diff options
| -rw-r--r-- | Auth/OpenID.php | 6 | ||||
| -rw-r--r-- | Auth/OpenID/Consumer.php | 191 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/Consumer.php | 227 |
3 files changed, 270 insertions, 154 deletions
diff --git a/Auth/OpenID.php b/Auth/OpenID.php index 1ca187f..0b5d926 100644 --- a/Auth/OpenID.php +++ b/Auth/OpenID.php @@ -175,8 +175,10 @@ class Auth_OpenID { return $fallback; } } else { - trigger_error("Auth_OpenID::arrayGet expected " . - "array as first parameter", E_USER_WARNING); + trigger_error("Auth_OpenID::arrayGet (key = ".$key.") expected " . + "array as first parameter, got " . + gettype($arr), E_USER_WARNING); + return false; } } diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index 9b2e82c..303150a 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -165,6 +165,7 @@ * Require utility classes and functions for the consumer. */ require_once "Auth/OpenID.php"; +require_once "Auth/OpenID/Message.php"; require_once "Auth/OpenID/HMACSHA1.php"; require_once "Auth/OpenID/Association.php"; require_once "Auth/OpenID/CryptUtil.php"; @@ -377,7 +378,8 @@ class Auth_OpenID_Consumer { $response = new Auth_OpenID_FailureResponse(null, 'No session state found'); } else { - $response = $this->consumer->complete($query, $endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $response = $this->consumer->complete($message, $endpoint); $this->session->del($this->_token_key); } @@ -428,17 +430,21 @@ class Auth_OpenID_DiffieHellmanConsumerSession { function extractSecret($response) { - if (!array_key_exists('dh_server_public', $response)) { + if (!$response->hasKey(Auth_OpenID_OPENID_NS, + 'dh_server_public')) { return null; } - if (!array_key_exists('enc_mac_key', $response)) { + if (!$response->hasKey(Auth_OpenID_OPENID_NS, + 'enc_mac_key')) { return null; } $math =& Auth_OpenID_getMathLib(); - $spub = $math->base64ToLong($response['dh_server_public']); - $enc_mac_key = base64_decode($response['enc_mac_key']); + $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS, + 'dh_server_public')); + $enc_mac_key = base64_decode($response->getArg(Auth_OpenID_OPENID_NS, + 'enc_mac_key')); return $this->dh->xorSecret($spub, $enc_mac_key); } @@ -454,11 +460,12 @@ class Auth_OpenID_PlainTextConsumerSession { function extractSecret($response) { - if (!array_key_exists('mac_key', $response)) { + if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) { return null; } - return base64_decode($response['mac_key']); + return base64_decode($response->getArg(Auth_OpenID_OPENID_NS, + 'mac_key')); } } @@ -516,15 +523,17 @@ class Auth_OpenID_GenericConsumer { return $r; } - function complete($query, $endpoint) + function complete($message, $endpoint) { - $mode = Auth_OpenID::arrayGet($query, 'openid.mode', - '<no mode specified>'); + global $Auth_OpenID_OPENID1_NS; - if ($mode == Auth_OpenID_CANCEL) { + $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', + '<no mode set>'); + + if ($mode == 'cancel') { return new Auth_OpenID_CancelResponse($endpoint); } else if ($mode == 'error') { - $error = Auth_OpenID::arrayGet($query, 'openid.error'); + $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); return new Auth_OpenID_FailureResponse($endpoint, $error); } else if ($mode == 'id_res') { if ($endpoint->identity_url === null) { @@ -532,7 +541,7 @@ class Auth_OpenID_GenericConsumer { "No session state found"); } - $response = $this->_doIdRes($query, $endpoint); + $response = $this->_doIdRes($message, $endpoint); if ($response === null) { return new Auth_OpenID_FailureResponse($endpoint, @@ -554,20 +563,19 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _doIdRes($query, $endpoint) + function _doIdRes($message, $endpoint) { - $user_setup_url = Auth_OpenID::arrayGet($query, - 'openid.user_setup_url'); + $user_setup_url = $message->getArg(Auth_OpenID_OPENID_NS, + 'user_setup_url'); if ($user_setup_url !== null) { return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } - $return_to = Auth_OpenID::arrayGet($query, 'openid.return_to', null); - $server_id2 = Auth_OpenID::arrayGet($query, 'openid.identity', null); - $assoc_handle = Auth_OpenID::arrayGet($query, - 'openid.assoc_handle', null); + $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); + $server_id2 = $message->getArg(Auth_OpenID_OPENID_NS, 'identity'); + $assoc_handle = $message->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); if (($return_to === null) || ($server_id2 === null) || @@ -581,7 +589,17 @@ class Auth_OpenID_GenericConsumer { "Server ID (delegate) mismatch"); } - $signed = Auth_OpenID::arrayGet($query, 'openid.signed'); + $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); + if ($signed) { + $signed_list = explode(",", $signed); + } else { + $signed_list = array(); + } + + $new_signed_list = array(); + foreach ($signed_list as $f) { + $new_signed_list[] = 'openid.'.$f; + } $assoc = $this->store->getAssociation($endpoint->server_url, $assoc_handle); @@ -589,9 +607,9 @@ class Auth_OpenID_GenericConsumer { if ($assoc === null) { // It's not an association we know about. Dumb mode is // our only possible path for recovery. - if ($this->_checkAuth($query, $endpoint->server_url)) { - return new Auth_OpenID_SuccessResponse($endpoint, $query, - $signed); + if ($this->_checkAuth($message, $endpoint->server_url)) { + return new Auth_OpenID_SuccessResponse($endpoint, $message, + $new_signed_list); } else { return new Auth_OpenID_FailureResponse($endpoint, "Server denied check_authentication"); @@ -605,15 +623,13 @@ class Auth_OpenID_GenericConsumer { } // Check the signature - $sig = Auth_OpenID::arrayGet($query, 'openid.sig', null); + $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); if (($sig === null) || ($signed === null)) { return new Auth_OpenID_FailureResponse($endpoint, "Missing argument signature"); } - $signed_list = explode(",", $signed); - //Fail if the identity field is present but not signed if (($endpoint->identity_url !== null) && (!in_array('identity', $signed_list))) { @@ -621,41 +637,41 @@ class Auth_OpenID_GenericConsumer { return new Auth_OpenID_FailureResponse($endpoint, $msg); } - $v_sig = $assoc->signDict($signed_list, $query); + $v_sig = $assoc->signDict($signed_list, $message->toPostArgs()); if ($v_sig != $sig) { return new Auth_OpenID_FailureResponse($endpoint, "Bad signature"); } - return Auth_OpenID_SuccessResponse::fromQuery($endpoint, - $query, $signed); + return new Auth_OpenID_SuccessResponse($endpoint, + $message, $new_signed_list); } /** * @access private */ - function _checkAuth($query, $server_url) + function _checkAuth($message, $server_url) { - $request = $this->_createCheckAuthRequest($query); + $request = $this->_createCheckAuthRequest($message); if ($request === null) { return false; } - $response = $this->_makeKVPost($request, $server_url); - if ($response == null) { + $resp_message = $this->_makeKVPost($request, $server_url); + if ($resp_message == null) { return false; } - return $this->_processCheckAuthResponse($response, $server_url); + return $this->_processCheckAuthResponse($resp_message, $server_url); } /** * @access private */ - function _createCheckAuthRequest($query) + function _createCheckAuthRequest($message) { - $signed = Auth_OpenID::arrayGet($query, 'openid.signed', null); + $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if ($signed === null) { return null; } @@ -667,14 +683,14 @@ class Auth_OpenID_GenericConsumer { $check_args = array(); - foreach ($query as $key => $value) { + foreach ($message->toPostArgs() as $key => $value) { if (in_array(substr($key, 7), $signed)) { $check_args[$key] = $value; } } $check_args['openid.mode'] = 'check_authentication'; - return $check_args; + return Auth_OpenID_Message::fromPostArgs($check_args); } /** @@ -682,10 +698,11 @@ class Auth_OpenID_GenericConsumer { */ function _processCheckAuthResponse($response, $server_url) { - $is_valid = Auth_OpenID::arrayGet($response, 'is_valid', 'false'); + $is_valid = $response->getArg(Auth_OpenID_OPENID_NS, 'is_valid', + 'false'); - $invalidate_handle = Auth_OpenID::arrayGet($response, - 'invalidate_handle'); + $invalidate_handle = $response->getArg(Auth_OpenID_OPENID_NS, + 'invalidate_handle'); if ($invalidate_handle !== null) { $this->store->removeAssociation($server_url, @@ -702,18 +719,9 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _makeKVPost($args, $server_url) + function _makeKVPost($message, $server_url) { - $mode = $args['openid.mode']; - - $pairs = array(); - foreach ($args as $k => $v) { - $v = urlencode($v); - $pairs[] = "$k=$v"; - } - - $body = implode("&", $pairs); - + $body = $message->toURLEncoded(); $resp = $this->fetcher->post($server_url, $body); if ($resp === null) { @@ -728,6 +736,7 @@ class Auth_OpenID_GenericConsumer { return null; } + $response = Auth_OpenID_Message::fromKVForm($resp->body); return $response; } @@ -806,9 +815,9 @@ class Auth_OpenID_GenericConsumer { return null; } - list($assoc_session, $args) = $parts; + list($assoc_session, $message) = $parts; - $response = $this->_makeKVPost($args, $server_url); + $response = $this->_makeKVPost($message, $server_url); if ($response === null) { $assoc = null; @@ -850,7 +859,9 @@ class Auth_OpenID_GenericConsumer { } $args = array_merge($args, $assoc_session->getRequest()); - return array($assoc_session, $args); + $msg = Auth_OpenID_Message::fromPostArgs($args); + + return array($assoc_session, $msg); } /** @@ -862,14 +873,14 @@ class Auth_OpenID_GenericConsumer { 'expires_in'); foreach ($required_keys as $key) { - if (!array_key_exists($key, $results)) { + if (!$results->hasKey(Auth_OpenID_OPENID_NS, $key)) { return null; } } - $assoc_type = $results['assoc_type']; - $assoc_handle = $results['assoc_handle']; - $expires_in_str = $results['expires_in']; + $assoc_type = $results->getArg(Auth_OpenID_OPENID_NS, 'assoc_type'); + $assoc_handle = $results->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); + $expires_in_str = $results->getArg(Auth_OpenID_OPENID_NS, 'expires_in'); if ($assoc_type != 'HMAC-SHA1') { return null; @@ -881,7 +892,7 @@ class Auth_OpenID_GenericConsumer { return null; } - $session_type = Auth_OpenID::arrayGet($results, 'session_type'); + $session_type = $results->getArg(Auth_OpenID_OPENID_NS, 'session_type'); if ($session_type != $assoc_session->session_type) { if ($session_type === null) { $assoc_session = new Auth_OpenID_PlainTextConsumerSession(); @@ -1023,25 +1034,16 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { /** * @access private */ - function Auth_OpenID_SuccessResponse($endpoint, $signed_args) + function Auth_OpenID_SuccessResponse($endpoint, $message, $signed_args=null) { $this->endpoint = $endpoint; $this->identity_url = $endpoint->identity_url; $this->signed_args = $signed_args; - } + $this->message = $message; - /** - * @access private - */ - function fromQuery($endpoint, $query, $signed) - { - $signed_args = array(); - foreach (explode(",", $signed) as $field_name) { - $field_name = 'openid.' . $field_name; - $signed_args[$field_name] = Auth_OpenID::arrayGet($query, - $field_name, ''); + if ($this->signed_args === null) { + $this->signed_args = array(); } - return new Auth_OpenID_SuccessResponse($endpoint, $signed_args); } /** @@ -1050,19 +1052,34 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { * @param string $prefix The extension namespace from which to * extract the extension data. */ - function extensionResponse($prefix) + function extensionResponse($namespace_uri) { - $response = array(); - $prefix = sprintf('openid.%s.', $prefix); - $prefix_len = strlen($prefix); - foreach ($this->signed_args as $k => $v) { - if (strpos($k, $prefix) === 0) { - $response_key = substr($k, $prefix_len); - $response[$response_key] = $v; - } - } + return $this->message->getArgs($namespace_uri); + } - return $response; + function isOpenID1() + { + return $this->message->isOpenID1(); + } + + function isSigned($ns_uri, $ns_key) + { + // Return whether a particular key is signed, regardless of + // its namespace alias + // print_r($this->signed_args); + return in_array($this->message->getKey($ns_uri, $ns_key), + $this->signed_args); + } + + function getSigned($ns_uri, $ns_key, $default = null) + { + // Return the specified signed field if available, otherwise + // return default + if ($this->isSigned($ns_uri, $ns_key)) { + return $this->message->getArg($ns_uri, $ns_key, $default); + } else { + return $default; + } } /** @@ -1077,12 +1094,12 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { */ function getReturnTo() { - return Auth_OpenID::arrayGet($this->signed_args, 'openid.return_to'); + return $this->getSigned(Auth_OpenID_OPENID_NS, 'return_to'); } function getNonce() { - return Auth_OpenID::arrayGet($this->signed_args, 'openid.nonce'); + return $this->getSigned(Auth_OpenID_OPENID_NS, 'nonce'); } } diff --git a/Tests/Auth/OpenID/Consumer.php b/Tests/Auth/OpenID/Consumer.php index 190b23a..ab9b69a 100644 --- a/Tests/Auth/OpenID/Consumer.php +++ b/Tests/Auth/OpenID/Consumer.php @@ -80,7 +80,6 @@ function Auth_OpenID_associate($qs, $assoc_secret, $assoc_handle) } - return Auth_OpenID_KVForm::fromArray($reply_dict); } @@ -214,16 +213,23 @@ class Tests_Auth_OpenID_Consumer extends PHPUnit_TestCase { $assoc = $store->getAssociation($_Auth_OpenID_server_url, $fetcher->assoc_handle); - $assoc->addSignature(array('mode', 'return_to', 'identity'), + $assoc->addSignature(array('mode', 'return_to', + 'assoc_handle', 'identity'), $query); } else { $query['openid.signed'] = - 'assoc_handle,sig,signed'; + 'assoc_handle,mode,signed,identity'; $query['openid.assoc_handle'] = $fetcher->assoc_handle; $query['openid.sig'] = 'fake'; } - $result = $consumer->complete($query, $result->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $consumer->complete($message, $result->endpoint); + + if ($result->status != Auth_OpenID_SUCCESS) { + print $result->message."\n"; + } $this->assertEquals(Auth_OpenID_SUCCESS, $result->status); $this->assertEquals($result->identity_url, $user_url); @@ -337,7 +343,10 @@ class Tests_Auth_OpenID_Consumer_TestSetupNeeded extends _TestIdRes { $query = array( 'openid.mode' => 'id_res', 'openid.user_setup_url' => $setup_url); - $ret = $this->consumer->_doIdRes($query, $this->endpoint); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $ret = $this->consumer->_doIdRes($message, $this->endpoint); $this->assertEquals($ret->status, Auth_OpenID_SETUP_NEEDED); $this->assertEquals($ret->setup_url, $setup_url); } @@ -359,8 +368,11 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { { $this->return_to = sprintf('http://rt.unittest/?nonce=%s', Auth_OpenID_mkNonce()); - $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.return_to' => $this->return_to)); + $query = array('openid.return_to' => $this->return_to); + + $message = Auth_OpenID_Message::fromPostArgs($query); + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, $message, + array('openid.return_to')); $ret = $this->consumer->_checkNonce(null, $this->response); $this->assertEquals($ret->status, Auth_OpenID_SUCCESS); @@ -369,10 +381,14 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function test_serverNonce() { - $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.nonce' => Auth_OpenID_mkNonce())); + $query = array('openid.nonce' => Auth_OpenID_mkNonce()); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, $message, + array('openid.nonce')); $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_SUCCESS); + # print $ret->message."\n"; $this->assertEquals($ret->identity_url, $this->consumer_id); } @@ -383,8 +399,13 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); $this->store->useNonce($this->server_url, $timestamp, $salt); - $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.nonce' => $nonce)); + + $query = array('openid.nonce' => $nonce); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, $message, + array('openid.nonce')); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); @@ -394,8 +415,12 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function test_tamperedNonce() { // Malformed nonce - $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.nonce' => 'malformed')); + $query = array('openid.nonce' => 'malformed'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, $message, + array('openid.nonce')); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); @@ -405,8 +430,12 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { function test_missingNonce() { // no nonce parameter on the return_to - $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, - array('openid.return_to' => $this->return_to)); + $query = array('openid.return_to' => $this->return_to); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->response = new Auth_OpenID_SuccessResponse($this->endpoint, $message, + array('openid.nonce')); + $ret = $this->consumer->_checkNonce($this->server_url, $this->response); $this->assertEquals($ret->status, Auth_OpenID_FAILURE); $this->assertEquals($ret->identity_url, $this->consumer_id); @@ -418,9 +447,9 @@ class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { var $consumer_class = '_CheckAuthDetectingConsumer'; - function _doIdRes($query) + function _doIdRes($message) { - return $this->consumer->_doIdRes($query, $this->endpoint); + return $this->consumer->_doIdRes($message, $this->endpoint); } function test_checkAuthTriggered() @@ -429,7 +458,9 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { 'openid.identity' => $this->server_id, 'openid.assoc_handle' =>'not_found'); - $result = $this->_doIdRes($query); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $this->_doIdRes($message); $error = __getError(); if ($error === null) { @@ -452,7 +483,9 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { 'openid.identity' => $this->server_id, 'openid.assoc_handle' =>'not_found'); - $result = $this->_doIdRes($query); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $this->_doIdRes($message); $error = __getError(); if ($error === null) { @@ -477,7 +510,9 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { 'openid.identity' => $this->server_id, 'openid.assoc_handle' => $handle); - $info = $this->_doIdRes($query); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $info = $this->_doIdRes($message); $this->assertEquals('failure', $info->status); $this->assertEquals($this->consumer_id, $info->identity_url); @@ -508,7 +543,10 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { 'openid.assoc_handle' => $good_handle); $good_assoc->addSignature(array('return_to', 'identity'), $query); - $info = $this->_doIdRes($query); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $info = $this->_doIdRes($message); $this->assertEquals($info->status, 'success'); $this->assertEquals($this->consumer_id, $info->identity_url); } @@ -539,7 +577,9 @@ class Tests_Auth_OpenID_Complete extends _TestIdRes { function test_cancel() { $query = array('openid.mode' => 'cancel'); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_CANCEL); $this->assertTrue($r->identity_url == $this->endpoint->identity_url); } @@ -549,7 +589,8 @@ class Tests_Auth_OpenID_Complete extends _TestIdRes { $msg = 'an error message'; $query = array('openid.mode' =>'error', 'openid.error' => $msg); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_FAILURE); $this->assertTrue($r->identity_url == $this->endpoint->identity_url); $this->assertEquals($r->message, $msg); @@ -558,7 +599,8 @@ class Tests_Auth_OpenID_Complete extends _TestIdRes { function test_noMode() { $query = array(); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_FAILURE); $this->assertTrue($r->identity_url == $this->endpoint->identity_url); } @@ -566,7 +608,8 @@ class Tests_Auth_OpenID_Complete extends _TestIdRes { function test_idResMissingField() { $query = array('openid.mode' => 'id_res'); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_FAILURE); $this->assertEquals($r->identity_url, $this->consumer_id); } @@ -577,7 +620,8 @@ class Tests_Auth_OpenID_Complete extends _TestIdRes { 'openid.return_to' => 'return_to (just anything)', 'openid.identity' => 'something wrong (not this->consumer_id)', 'openid.assoc_handle' => 'does not matter'); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_FAILURE); $this->assertEquals($r->identity_url, $this->consumer_id); $this->assertTrue(strpos($r->message, 'delegate') !== false); @@ -601,7 +645,8 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { { // successful response to check_authentication $response = array('is_valid' => 'true'); - $r = $this->consumer->_processCheckAuthResponse($response, $this->server_url); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertTrue($r); } @@ -610,7 +655,8 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { // check_authentication returns false when the server sends no // answer $response = array(); - $r = $this->consumer->_processCheckAuthResponse($response, $this->server_url); + $message = Auth_OpenID_Message::fromPostArgs($response); + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertFalse($r); } @@ -618,7 +664,9 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { { // check_authentication returns false when is_valid is false $response = array('is_valid' => 'false'); - $r = $this->consumer->_processCheckAuthResponse($response, $this->server_url); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertFalse($r); } @@ -630,7 +678,9 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { $response = array('is_valid' => 'false', 'invalidate_handle' => 'handle'); - $r = $this->consumer->_processCheckAuthResponse($response, + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertFalse($r); $this->assertTrue( @@ -643,7 +693,9 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { $response = array('is_valid' => 'true', 'invalidate_handle' => 'missing'); - $r = $this->consumer->_processCheckAuthResponse($response, $this->server_url); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertTrue($r); } @@ -654,7 +706,9 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { $response = array('is_valid' => 'true', 'invalidate_handle' => 'handle'); - $r = $this->consumer->_processCheckAuthResponse($response, $this->server_url); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); $this->assertTrue($r); $this->assertTrue( $this->consumer->store->getAssociation($this->server_url) === null); @@ -664,7 +718,7 @@ class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { class _IdResFetchFailingConsumer extends Auth_OpenID_GenericConsumer { var $message = 'fetch failed'; - function _doIdRes($query, $endpoint) + function _doIdRes($message, $endpoint) { return new Auth_OpenID_FailureResponse($endpoint, $this->message); @@ -677,7 +731,8 @@ class Tests_Auth_OpenID_FetchErrorInIdRes extends _TestIdRes { function test_idResFailure() { $query = array('openid.mode' => 'id_res'); - $r = $this->consumer->complete($query, $this->endpoint); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint); $this->assertEquals($r->status, Auth_OpenID_FAILURE); $this->assertEquals($r->identity_url, $this->consumer_id); $this->assertEquals($this->consumer->message, $r->message); @@ -697,8 +752,10 @@ class _ExceptionRaisingMockFetcher { } class _BadArgCheckingConsumer extends Auth_OpenID_GenericConsumer { - function _makeKVPost($args, $tmp) + function _makeKVPost($message, $tmp) { + $args = $message->toPostArgs(); + if ($args != array( 'openid.mode' => 'check_authentication', 'openid.signed' => 'foo')) { @@ -725,7 +782,9 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuth extends _TestIdRes { array(), "blah:blah\n"); $query = array('openid.signed' => 'stuff, things'); - $r = $this->consumer->_checkAuth($query, $_Auth_OpenID_server_url); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $r = $this->consumer->_checkAuth($message, $_Auth_OpenID_server_url); if ($r !== false) { $this->fail("Expected _checkAuth result to be false"); } @@ -737,7 +796,10 @@ class Tests_Auth_OpenID_Consumer_TestCheckAuth extends _TestIdRes { 'closid.foo' => 'something'); $consumer = new _BadArgCheckingConsumer($this->store); - $consumer->_checkAuth($query, 'does://not.matter'); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $consumer->_checkAuth($message, 'does://not.matter'); $this->assertEquals(__getError(), E_ASSERTION_ERROR); } } @@ -757,7 +819,10 @@ class Tests_Auth_OpenID_Consumer_TestFetchAssoc extends PHPUnit_TestCase { 404, array(), "blah:blah\n"); - $r = $this->consumer->_makeKVPost(array('openid.mode' => 'associate'), + $query = array('openid.mode' => 'associate'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $r = $this->consumer->_makeKVPost($message, "http://server_url"); if ($r !== null) { $this->fail("Expected _makeKVPost result to be null"); @@ -768,7 +833,10 @@ class Tests_Auth_OpenID_Consumer_TestFetchAssoc extends PHPUnit_TestCase { { $this->consumer->fetcher = new _ExceptionRaisingMockFetcher(); - $this->consumer->_makeKVPost(array('openid.mode' => 'associate'), + $query = array('openid.mode' => 'associate'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->_makeKVPost($message, "http://server_url"); if (__getError() !== E_MOCK_FETCHER_EXCEPTION) { @@ -779,7 +847,10 @@ class Tests_Auth_OpenID_Consumer_TestFetchAssoc extends PHPUnit_TestCase { // exception fetching returns no association $this->assertEquals(@$this->consumer->_getAssociation('some://url'), null); - $this->consumer->_checkAuth(array('openid.signed' => ''), + $query = array('openid.signed' => ''); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->_checkAuth($message, 'some://url'); if (__getError() !== E_MOCK_FETCHER_EXCEPTION) { @@ -797,7 +868,7 @@ class Tests_Auth_OpenID_AuthRequest extends PHPUnit_TestCase { $this->endpoint->server_url = 'http://server.unittest/'; $this->assoc =& $this; $this->assoc->handle = 'assoc@handle'; - $this->authreq = new Auth_OpenID_AuthRequest($this->endpoint, $this->assoc); + $this->authreq = new Auth_OpenID_AuthRequest($this->assoc, $this->endpoint); } function test_addExtensionArg() @@ -808,9 +879,9 @@ class Tests_Auth_OpenID_AuthRequest extends PHPUnit_TestCase { array('openid.bag.color' => 'brown', 'openid.bag.material' => 'paper')); $url = $this->authreq->redirectURL('http://7.utest/', 'http://7.utest/r'); - $this->failUnless(strpos($url, 'openid.bag.color=brown') !== false, + $this->assertTrue(strpos($url, 'openid.bag.color=brown') !== false, 'extension arg not found in '.$url); - $this->failUnless(strpos($url, 'openid.bag.material=paper') !== false, + $this->assertTrue(strpos($url, 'openid.bag.material=paper') !== false, 'extension arg not found in '.$url); } } @@ -824,28 +895,39 @@ class Tests_Auth_OpenID_SuccessResponse extends PHPUnit_TestCase { function test_extensionResponse() { - $resp = SuccessResponse($this->endpoint, array( + $uri = "http://bogus.unittest/1.0"; + + $query = array( + 'openid.ns.unittest' => $uri, 'openid.unittest.one' => '1', 'openid.unittest.two' =>'2', 'openid.sreg.nickname' => 'j3h', - 'openid.return_to' => 'return_to')); + 'openid.return_to' => 'return_to'); - $utargs = $resp->extensionResponse('unittest'); + $message = Auth_OpenID_Message::fromPostArgs($query); + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $message); + + $utargs = $resp->extensionResponse($uri); $this->assertEquals($utargs, array('one' => '1', 'two' => '2')); - $sregargs = $resp->extensionResponse('sreg'); + $sregargs = $resp->extensionResponse(Auth_OpenID_SREG_URI); $this->assertEquals($sregargs, array('nickname' => 'j3h')); } function test_noReturnTo() { - $resp = SuccessResponse($this->endpoint, array()); - $this->failUnless($resp->getReturnTo() === null); + $message = Auth_OpenID_Message::fromPostArgs(array()); + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $message); + $this->assertTrue($resp->getReturnTo() === null); } function test_returnTo() { - $resp = SuccessResponse($this->endpoint, - array('openid.return_to' => 'return_to')); + $query = array('openid.return_to' => 'return_to'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, + $message, array('openid.return_to')); + $this->assertEquals($resp->getReturnTo(), 'return_to'); } } @@ -862,13 +944,15 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { function test_missing() { // Missing required arguments - $result = $this->consumer->_parseAssociation(array(), null, 'server_url'); + $message = Auth_OpenID_Message::fromPostArgs(array()); + $result = $this->consumer->_parseAssociation($message, null, 'server_url'); $this->assertTrue($result === null); } function _setUpDH() { - list($sess, $args) = $this->consumer->_createAssociateRequest($this->server_url); + list($sess, $message) = $this->consumer->_createAssociateRequest($this->server_url); + $args = $message->toPostArgs(); $server_sess = Auth_OpenID_DiffieHellmanServerSession::fromQuery($args); $server_resp = $server_sess->answer($this->secret); $server_resp['assoc_type'] = 'HMAC-SHA1'; @@ -886,7 +970,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'assoc_handle' => 'ahandle', 'expires_in' => '1000' ); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertEquals($ret->secret, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" . @@ -900,7 +985,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { return; } list($sess, $server_resp) = $this->_setUpDH(); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret !== null); $this->assertEquals($ret->assoc_type, 'HMAC-SHA1'); @@ -917,7 +1003,9 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'assoc_type' => 'Crazy Low Prices!!!', 'expires_in' => '1000' ); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret === null); } @@ -930,7 +1018,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'assoc_type' => 'HMAC-SHA1', 'expires_in' => 'Crazy Low Prices!!!' ); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret === null); } @@ -944,7 +1033,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'expires_in' => '1000', 'session_type' => '|/iA6rA' ); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret === null); } @@ -962,7 +1052,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'expires_in' => '1000', 'mac_key' => base64_encode($this->secret)); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret !== null); $this->assertEquals($ret->assoc_type, 'HMAC-SHA1'); @@ -984,7 +1075,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { 'assoc_handle' => 'handle', 'expires_in' => '1000'); - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret === null); } @@ -996,7 +1088,8 @@ class Tests_Auth_OpenID_ParseAssociation extends _TestIdRes { } list($sess, $server_resp) = $this->_setUpDH(); $server_resp['enc_mac_key'] = "\x00\x00\x00"; - $ret = $this->consumer->_parseAssociation($server_resp, $sess, + $message = Auth_OpenID_Message::fromOpenIDArgs($server_resp); + $ret = $this->consumer->_parseAssociation($message, $sess, 'server_url'); $this->assertTrue($ret === null); } @@ -1018,7 +1111,7 @@ class _StubConsumer { return $auth_req; } - function complete($query, $endpoint) + function complete($message, $endpoint) { return $this->response; } @@ -1109,8 +1202,9 @@ class Tests_Auth_OpenID_ConsumerTest2 extends PHPUnit_TestCase { function test_noDiscoCompleteSuccessWithToken() { + $message = Auth_OpenID_Message::fromPostArgs(array()); $this->_doRespNoDisco(new Auth_OpenID_SuccessResponse($this->endpoint, - array())); + $message)); } function test_noDiscoCompleteCancelWithToken() @@ -1156,9 +1250,10 @@ class Tests_Auth_OpenID_ConsumerTest2 extends PHPUnit_TestCase { // Cancel and success DO clean up the discovery process function test_completeSuccess() { + $message = Auth_OpenID_Message::fromPostArgs(array()); $this->_doRespDisco(true, new Auth_OpenID_SuccessResponse($this->endpoint, - array())); + $message)); } function test_completeCancel() @@ -1206,10 +1301,12 @@ $Tests_Auth_OpenID_Consumer_other = array( new Tests_Auth_OpenID_Consumer_TestFetchAssoc(), new Tests_Auth_OpenID_Consumer_CheckNonceTest(), new Tests_Auth_OpenID_Complete(), + new Tests_Auth_OpenID_SuccessResponse(), new Tests_Auth_OpenID_CheckAuthResponse(), new Tests_Auth_OpenID_FetchErrorInIdRes(), new Tests_Auth_OpenID_ParseAssociation(), - new Tests_Auth_OpenID_ConsumerTest2() + new Tests_Auth_OpenID_ConsumerTest2(), + new Tests_Auth_OpenID_AuthRequest() ); ?>
\ No newline at end of file |