init("1423261515703355186607439952816216983770". "5735494988446894302176757360889904836136". "0422513557553514790045512299468953431585". "3008125488594198571710943663581589034331". "6791551733211386105974742540867014420109". "9811846875730766487278261498262568348338". "4764372005569983660877797099908075182915". "81860338635288400119293970087" ); } return $num; } $ALT_GEN = 5; function arrayToString($arr) { $s = "Array("; $parts = array(); foreach ($arr as $k => $v) { if (is_array($v)) { $v = arrayToString($v); } $parts[] = sprintf("%s => %s", $k, $v); } $s .= implode(", ", $parts); $s .= ")"; return $s; } function _Auth_OpenID_NotAuthorized() { return false; } class Tests_Auth_OpenID_Test_ServerError extends PHPUnit_TestCase { function test_browserWithReturnTo() { $return_to = "http://rp.unittest/consumer"; // will be a ProtocolError raised by Decode or CheckIDRequest.answer $args = array( 'openid.mode' => 'monkeydance', 'openid.identity' => 'http://wagu.unittest/', 'openid.return_to' => $return_to); $e = new Auth_OpenID_ServerError( Auth_OpenID_Message::fromPostArgs($args), "plucky"); $this->assertTrue($e->hasReturnTo()); $expected_args = array( 'openid.mode' => 'error', 'openid.error' => 'plucky'); $encoded = $e->encodeToURL(); if (Auth_OpenID_isError($encoded)) { $this->fail($encoded->toString()); return; } list($rt_base, $_result_args) = explode("?", $e->encodeToURL(), 2); $result_args = array(); parse_str($_result_args, $result_args); $result_args = Auth_OpenID::fixArgs($result_args); $this->assertEquals($result_args, $expected_args); } function test_noReturnTo() { // will be a ProtocolError raised by Decode or CheckIDRequest.answer $args = array( 'openid.mode' => 'zebradance', 'openid.identity' => 'http://wagu.unittest/'); $e = new Auth_OpenID_ServerError( Auth_OpenID_Message::fromPostArgs($args), "waffles"); $this->assertFalse($e->hasReturnTo()); $expected = "error:waffles\nmode:error\n"; $this->assertEquals($e->encodeToKVForm(), $expected); } } class Tests_Auth_OpenID_Test_Decode extends PHPUnit_TestCase { function setUp() { $this->id_url = "http://decoder.am.unittest/"; $this->rt_url = "http://rp.unittest/foobot/?qux=zam"; $this->tr_url = "http://rp.unittest/"; $this->assoc_handle = "{assoc}{handle}"; $this->decoder = new Auth_OpenID_Decoder(); } function test_none() { $args = array(); $r = $this->decoder->decode($args); $this->assertEquals($r, null); } function test_irrelevant() { $args = array( 'pony' => 'spotted', 'sreg.mutant_power' => 'decaffinator'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } function test_bad() { $args = array( 'openid.mode' => 'twos-compliment', 'openid.pants' => 'zippered'); // Be sure that decoding the args returns an error. $result = $this->decoder->decode($args); $this->assertTrue(Auth_OpenID_isError($result)); } function test_checkidImmediate() { $args = array( 'openid.mode' => 'checkid_immediate', 'openid.identity' => $this->id_url, 'openid.assoc_handle' => $this->assoc_handle, 'openid.return_to' => $this->rt_url, 'openid.trust_root' => $this->tr_url, # should be ignored 'openid.some.extension' => 'junk'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); $this->assertEquals($r->mode, "checkid_immediate"); $this->assertEquals($r->immediate, true); $this->assertEquals($r->identity, $this->id_url); $this->assertEquals($r->trust_root, $this->tr_url); $this->assertEquals($r->return_to, $this->rt_url); $this->assertEquals($r->assoc_handle, $this->assoc_handle); } function test_checkidSetup() { $args = array( 'openid.mode' => 'checkid_setup', 'openid.identity' => $this->id_url, 'openid.assoc_handle' => $this->assoc_handle, 'openid.return_to' => $this->rt_url, 'openid.trust_root' => $this->tr_url); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); $this->assertEquals($r->mode, "checkid_setup"); $this->assertEquals($r->immediate, false); $this->assertEquals($r->identity, $this->id_url); $this->assertEquals($r->trust_root, $this->tr_url); $this->assertEquals($r->return_to, $this->rt_url); } function test_checkidSetupNoIdentity() { $args = array( 'openid.mode' => 'checkid_setup', 'openid.assoc_handle' => $this->assoc_handle, 'openid.return_to' => $this->rt_url, 'openid.trust_root' => $this->tr_url); $result = $this->decoder->decode($args); if (Auth_OpenID_isError($result)) { $this->assertTrue($result->message); } else { $this->fail(sprintf("Expected Auth_OpenID_Error, instead " . "returned with %s", gettype($result))); } } function test_checkidSetupNoReturn() { $args = array( 'openid.mode' => 'checkid_setup', 'openid.identity' => $this->id_url, 'openid.assoc_handle' => $this->assoc_handle, 'openid.trust_root' => $this->tr_url); $result = $this->decoder->decode($args); if (!Auth_OpenID_isError($result)) { $this->fail("Expected Auth_OpenID_Error"); } } function test_checkidSetupBadReturn() { $args = array( 'openid.mode' => 'checkid_setup', 'openid.identity' => $this->id_url, 'openid.assoc_handle' => $this->assoc_handle, 'openid.return_to' => 'not a url'); $result = $this->decoder->decode($args);; if (Auth_OpenID_isError($result)) { $this->assertTrue($result->message); } else { $this->fail(sprintf("Expected ProtocolError, instead " . "returned with %s", gettype($result))); } } function test_checkAuth() { $args = array( 'openid.mode' => 'check_authentication', 'openid.assoc_handle' => '{dumb}{handle}', 'openid.sig' => 'sigblob', 'openid.signed' => 'foo,bar,mode', 'openid.foo' => 'signedval1', 'openid.bar' => 'signedval2', 'openid.baz' => 'unsigned'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_CheckAuthRequest')); $this->assertEquals($r->mode, 'check_authentication'); $this->assertEquals($r->sig, 'sigblob'); } function test_checkAuthMissingSignedField() { $args = array( 'openid.mode' => 'check_authentication', 'openid.assoc_handle' => '{dumb}{handle}', 'openid.sig' => 'sigblob', 'openid.signed' => 'foo,bar,mode', 'openid.foo' => 'signedval1', 'openid.baz' => 'unsigned'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } function test_checkAuthMissingSignature() { $args = array( 'openid.mode' => 'check_authentication', 'openid.assoc_handle' => '{dumb}{handle}', 'openid.signed' => 'foo,bar,mode', 'openid.foo' => 'signedval1', 'openid.bar' => 'signedval2', 'openid.baz' => 'unsigned'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } function test_checkAuthAndInvalidate() { $args = array( 'openid.mode' => 'check_authentication', 'openid.assoc_handle' => '{dumb}{handle}', 'openid.invalidate_handle' => '[[SMART_handle]]', 'openid.sig' => 'sigblob', 'openid.signed' => 'foo,bar,mode', 'openid.foo' => 'signedval1', 'openid.bar' => 'signedval2', 'openid.baz' => 'unsigned'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_CheckAuthRequest')); $this->assertEquals($r->invalidate_handle, '[[SMART_handle]]'); } function test_associateDH() { if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { print "Skipping test associateDH (no math support)\n"; return; } $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "Rzup9265tw=="); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); $this->assertEquals($r->mode, "associate"); $this->assertEquals($r->session->session_type, "DH-SHA1"); $this->assertEquals($r->assoc_type, "HMAC-SHA1"); $this->assertTrue($r->session->consumer_pubkey); } function test_associateDHMissingKey() { if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { print "Skipping test associateDHMissingKey (no math support)\n"; return; } $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1'); // Using DH-SHA1 without supplying dh_consumer_public is an error. $result = $this->decoder->decode($args); if (!Auth_OpenID_isError($result)) { $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", gettype($result))); } } /** * XXX: Cannot produce a value to break base64_decode function test_associateDHpubKeyNotB64() { $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "donkeydonkeydonkey"); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } */ function test_associateDHModGen() { if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { print "No math support: not running test_associateDHModGen\n"; return; } global $ALT_GEN; // test dh with non-default but valid values for dh_modulus // and dh_gen $lib =& Auth_OpenID_getMathLib(); $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "Rzup9265tw==", 'openid.dh_modulus' => $lib->longToBase64(altModulus()), 'openid.dh_gen' => $lib->longToBase64($ALT_GEN)); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); $this->assertEquals($r->mode, "associate"); $this->assertEquals($r->session->session_type, "DH-SHA1"); $this->assertEquals($r->assoc_type, "HMAC-SHA1"); $this->assertTrue($lib->cmp($r->session->dh->mod, altModulus()) === 0); $this->assertTrue($lib->cmp($r->session->dh->gen, $ALT_GEN) === 0); $this->assertTrue($r->session->consumer_pubkey); } /** * XXX: Can't test invalid base64 values for mod and gen because * PHP's base64 decoder is much too forgiving or just plain * broken. function test_associateDHCorruptModGen() { // test dh with non-default but valid values for dh_modulus // and dh_gen $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "Rzup9265tw==", 'openid.dh_modulus' => 'pizza', 'openid.dh_gen' => 'gnocchi'); $r = $this->decoder->decode($args); print_r($r); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } */ function test_associateDHMissingModGen() { if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { print "No math support: not running test_associateDHModGen\n"; return; } // test dh with non-default but valid values for dh_modulus // and dh_gen $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "Rzup9265tw==", 'openid.dh_modulus' => 'pizza'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } function test_associateWeirdSession() { $args = array( 'openid.mode' => 'associate', 'openid.session_type' => 'FLCL6', 'openid.dh_consumer_public' => "YQ==\n"); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); } function test_associatePlain() { $args = array('openid.mode' => 'associate'); $r = $this->decoder->decode($args); $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); $this->assertEquals($r->mode, "associate"); $this->assertEquals($r->session->session_type, "plaintext"); $this->assertEquals($r->assoc_type, "HMAC-SHA1"); } function test_nomode() { $args = array( 'openid.session_type' => 'DH-SHA1', 'openid.dh_consumer_public' => "my public keeey"); $result = $this->decoder->decode($args); if (!Auth_OpenID_isError($result)) { $this->fail(sprintf("Expected Auth_OpenID_Error", gettype($result))); } } } class Tests_Auth_OpenID_Test_Encode extends PHPUnit_TestCase { function setUp() { $this->encoder = new Auth_OpenID_Encoder(); $this->encode = $this->encoder; } function test_id_res() { $request = new Auth_OpenID_CheckIDRequest( 'http://bombom.unittest/', 'http://burr.unittest/', 'http://burr.unittest/999', false); $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs( array( 'mode' => 'id_res', 'identity' => $request->identity, 'return_to' => $request->return_to)); $webresponse = $this->encoder->encode($response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); $this->assertTrue(array_key_exists('location', $webresponse->headers)); $location = $webresponse->headers['location']; $this->assertTrue(strpos($location, $request->return_to) === 0); // "%s does not start with %s" % ($location, // $request->return_to)); $parsed = parse_url($location); $query = array(); $query = Auth_OpenID::parse_str($parsed['query']); $expected = $response->fields->toPostArgs(); $this->assertEquals($query, $expected); } function test_cancel() { $request = new Auth_OpenID_CheckIDRequest( 'http://bombom.unittest/', 'http://burr.unittest/', 'http://burr.unittest/999', false); $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'cancel')); $webresponse = $this->encoder->encode($response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); $this->assertTrue(array_key_exists('location', $webresponse->headers)); } function test_assocReply() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $message = new Auth_OpenID_Message(); $request = Auth_OpenID_AssociateRequest::fromMessage($message); $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs( array('assoc_handle' => "every-zig")); $webresponse = $this->encoder->encode($response); $body = "assoc_handle:every-zig\n"; $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); $this->assertEquals($webresponse->headers, array()); $this->assertEquals($webresponse->body, $body); } } function test_checkauthReply() { $request = new Auth_OpenID_CheckAuthRequest('a_sock_monkey', 'siggggg', array()); $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'is_valid' => 'true', 'invalidate_handle' => 'xXxX:xXXx')); $body = "invalidate_handle:xXxX:xXXx\nis_valid:true\n"; $webresponse = $this->encoder->encode($response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); $this->assertEquals($webresponse->headers, array()); $this->assertEquals($webresponse->body, $body); } function test_unencodableError() { $args = array('openid.identity' => 'http://limu.unittest/'); $e = new Auth_OpenID_ServerError(Auth_OpenID_Message::fromPostArgs($args), "wet paint"); $result = $this->encoder->encode($e); if (!Auth_OpenID_isError($result, 'Auth_OpenID_EncodingError')) { $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", gettype($result))); } } function test_encodableError() { $args = array( 'openid.mode' => 'associate', 'openid.identity' => 'http://limu.unittest/'); $body="error:snoot\nmode:error\n"; $err = new Auth_OpenID_ServerError(Auth_OpenID_Message::fromPostArgs($args), "snoot"); $webresponse = $this->encoder->encode($err); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_ERROR); $this->assertEquals($webresponse->headers, array()); $this->assertEquals($webresponse->body, $body); } } class Tests_Auth_OpenID_SigningEncode extends PHPUnit_TestCase { function setUp() { // Use filestore here instead of memstore $this->store = new Tests_Auth_OpenID_MemStore(); $this->request = new Auth_OpenID_CheckIDRequest( 'http://bombom.unittest/', 'http://burr.unittest/', 'http://burr.unittest/999', false); $this->response = new Auth_OpenID_ServerResponse($this->request); $this->response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'mode' => 'id_res', 'identity' => $this->request->identity, 'return_to' => $this->request->return_to)); $this->signatory = new Auth_OpenID_Signatory($this->store); $this->dumb_key = $this->signatory->dumb_key; $this->normal_key = $this->signatory->normal_key; $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory); } function test_idres() { $assoc_handle = '{bicycle}{shed}'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->normal_key, $assoc); $this->request->assoc_handle = $assoc_handle; $webresponse = $this->encoder->encode($this->response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); $this->assertTrue(array_key_exists('location', $webresponse->headers)); $location = $webresponse->headers['location']; $parsed = parse_url($location); $query = array(); parse_str($parsed['query'], $query); $query = Auth_OpenID::fixArgs($query); $this->assertTrue(array_key_exists('openid.sig', $query)); $this->assertTrue(array_key_exists('openid.assoc_handle', $query)); $this->assertTrue(array_key_exists('openid.signed', $query)); } function test_idresDumb() { $webresponse = $this->encoder->encode($this->response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); $this->assertTrue(array_key_exists('location', $webresponse->headers)); $location = $webresponse->headers['location']; $parsed = parse_url($location); $query = array(); parse_str($parsed['query'], $query); $query = Auth_OpenID::fixArgs($query); $this->assertTrue(array_key_exists('openid.sig', $query)); $this->assertTrue(array_key_exists('openid.assoc_handle', $query)); $this->assertTrue(array_key_exists('openid.signed', $query)); } function test_forgotStore() { $this->encoder->signatory = null; $result = $this->encoder->encode($this->response); if (!is_a($result, 'Auth_OpenID_ServerError')) { $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", gettype($result))); } } function test_cancel() { $request = new Auth_OpenID_CheckIDRequest( 'http://bombom.unittest/', 'http://burr.unittest/', 'http://burr.unittest/999', false); $response = new Auth_OpenID_ServerResponse($request, 'cancel'); $webresponse = $this->encoder->encode($response); $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); $this->assertTrue(array_key_exists('location', $webresponse->headers)); $location = $webresponse->headers['location']; $parsed = parse_url($location); $query = array(); parse_str($parsed['query'], $query); $query = Auth_OpenID::fixArgs($query); $this->assertFalse(array_key_exists('openid.sig', $query)); } function test_assocReply() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $message = new Auth_OpenID_Message(); $request = Auth_OpenID_AssociateRequest::fromMessage($message); $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs( array('assoc_handle' => "every-zig")); $webresponse = $this->encoder->encode($response); $body = "assoc_handle:every-zig\n"; $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); $this->assertEquals($webresponse->headers, array()); $this->assertEquals($webresponse->body, $body); } } function test_alreadySigned() { $this->response->fields->setArg(Auth_OpenID_OPENID_NS, 'sig', 'priorSig=='); $result = $this->encoder->encode($this->response); if (!is_a($result, 'Auth_OpenID_AlreadySigned')) { $this->fail(sprintf("Expected Auth_OpenID_AlreadySigned " . "instance, got %s", gettype($result))); } } } class Tests_Auth_OpenID_CheckID extends PHPUnit_TestCase { function setUp() { $this->request = new Auth_OpenID_CheckIDRequest( 'http://bambam.unittest/', 'http://bar.unittest/999', 'http://bar.unittest/', false); $this->request->namespace = Auth_OpenID_OPENID1_NS; } function test_trustRootInvalid() { $this->request->trust_root = "http://foo.unittest/17"; $this->request->return_to = "http://foo.unittest/39"; $this->assertFalse($this->request->trustRootValid()); } function test_trustRootValid() { $this->request->trust_root = "http://foo.unittest/"; $this->request->return_to = "http://foo.unittest/39"; $this->assertTrue($this->request->trustRootValid()); } function test_answerToInvalidRoot() { $this->request->trust_root = "http://foo.unittest/17"; $this->request->return_to = "http://foo.unittest/39"; $result = $this->request->answer(true); if (!is_a($result, 'Auth_OpenID_UntrustedReturnURL')) { $this->fail(sprintf("Expected Auth_OpenID_UntrustedReturnURL, " . "got %s", gettype($result))); } $this->assertTrue($this->request->answer(false)); } function test_answerAllow() { $answer = $this->request->answer(true); if (Auth_OpenID_isError($answer)) { $this->fail($answer->toString()); return; } $this->assertEquals($answer->request, $this->request); $this->assertEquals($answer->fields->getArgs(Auth_OpenID_OPENID1_NS), array( 'mode' => 'id_res', 'identity' => $this->request->identity, 'return_to' => $this->request->return_to)); } function test_answerAllowNoTrustRoot() { $this->request->trust_root = null; $answer = $this->request->answer(true); $this->assertEquals($answer->request, $this->request); $this->assertEquals($answer->fields->getArgs(Auth_OpenID_OPENID1_NS), array( 'mode' => 'id_res', 'identity' => $this->request->identity, 'return_to' => $this->request->return_to)); } function test_answerImmediateDeny() { $this->request->mode = 'checkid_immediate'; $this->request->namespace = Auth_OpenID_OPENID1_NS; $this->request->immediate = true; $server_url = "http://setup-url.unittest/"; $answer = $this->request->answer(false, $server_url); $this->assertEquals($answer->request, $this->request); $this->assertEquals(count($answer->fields->toPostArgs()), 2); $this->assertEquals($answer->fields->getArg(Auth_OpenID_OPENID_NS, 'mode'), 'id_res'); $this->assertTrue(strpos($answer->fields->getArg(Auth_OpenID_OPENID_NS, 'user_setup_url'), $server_url) == 0); } function test_answerSetupDeny() { $answer = $this->request->answer(false); $this->assertEquals($answer->fields->getArgs(Auth_OpenID_OPENID1_NS), array('mode' => 'cancel')); } function test_getCancelURL() { $url = $this->request->getCancelURL(); $expected = $this->request->return_to . '?openid.mode=cancel'; $this->assertEquals($url, $expected); } function test_getCancelURLimmed() { $this->request->mode = 'checkid_immediate'; $this->request->immediate = true; $result = $this->request->getCancelURL(); if (!is_a($result, 'Auth_OpenID_ServerError')) { $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", gettype($result))); } } } class _MockSignatory { var $isValid = true; function _MockSignatory($assoc) { $this->assocs = array($assoc); } function verify($assoc_handle, $message) { if (!$message->hasKey(Auth_OpenID_OPENID_NS, 'sig')) { return false; } if (in_array(array(true, $assoc_handle), $this->assocs)) { return $this->isValid; } else { return false; } } function getAssociation($assoc_handle, $dumb) { if (in_array(array($dumb, $assoc_handle), $this->assocs)) { // This isn't a valid implementation for many uses of this // function, mind you. return true; } else { return null; } } function invalidate($assoc_handle, $dumb) { if (in_array(array($dumb, $assoc_handle), $this->assocs)) { $i = 0; foreach ($this->assocs as $pair) { if ($pair == array($dumb, $assoc_handle)) { unset($this->assocs[$i]); break; } $i++; } } } } class Tests_Auth_OpenID_CheckAuth extends PHPUnit_TestCase { function setUp() { $this->assoc_handle = 'mooooooooo'; $this->message = Auth_OpenID_Message::fromPostArgs( array('openid.sig' => 'signarture', 'one' => 'alpha', 'two' => 'beta')); $this->request = new Auth_OpenID_CheckAuthRequest( $this->assoc_handle, $this->message); $this->signatory = new _MockSignatory(array(true, $this->assoc_handle)); } function test_valid() { $this->request->namespace = Auth_OpenID_OPENID1_NS; $r = $this->request->answer($this->signatory); $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), array('is_valid' => 'true')); $this->assertEquals($r->request, $this->request); } function test_invalid() { $this->request->namespace = Auth_OpenID_OPENID1_NS; $this->signatory->isValid = false; $r = $this->request->answer($this->signatory); $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), array('is_valid' => 'false')); } function test_replay() { $this->request->namespace = Auth_OpenID_OPENID1_NS; $r = $this->request->answer($this->signatory); $r = $this->request->answer($this->signatory); $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), array('is_valid' => 'false')); } function test_invalidatehandle() { $this->request->namespace = Auth_OpenID_OPENID1_NS; $this->request->invalidate_handle = "bogusHandle"; $r = $this->request->answer($this->signatory); $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), array('is_valid' => 'true', 'invalidate_handle' => "bogusHandle")); $this->assertEquals($r->request, $this->request); } function test_invalidatehandleNo() { $this->request->namespace = Auth_OpenID_OPENID1_NS; $assoc_handle = 'goodhandle'; $this->signatory->assocs[] = array(false, 'goodhandle'); $this->request->invalidate_handle = $assoc_handle; $r = $this->request->answer($this->signatory); $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), array('is_valid' => 'true')); } } class Tests_Auth_OpenID_Associate extends PHPUnit_TestCase { // TODO: test DH with non-default values for modulus and gen. // (important to do because we actually had it broken for a // while.) function setUp() { $message = new Auth_OpenID_Message(); $this->request = Auth_OpenID_AssociateRequest::fromMessage($message); $this->store = new Tests_Auth_OpenID_MemStore(); $this->signatory = new Auth_OpenID_Signatory($this->store); $this->assoc = $this->signatory->createAssociation(false); } function test_dh() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $dh = new Auth_OpenID_DiffieHellman(); $ml =& Auth_OpenID_getMathLib(); $cpub = $dh->public; $session = new Auth_OpenID_DiffieHellmanSHA1ServerSession( new Auth_OpenID_DiffieHellman(), $cpub); $this->request = new Auth_OpenID_AssociateRequest($session); $response = $this->request->answer($this->assoc); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), "HMAC-SHA1"); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), $this->assoc->handle); $this->assertFalse( $response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key")); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "session_type"), "DH-SHA1"); $this->assertTrue( $response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); $this->assertTrue( $response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); $enc_key = base64_decode( $response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); $spub = $ml->base64ToLong( $response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); $secret = $dh->xorSecret($spub, $enc_key, $session->hash_func); $this->assertEquals($secret, $this->assoc->secret); } } function test_plaintext() { $response = $this->request->answer($this->assoc); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), "HMAC-SHA1"); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), $this->assoc->handle); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "expires_in"), sprintf("%d", $this->signatory->SECRET_LIFETIME)); $this->assertEquals( $response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key"), base64_encode($this->assoc->secret)); $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "session_type")); $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); } } class Counter { function Counter() { $this->count = 0; } function inc() { $this->count += 1; } } class Tests_Auth_OpenID_ServerTest extends PHPUnit_TestCase { function setUp() { $this->store = new Tests_Auth_OpenID_MemStore(); $this->server = new Auth_OpenID_Server($this->store); } function test_associate() { if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $message = new Auth_OpenID_Message(); $request = Auth_OpenID_AssociateRequest::fromMessage($message); $response = $this->server->openid_associate($request); $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, 'assoc_handle')); } } function test_checkAuth() { $request = new Auth_OpenID_CheckAuthRequest('arrrrrf', '0x3999', array()); $response = $this->server->openid_check_authentication($request); $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, 'is_valid')); } } class Tests_Auth_OpenID_Signatory extends PHPUnit_TestCase { function setUp() { $this->store =& new Tests_Auth_OpenID_MemStore(); $this->signatory =& new Auth_OpenID_Signatory($this->store); $this->dumb_key = $this->signatory->dumb_key; $this->normal_key = $this->signatory->normal_key; } function test_sign() { $request = new Auth_OpenID_ServerRequest(); $request->namespace = Auth_OpenID_OPENID1_NS; $assoc_handle = '{assoc}{lookatme}'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->normal_key, $assoc); $request->assoc_handle = $assoc_handle; $request->namespace = Auth_OpenID_OPENID1_NS; $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'foo' => 'amsigned', 'bar' => 'notsigned', 'azu' => 'alsosigned')); $sresponse = $this->signatory->sign($response); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'), $assoc_handle); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), 'assoc_handle,azu,bar,foo,signed'); $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); } function test_signDumb() { $request = new Auth_OpenID_ServerRequest(); $request->assoc_handle = null; $request->namespace = Auth_OpenID_OPENID1_NS; $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'foo' => 'amsigned', 'bar' => 'notsigned', 'azu' => 'alsosigned')); $sresponse = $this->signatory->sign($response); $assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $this->assertTrue($assoc_handle); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), 'assoc_handle,azu,bar,foo,signed'); $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); } function test_signExpired() { $request = new Auth_OpenID_ServerRequest(); $assoc_handle = '{assoc}{lookatme}'; $assoc = Auth_OpenID_Association::fromExpiresIn(-10, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->normal_key, $assoc); $this->assertTrue($this->store->getAssociation($this->normal_key, $assoc_handle)); $request->assoc_handle = $assoc_handle; $request->namespace = Auth_OpenID_OPENID1_NS; $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'foo' => 'amsigned', 'bar' => 'notsigned', 'azu' => 'alsosigned')); $sresponse = $this->signatory->sign($response); $new_assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $this->assertTrue($new_assoc_handle); $this->assertFalse($new_assoc_handle == $assoc_handle); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'invalidate_handle'), $assoc_handle); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), 'assoc_handle,azu,bar,foo,invalidate_handle,signed'); $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); // make sure the expired association is gone $this->assertFalse($this->store->getAssociation($this->normal_key, $assoc_handle)); // make sure the new key is a dumb mode association $this->assertTrue($this->store->getAssociation($this->dumb_key, $new_assoc_handle)); $this->assertFalse($this->store->getAssociation($this->normal_key, $new_assoc_handle)); } function test_signInvalidHandle() { $request = new Auth_OpenID_ServerRequest(); $assoc_handle = '{bogus-assoc}{notvalid}'; $request->assoc_handle = $assoc_handle; $request->namespace = Auth_OpenID_OPENID1_NS; $response = new Auth_OpenID_ServerResponse($request); $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( 'foo' => 'amsigned', 'bar' => 'notsigned', 'azu' => 'alsosigned')); $response->signed = array('foo', 'azu'); $sresponse = $this->signatory->sign($response); $new_assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle'); $this->assertTrue($new_assoc_handle); $this->assertFalse($new_assoc_handle == $assoc_handle); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'invalidate_handle'), $assoc_handle); $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), 'assoc_handle,azu,bar,foo,invalidate_handle,signed'); $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); // make sure the new key is a dumb mode association $this->assertTrue($this->store->getAssociation($this->dumb_key, $new_assoc_handle)); $this->assertFalse($this->store->getAssociation($this->normal_key, $new_assoc_handle)); } function test_verify() { $assoc_handle = '{vroom}{zoom}'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->dumb_key, $assoc); $signed = Auth_OpenID_Message::fromPostArgs(array( 'openid.foo' => 'bar', 'openid.apple' => 'orange', 'openid.assoc_handle' => $assoc_handle, 'openid.signed' => 'apple,assoc_handle,foo,signed', 'openid.sig' => 'uXoT1qm62/BB09Xbj98TQ8mlBco=')); $verified = $this->signatory->verify($assoc_handle, $signed); $this->assertTrue($verified); } function test_verifyBadSig() { $assoc_handle = '{vroom}{zoom}'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->dumb_key, $assoc); $signed = Auth_OpenID_Message::fromPostArgs(array( 'openid.foo' => 'bar', 'openid.apple' => 'orange', 'openid.assoc_handle' => $assoc_handle, 'openid.signed' => 'apple,assoc_handle,foo,signed', 'openid.sig' => str_rot13('uXoT1qm62/BB09Xbj98TQ8mlBco='))); $verified = $this->signatory->verify($assoc_handle, $signed); $this->assertFalse($verified); } function test_verifyBadHandle() { $assoc_handle = '{vroom}{zoom}'; $signed = Auth_OpenID_Message::fromPostArgs( array('foo' => 'bar', 'apple' => 'orange', 'openid.sig' => "Ylu0KcIR7PvNegB/K41KpnRgJl0=")); $verified = $this->signatory->verify($assoc_handle, $signed); $this->assertFalse($verified); } function test_getAssoc() { $assoc_handle = $this->makeAssoc(true); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $this->assertEquals($assoc->handle, $assoc_handle); } function test_getAssocExpired() { $assoc_handle = $this->makeAssoc(true, -10); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertFalse($assoc); } function test_getAssocInvalid() { $ah = 'no-such-handle'; $this->assertEquals( $this->signatory->getAssociation($ah, false), null); } function test_getAssocDumbVsNormal() { $assoc_handle = $this->makeAssoc(true); $this->assertEquals( $this->signatory->getAssociation($assoc_handle, false), null); } function test_createAssociation() { $assoc = $this->signatory->createAssociation(false); $this->assertTrue($this->signatory->getAssociation($assoc->handle, false)); } function makeAssoc($dumb, $lifetime = 60) { $assoc_handle = '{bling}'; $assoc = Auth_OpenID_Association::fromExpiresIn( $lifetime, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation((($dumb) ? $this->dumb_key : $this->normal_key), $assoc); return $assoc_handle; } function test_invalidate() { $assoc_handle = '-squash-'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->dumb_key, $assoc); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertTrue($assoc); $this->signatory->invalidate($assoc_handle, true); $assoc = $this->signatory->getAssociation($assoc_handle, true); $this->assertFalse($assoc); } } class Tests_Auth_OpenID_Server extends PHPUnit_TestSuite { function getName() { return "Tests_Auth_OpenID_Server"; } function Tests_Auth_OpenID_Server() { $this->addTestSuite('Tests_Auth_OpenID_Signatory'); $this->addTestSuite('Tests_Auth_OpenID_ServerTest'); if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { $this->addTestSuite('Tests_Auth_OpenID_Associate'); } $this->addTestSuite('Tests_Auth_OpenID_CheckAuth'); $this->addTestSuite('Tests_Auth_OpenID_CheckIDExtension'); $this->addTestSuite('Tests_Auth_OpenID_CheckAuth'); $this->addTestSuite('Tests_Auth_OpenID_SigningEncode'); $this->addTestSuite('Tests_Auth_OpenID_Test_Encode'); $this->addTestSuite('Tests_Auth_OpenID_Test_Decode'); $this->addTestSuite('Tests_Auth_OpenID_Test_ServerError'); $this->addTestSuite('Tests_Auth_OpenID_CheckID'); } } ?>