uri'); + $this->assertEquals(array('auth_policies' => 'http://uri'), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://zig'); + $this->assertEquals(array('auth_policies' => 'http://uri http://zig'), $this->req->getExtensionArgs()); + $this->req->auth_age = 789; + $this->assertEquals(array('auth_policies' => 'http://uri http://zig', 'auth_age' => '789'), $this->req->getExtensionArgs()); + $this->req->nist_auth_level = 3; + $this->assertEquals(array('auth_policies' => 'http://uri http://zig', 'auth_age' => '789', 'nist_auth_level' => '3'), $this->req->getExtensionArgs()); + } + + function test_getExtensionArgs_error_auth_age() { + $this->req->auth_age = "older than the sun"; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->auth_age = -10; + $this->assertEquals(false, $this->req->getExtensionArgs()); + } + + function test_getExtensionArgs_error_nist_auth_level() { + $this->req->nist_auth_level = "high as a kite"; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->nist_auth_level = 5; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->nist_auth_level = -1; + $this->assertEquals(false, $this->req->getExtensionArgs()); + } + + function test_parseExtensionArgs() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_age' => '9'); + $this->req->parseExtensionArgs($args); + $this->assertEquals(9, $this->req->auth_age); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + } + + function test_parseExtensionArgs_empty() { + $this->req->parseExtensionArgs(array()); + $this->assertEquals(null, $this->req->auth_age); + $this->assertEquals(array(), $this->req->auth_policies); + } + + function test_parseExtensionArgs_strict_bogus1() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_age' => 'not too old'); + $this->assertEquals(false, $this->req->parseExtensionArgs($args, true)); + } + + function test_parseExtensionArgs_strict_bogus2() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_age' => '63', + 'nist_auth_level' => 'some'); + $this->assertEquals(false, $this->req->parseExtensionArgs($args, true)); + } + + function test_parseExtensionArgs_strict_good() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_age' => '0', + 'nist_auth_level' => '0'); + $this->req->parseExtensionArgs($args, true); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + $this->assertEquals(0, $this->req->auth_age); + $this->assertEquals(0, $this->req->nist_auth_level); + } + + function test_parseExtensionArgs_nostrict_bogus() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_age' => 'old', + 'nist_auth_level' => 'some'); + $this->req->parseExtensionArgs($args); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + $this->assertEquals(null, $this->req->auth_age); + $this->assertEquals(null, $this->req->nist_auth_level); + } + + function test_fromSuccessResponse() { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'id_res', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.pape' => Auth_OpenID_PAPE_NS_URI, + 'auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'auth_age' => '5476' + )); + $signed_stuff = array( + 'auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'auth_age' => '5476' + ); + $oid_req = new PAPE_DummySuccessResponse($openid_req_msg, $signed_stuff); + $req = Auth_OpenID_PAPE_Response::fromSuccessResponse($oid_req); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $req->auth_policies); + $this->assertEquals(5476, $req->auth_age); + } +} + +class Tests_Auth_OpenID_PAPE extends PHPUnit_TestSuite { + function getName() { + return "Tests_Auth_OpenID_PAPE"; + } + + function Tests_Auth_OpenID_PAPE() { + $this->addTestSuite('PapeRequestTestCase'); + $this->addTestSuite('PapeResponseTestCase'); + } +} + +?> diff --git a/Tests/TestDriver.php b/Tests/TestDriver.php index db2985a..c003efe 100644 --- a/Tests/TestDriver.php +++ b/Tests/TestDriver.php @@ -129,6 +129,7 @@ $_tests = array( 'Negotiation', 'Nonce', 'OpenID_Yadis', + 'PAPE', 'Parse', 'RPVerify', 'Server', |