diff options
| author | tailor <cygnus@janrain.com> | 2006-08-25 22:36:31 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2006-08-25 22:36:31 +0000 |
| commit | c5e1f65fbeaaac13e1b25a166df7b23a2061adb0 (patch) | |
| tree | 8e06a1591a46274d798c6a12f5aef0a257ff39c7 /Tests/Auth | |
| parent | 6459176ec9a2c94996fbe14a7428643c7b52e163 (diff) | |
| download | php-openid-c5e1f65fbeaaac13e1b25a166df7b23a2061adb0.zip php-openid-c5e1f65fbeaaac13e1b25a166df7b23a2061adb0.tar.gz php-openid-c5e1f65fbeaaac13e1b25a166df7b23a2061adb0.tar.bz2 | |
[project @ Server-generated and one-way nonces patch from python openid]
Diffstat (limited to 'Tests/Auth')
| -rw-r--r-- | Tests/Auth/OpenID/Consumer.php | 39 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/MemStore.php | 18 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/StoreTest.php | 25 |
3 files changed, 35 insertions, 47 deletions
diff --git a/Tests/Auth/OpenID/Consumer.php b/Tests/Auth/OpenID/Consumer.php index f9e2772..9e71713 100644 --- a/Tests/Auth/OpenID/Consumer.php +++ b/Tests/Auth/OpenID/Consumer.php @@ -22,6 +22,7 @@ require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/KVForm.php'; require_once 'Auth/OpenID/Consumer.php'; require_once 'Auth/OpenID/Server.php'; +require_once 'Auth/OpenID/Nonce.php'; require_once 'Tests/Auth/OpenID/MemStore.php'; require_once 'PHPUnit.php'; @@ -349,18 +350,25 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function setUp() { parent::setUp(); - $this->nonce = "t3stn0nc3"; - $this->store->storeNonce($this->nonce); } - function test_goodNonce() + function test_consumerNonce() { $this->return_to = sprintf('http://rt.unittest/?nonce=%s', - $this->nonce); + Auth_OpenID_mkNonce()); $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, array('openid.return_to' => $this->return_to)); - $ret = $this->consumer->_checkNonce($this->response, $this->nonce); + $ret = $this->consumer->_checkNonce(null, $this->response); + $this->assertEquals($ret->status, Auth_OpenID_SUCCESS); + $this->assertEquals($ret->identity_url, $this->consumer_id); + } + + function test_serverNonce() + { + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, + array('openid.nonce' => Auth_OpenID_mkNonce())); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_SUCCESS); $this->assertEquals($ret->identity_url, $this->consumer_id); } @@ -368,12 +376,13 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function test_badNonce() { // remove the nonce from the store - $this->store->useNonce($this->nonce); - $this->return_to = sprintf('http://rt.unittest/?nonce=%s', - $this->nonce); + $nonce = Auth_OpenID_mkNonce(); + list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); + + $this->store->useNonce($this->server_url, $timestamp, $salt); $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.return_to' => $this->return_to)); - $ret = $this->consumer->_checkNonce($this->response, $this->nonce); + array('openid.nonce' => $nonce)); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); $this->assertTrue(strpos($ret->message, 'Nonce missing from store') === 0); @@ -381,14 +390,12 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function test_tamperedNonce() { - $this->return_to = sprintf('http://rt.unittest/?nonce=HACKED-%s', - $this->nonce); $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.return_to' => $this->return_to)); - $ret = $this->consumer->_checkNonce($this->response, $this->nonce); + array('openid.nonce' => 'malformed')); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); - $this->assertTrue(strpos($ret->message, 'Nonce mismatch') === 0); + $this->assertTrue(strpos($ret->message, 'Malformed nonce') === 0); } function test_missingNonce() @@ -396,7 +403,7 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { // no nonce parameter on the return_to $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, array('openid.return_to' => $this->return_to)); - $ret = $this->consumer->_checkNonce($this->response, $this->nonce); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); $this->assertTrue(strpos($ret->message, diff --git a/Tests/Auth/OpenID/MemStore.php b/Tests/Auth/OpenID/MemStore.php index 660c268..f6c3593 100644 --- a/Tests/Auth/OpenID/MemStore.php +++ b/Tests/Auth/OpenID/MemStore.php @@ -80,23 +80,17 @@ class Tests_Auth_OpenID_MemStore extends Auth_OpenID_OpenIDStore { return $present; } - function storeNonce($nonce) + function useNonce($server_url, $timestamp, $salt) { - if (!in_array($nonce, $this->nonces)) { + $nonce = sprintf("%s%s%s", $server_url, $timestamp, $salt); + if (in_array($nonce, $this->nonces)) { + return false; + } else { $this->nonces[] = $nonce; + return true; } } - function useNonce($nonce) - { - $index = array_search($nonce, $this->nonces); - $present = $index !== false; - if ($present) { - unset($this->nonces[$index]); - } - return $present; - } - function reset() { $this->assocs = array(); diff --git a/Tests/Auth/OpenID/StoreTest.php b/Tests/Auth/OpenID/StoreTest.php index 4487b17..2d4b91d 100644 --- a/Tests/Auth/OpenID/StoreTest.php +++ b/Tests/Auth/OpenID/StoreTest.php @@ -18,6 +18,7 @@ */ require_once 'Auth/OpenID/Association.php'; require_once 'Auth/OpenID/CryptUtil.php'; +require_once 'Auth/OpenID/Nonce.php'; require_once 'Auth/OpenID.php'; require_once 'PHPUnit.php'; @@ -81,14 +82,6 @@ class Tests_Auth_OpenID_StoreTest extends PHPUnit_TestCase { } /** - * Generates a nonce value. - */ - function generateNonce() - { - return Auth_OpenID_CryptUtil::randomString(8, $this->allowed_nonce); - } - - /** * Generates an association with the specified parameters. */ function genAssoc($now, $issued = 0, $lifetime = 600) @@ -298,7 +291,8 @@ explicitly'); function _checkUseNonce(&$store, $nonce, $expected, $msg=null) { - $actual = $store->useNonce($nonce); + list($stamp, $salt) = Auth_OpenID_splitNonce($nonce); + $actual = $store->useNonce($server_url, $stamp, $salt); $expected = $store->isDumb() || $expected; $val = ($actual && $expected) || (!$actual && !$expected); $this->assertTrue($val, "_checkUseNonce failed: $msg"); @@ -309,24 +303,17 @@ explicitly'); // Nonce functions // Random nonce (not in store) - $nonce1 = $this->generateNonce(); + $nonce1 = Auth_OpenID_mkNonce(); - // A nonce is not present by default - $this->_checkUseNonce($store, $nonce1, false, 1); + // A nonce is not allowed by default + $this->_checkUseNonce($store, $nonce1, true, 1); // Storing once causes useNonce to return true the first, and // only the first, time it is called after the $store-> - $store->storeNonce($nonce1); - $this->_checkUseNonce($store, $nonce1, true, 2); $this->_checkUseNonce($store, $nonce1, false, 3); - $this->_checkUseNonce($store, $nonce1, false, 4); // Storing twice has the same effect as storing once. - $store->storeNonce($nonce1); - $store->storeNonce($nonce1); - $this->_checkUseNonce($store, $nonce1, true, 5); $this->_checkUseNonce($store, $nonce1, false, 6); - $this->_checkUseNonce($store, $nonce1, false, 7); // Auth key functions |