[project @ message: allow two values for OPENID1_NS]

message: allow two values for OPENID1_NS
Also:
 * fix op_endpoint bug in Server.php
 * always treat OpenID 1 namespace as implicit in messages we create

3 files changed, 170 insertions, 9 deletions

diff --git a/Tests/Auth/OpenID/Consumer.php b/Tests/Auth/OpenID/Consumer.php
index 3f6f9b7..82903d6 100644
--- a/Tests/Auth/OpenID/Consumer.php
+++ b/Tests/Auth/OpenID/Consumer.php
@@ -228,7 +228,6 @@ class Tests_Auth_OpenID_Consumer extends PHPUnit_TestCase {
                           'openid.mode' => $mode,
                           'openid.identity' => $delegate_url,
                           'openid.trust_root' => $trust_root,
-                          'openid.ns' => Auth_OpenID_OPENID1_NS
                           );
 
         if ($consumer->_use_assocs) {
@@ -1556,6 +1555,36 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuth extends _TestIdRes {
             $this->assertTrue($args->getAliasedArg($k));
         }
     }
+
+
+    function test_112()
+    {
+        $args = array('openid.assoc_handle' => 'fa1f5ff0-cde4-11dc-a183-3714bfd55ca8',
+              'openid.claimed_id' => 'http://binkley.lan/user/test01',
+              'openid.identity' => 'http://test01.binkley.lan/',
+              'openid.mode' => 'id_res',
+              'openid.ns' => 'http://specs.openid.net/auth/2.0',
+              'openid.ns.pape' => 'http://specs.openid.net/extensions/pape/1.0',
+              'openid.op_endpoint' => 'http://binkley.lan/server',
+              'openid.pape.auth_policies' => 'none',
+              'openid.pape.auth_time' => '2008-01-28T20 =>42 =>36Z',
+              'openid.pape.nist_auth_level' => '0',
+              'openid.response_nonce' => '2008-01-28T21 =>07 =>04Z99Q=',
+              'openid.return_to' => 'http://binkley.lan =>8001/process?janrain_nonce=2008-01-28T21%3A07%3A02Z0tMIKx',
+              'openid.sig' => 'YJlWH4U6SroB1HoPkmEKx9AyGGg=',
+              'openid.signed' => 'assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint,pape.auth_time,ns.pape,pape.nist_auth_level,pape.auth_policies'
+              );
+        $this->assertEquals(Auth_OpenID_OPENID2_NS, $args['openid.ns']);
+        $incoming = Auth_OpenID_Message::fromPostArgs($args);
+        $this->assertTrue($incoming->isOpenID2());
+        $car = $this->consumer->_createCheckAuthRequest($incoming);
+        $expected_args = $args;
+        $expected_args['openid.mode'] = 'check_authentication';
+        $expected = Auth_OpenID_Message::fromPostArgs($expected_args);
+        $this->assertTrue($expected->isOpenID2());
+        $this->assertEquals($expected, $car);
+        $this->assertEquals($expected_args, $car->toPostArgs());
+    }
 }
 
 class Tests_Auth_OpenID_Consumer_TestFetchAssoc extends PHPUnit_TestCase {
diff --git a/Tests/Auth/OpenID/Message.php b/Tests/Auth/OpenID/Message.php
index e19a69c..7f86848 100644
--- a/Tests/Auth/OpenID/Message.php
+++ b/Tests/Auth/OpenID/Message.php
@@ -70,7 +70,8 @@ class Tests_Auth_OpenID_EmptyMessage extends MessageTest {
     {
         $key = $this->msg->getKey(Auth_OpenID_OPENID_NS, 'foo');
         $this->assertTrue(Auth_OpenID::isFailure($key));
-        $this->msg->setOpenIDNamespace();
+
+        $this->msg->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, false);
         $key = $this->msg->getKey(Auth_OpenID_OPENID_NS, 'foo');
         $this->assertEquals('openid.foo', $key);
     }
@@ -553,7 +554,7 @@ class Tests_Auth_OpenID_OpenID1Message extends MessageTest {
     }
 }
 
-class Tests_Auth_OpenID_OpenID1ExplicitMessage extends MessageTest {
+class Tests_Auth_OpenID_OpenID1ExplicitMessage extends PHPUnit_TestCase {
     function setUp()
     {
         $this->msg = Auth_OpenID_Message::fromPostArgs(array('openid.mode' => 'error',
@@ -564,7 +565,8 @@ class Tests_Auth_OpenID_OpenID1ExplicitMessage extends MessageTest {
     function test_isOpenID1()
     {
         $this->assertTrue($this->msg->isOpenID1());
-        $this->assertFalse($this->msg->namespaces->isImplicit(Auth_OpenID_OPENID1_NS));
+        $this->assertFalse(
+            $this->msg->namespaces->isImplicit(Auth_OpenID_OPENID1_NS));
     }
 
     function test_isOpenID2()
@@ -1100,6 +1102,101 @@ class Tests_Auth_OpenID_GeneralMessageTest extends PHPUnit_TestCase {
         $this->_checkForm($html, $m, $this->action_url,
                           $tag_attrs, $this->submit_text);
     }
+
+    function test_setOpenIDNamespace_invalid()
+    {
+        $m = new Auth_OpenID_Message();
+        $invalid_things = array(
+            // Empty string is not okay here.
+            '',
+            // Good guess!  But wrong.
+            'http://openid.net/signon/2.0',
+            // What?
+            'http://specs%\\\r2Eopenid.net/auth/2.0',
+            // Too much escapings!
+            'http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0',
+            // This is a Type URI, not a openid.ns value.
+            'http://specs.openid.net/auth/2.0/signon',
+            );
+
+        foreach ($invalid_things as $x) {
+            $this->assertTrue($m->setOpenIDNamespace($x, true) === false);
+        }
+    }
+
+    function test_isOpenID1()
+    {
+        $v1_namespaces = array(
+            // Yes, there are two of them.
+            'http://openid.net/signon/1.1',
+            'http://openid.net/signon/1.0',
+                               );
+
+        foreach ($v1_namespaces as $ns) {
+            $m = new Auth_OpenID_Message($ns);
+            $this->assertTrue($m->isOpenID1(),
+                              "$ns not recognized as OpenID 1");
+            $this->assertEquals($ns, $m->getOpenIDNamespace());
+            $this->assertTrue($m->namespaces->isImplicit($ns));
+        }
+    }    
+
+    function test_isOpenID2()
+    {
+        $ns = 'http://specs.openid.net/auth/2.0';
+        $m = new Auth_OpenID_Message($ns);
+        $this->assertTrue($m->isOpenID2());
+        $this->assertFalse(
+            $m->namespaces->isImplicit(Auth_OpenID_NULL_NAMESPACE));
+        $this->assertEquals($ns, $m->getOpenIDNamespace());
+    }
+
+    function test_setOpenIDNamespace_explicit()
+    {
+        $m = new Auth_OpenID_Message();
+        $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, false);
+        $this->assertFalse($m->namespaces->isImplicit(
+            Auth_OpenID_THE_OTHER_OPENID1_NS));
+    }
+
+    function test_setOpenIDNamespace_implicit()
+    {
+        $m = new Auth_OpenID_Message();
+        $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, true);
+        $this->assertTrue(
+            $m->namespaces->isImplicit(Auth_OpenID_THE_OTHER_OPENID1_NS));
+    }
+
+
+    function test_explicitOpenID11NSSerialzation()
+    {
+        $m = new Auth_OpenID_Message();
+        $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, false);
+
+        $post_args = $m->toPostArgs();
+        $this->assertEquals($post_args,
+                            array('openid.ns' =>
+                                  Auth_OpenID_THE_OTHER_OPENID1_NS));
+    }
+
+    function test_fromPostArgs_ns11()
+    {
+        // An example of the stuff that some Drupal installations send us,
+        // which includes openid.ns but is 1.1.
+        $query = array(
+            'openid.assoc_handle' => '',
+            'openid.claimed_id' => 'http://foobar.invalid/',
+            'openid.identity' => 'http://foobar.myopenid.com',
+            'openid.mode' => 'checkid_setup',
+            'openid.ns' => 'http://openid.net/signon/1.1',
+            'openid.ns.sreg' => 'http://openid.net/extensions/sreg/1.1',
+            'openid.return_to' => 'http://drupal.invalid/return_to',
+            'openid.sreg.required' => 'nickname,email',
+            'openid.trust_root' => 'http://drupal.invalid',
+            );
+        $m = Auth_OpenID_Message::fromPostArgs($query);
+        $this->assertTrue($m->isOpenID1());
+    }
 }
 
 class Tests_Auth_OpenID_NamespaceMap extends PHPUnit_TestCase {
diff --git a/Tests/Auth/OpenID/Server.php b/Tests/Auth/OpenID/Server.php
index a52f21a..d73cb8b 100644
--- a/Tests/Auth/OpenID/Server.php
+++ b/Tests/Auth/OpenID/Server.php
@@ -75,8 +75,7 @@ class Tests_Auth_OpenID_Test_ServerError extends PHPUnit_TestCase {
         $this->assertTrue($e->hasReturnTo());
         $expected_args = array(
             'openid.mode' => 'error',
-            'openid.error' => 'plucky',
-            'openid.ns' => Auth_OpenID_OPENID1_NS);
+            'openid.error' => 'plucky');
 
         $encoded = $e->encodeToURL();
         if (Auth_OpenID_isError($encoded)) {
@@ -155,8 +154,7 @@ class Tests_Auth_OpenID_Test_ServerError extends PHPUnit_TestCase {
         $e = new Auth_OpenID_ServerError($args, "plucky");
         $this->assertTrue($e->hasReturnTo());
         $expected_args = array('openid.mode' => 'error',
-                               'openid.error' => 'plucky',
-                               'openid.ns' => Auth_OpenID_OPENID1_NS);
+                               'openid.error' => 'plucky');
 
         $this->assertTrue($e->whichEncoding() == Auth_OpenID_ENCODE_URL);
 
@@ -1247,6 +1245,41 @@ class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase {
         $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError'));
     }
 
+    function test_answerAllowNoEndpointOpenID1()
+    {
+        $identity = 'http://bambam.unittest/';
+        $reqmessage = Auth_OpenID_Message::fromOpenIDArgs(array(
+            'identity' => $identity,
+            'trust_root' => 'http://bar.unittest/',
+            'return_to' => 'http://bar.unittest/999',
+            ));
+        $this->server->op_endpoint = null;
+        $this->request = Auth_OpenID_CheckIDRequest::fromMessage($reqmessage, $this->server);
+        $answer = $this->request->answer(true);
+
+        $expected_list = array('mode' => 'id_res',
+                               'return_to' => $this->request->return_to,
+                               'identity' => $identity,
+                               );
+
+        foreach ($expected_list as $k => $expected) {
+            $actual = $answer->fields->getArg(Auth_OpenID_OPENID_NS, $k);
+            $this->assertEquals($expected, $actual);
+        }
+
+        $this->assertTrue($answer->fields->hasKey(Auth_OpenID_OPENID_NS,
+                                                  'response_nonce'));
+        $this->assertTrue($answer->fields->getOpenIDNamespace(),
+                          Auth_OpenID_OPENID1_NS);
+        $this->assertTrue(
+            $answer->fields->namespaces->isImplicit(Auth_OpenID_OPENID1_NS));
+
+        // One for nonce (OpenID v1 namespace is implicit)
+        $this->assertEquals(count($answer->fields->toPostArgs()),
+                            count($expected_list) + 1,
+                            var_export($answer->fields->toPostArgs(), true));
+    }
+
     function test_answerAllowWithDelegatedIdentityOpenID2()
     {
         // Answer an IDENTIFIER_SELECT case with a delegated
@@ -1392,9 +1425,11 @@ class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase {
         $answer = $this->request->answer(false, $server_url);
 
         $this->assertEquals($answer->request, $this->request);
-        $this->assertEquals(count($answer->fields->toPostArgs()), 3);
+        $this->assertEquals(count($answer->fields->toPostArgs()), 2);
 	$this->assertEquals($answer->fields->getOpenIDNamespace(),
 			    Auth_OpenID_OPENID1_NS);
+        $this->assertTrue(
+                          $answer->fields->namespaces->isImplicit(Auth_OpenID_OPENID1_NS));
         $this->assertEquals($answer->fields->getArg(Auth_OpenID_OPENID_NS, 'mode'),
                             'id_res');
         $this->assertTrue(strpos($answer->fields->getArg(Auth_OpenID_OPENID_NS,