##// END OF EJS Templates
jro_apps » redmine
RSS
Link to watched issues list on my page....
Link to watched issues list on my page. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2457 e93f8b46-1217-0410-a6f0-8f06a7374b81
Eric Davis - - Load All Authors

File last commit:

r2376:f70be197e0ae
r2396:5bdd4291624c
Show More
test_idres.rb
906 lines | 30.8 KiB | text/x-ruby | RubyLexer
/ vendor / gems / ruby-openid-2.1.4 / test / test_idres.rb
History | Source | Raw |Copy content |Copy permalink
Eric Davis
Unpacked OpenID gem. #699...
 r2376 require "testutil"
require "util"
require "test/unit"
require "openid/consumer/idres"
require "openid/protocolerror"
require "openid/store/memory"
require "openid/store/nonce"
module OpenID
class Consumer
class IdResHandler
# Subclass of IdResHandler that doesn't do verification upon
# construction. All of the tests call this, except for the ones
# explicitly for id_res.
class IdResHandler < OpenID::Consumer::IdResHandler
def id_res
end
end
class CheckForFieldsTest < Test::Unit::TestCase
include ProtocolErrorMixin
BASE_FIELDS = ['return_to', 'assoc_handle', 'sig', 'signed']
OPENID2_FIELDS = BASE_FIELDS + ['op_endpoint']
OPENID1_FIELDS = BASE_FIELDS + ['identity']
OPENID1_SIGNED = ['return_to', 'identity']
OPENID2_SIGNED =
OPENID1_SIGNED + ['response_nonce', 'claimed_id', 'assoc_handle']
def mkMsg(ns, fields, signed_fields)
msg = Message.new(ns)
fields.each do |field|
msg.set_arg(OPENID_NS, field, "don't care")
end
if fields.member?('signed')
msg.set_arg(OPENID_NS, 'signed', signed_fields.join(','))
end
msg
end
1.times do # so as not to bleed into the outer namespace
n = 0
[[],
['foo'],
['bar', 'baz'],
].each do |signed_fields|
test = lambda do
msg = mkMsg(OPENID2_NS, OPENID2_FIELDS, signed_fields)
idres = IdResHandler.new(msg, nil)
assert_equal(signed_fields, idres.send(:signed_list))
# Do it again to make sure logic for caching is correct
assert_equal(signed_fields, idres.send(:signed_list))
end
define_method("test_signed_list_#{n += 1}", test)
end
end
# test all missing fields for OpenID 1 and 2
1.times do
[["openid1", OPENID1_NS, OPENID1_FIELDS],
["openid2", OPENID2_NS, OPENID2_FIELDS],
].each do |ver, ns, all_fields|
all_fields.each do |field|
test = lambda do
fields = all_fields.dup
fields.delete(field)
msg = mkMsg(ns, fields, [])
idres = IdResHandler.new(msg, nil)
assert_protocol_error("Missing required field #{field}") {
idres.send(:check_for_fields)
}
end
define_method("test_#{ver}_check_missing_#{field}", test)
end
end
end
# Test all missing signed for OpenID 1 and 2
1.times do
[["openid1", OPENID1_NS, OPENID1_FIELDS, OPENID1_SIGNED],
["openid2", OPENID2_NS, OPENID2_FIELDS, OPENID2_SIGNED],
].each do |ver, ns, all_fields, signed_fields|
signed_fields.each do |signed_field|
test = lambda do
fields = signed_fields.dup
fields.delete(signed_field)
msg = mkMsg(ns, all_fields, fields)
# Make sure the signed field is actually in the request
msg.set_arg(OPENID_NS, signed_field, "don't care")
idres = IdResHandler.new(msg, nil)
assert_protocol_error("#{signed_field.inspect} not signed") {
idres.send(:check_for_fields)
}
end
define_method("test_#{ver}_check_missing_signed_#{signed_field}", test)
end
end
end
def test_112
args = {'openid.assoc_handle' => 'fa1f5ff0-cde4-11dc-a183-3714bfd55ca8',
'openid.claimed_id' => 'http://binkley.lan/user/test01',
'openid.identity' => 'http://test01.binkley.lan/',
'openid.mode' => 'id_res',
'openid.ns' => 'http://specs.openid.net/auth/2.0',
'openid.ns.pape' => 'http://specs.openid.net/extensions/pape/1.0',
'openid.op_endpoint' => 'http://binkley.lan/server',
'openid.pape.auth_policies' => 'none',
'openid.pape.auth_time' => '2008-01-28T20:42:36Z',
'openid.pape.nist_auth_level' => '0',
'openid.response_nonce' => '2008-01-28T21:07:04Z99Q=',
'openid.return_to' => 'http://binkley.lan:8001/process?janrain_nonce=2008-01-28T21%3A07%3A02Z0tMIKx',
'openid.sig' => 'YJlWH4U6SroB1HoPkmEKx9AyGGg=',
'openid.signed' => 'assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint,pape.auth_time,ns.pape,pape.nist_auth_level,pape.auth_policies'
}
assert_equal(args['openid.ns'], OPENID2_NS)
incoming = Message.from_post_args(args)
assert(incoming.is_openid2)
idres = IdResHandler.new(incoming, nil)
car = idres.send(:create_check_auth_request)
expected_args = args.dup
expected_args['openid.mode'] = 'check_authentication'
expected = Message.from_post_args(expected_args)
assert(expected.is_openid2)
assert_equal(expected, car)
assert_equal(expected_args, car.to_post_args)
end
def test_no_signed_list
msg = Message.new(OPENID2_NS)
idres = IdResHandler.new(msg, nil)
assert_protocol_error("Response missing signed") {
idres.send(:signed_list)
}
end
def test_success_openid1
msg = mkMsg(OPENID1_NS, OPENID1_FIELDS, OPENID1_SIGNED)
idres = IdResHandler.new(msg, nil)
assert_nothing_raised {
idres.send(:check_for_fields)
}
end
end
class ReturnToArgsTest < Test::Unit::TestCase
include OpenID::ProtocolErrorMixin
def check_return_to_args(query)
idres = IdResHandler.new(Message.from_post_args(query), nil)
class << idres
def verify_return_to_base(unused)
end
end
idres.send(:verify_return_to)
end
def assert_bad_args(msg, query)
assert_protocol_error(msg) {
check_return_to_args(query)
}
end
def test_return_to_args_okay
assert_nothing_raised {
check_return_to_args({
'openid.mode' => 'id_res',
'openid.return_to' => 'http://example.com/?foo=bar',
'foo' => 'bar',
})
}
end
def test_unexpected_arg_okay
assert_bad_args("Unexpected parameter", {
'openid.mode' => 'id_res',
'openid.return_to' => 'http://example.com/',
'foo' => 'bar',
})
end
def test_return_to_mismatch
assert_bad_args('Message missing ret', {
'openid.mode' => 'id_res',
'openid.return_to' => 'http://example.com/?foo=bar',
})
assert_bad_args("Parameter 'foo' val", {
'openid.mode' => 'id_res',
'openid.return_to' => 'http://example.com/?foo=bar',
'foo' => 'foos',
})
end
end
class ReturnToVerifyTest < Test::Unit::TestCase
def test_bad_return_to
return_to = "http://some.url/path?foo=bar"
m = Message.new(OPENID1_NS)
m.set_arg(OPENID_NS, 'mode', 'cancel')
m.set_arg(BARE_NS, 'foo', 'bar')
# Scheme, authority, and path differences are checked by
# IdResHandler.verify_return_to_base. Query args checked by
# IdResHandler.verify_return_to_args.
[
# Scheme only
"https://some.url/path?foo=bar",
# Authority only
"http://some.url.invalid/path?foo=bar",
# Path only
"http://some.url/path_extra?foo=bar",
# Query args differ
"http://some.url/path?foo=bar2",
"http://some.url/path?foo2=bar",
].each do |bad|
m.set_arg(OPENID_NS, 'return_to', bad)
idres = IdResHandler.new(m, return_to)
assert_raises(ProtocolError) {
idres.send(:verify_return_to)
}
end
end
def test_good_return_to
base = 'http://example.janrain.com/path'
[ [base, {}],
[base + "?another=arg", {'another' => 'arg'}],
[base + "?another=arg#frag", {'another' => 'arg'}],
['HTTP'+base[4..-1], {}],
[base.sub('com', 'COM'), {}],
['http://example.janrain.com:80/path', {}],
['http://example.janrain.com/p%61th', {}],
['http://example.janrain.com/./path',{}],
].each do |return_to, args|
args['openid.return_to'] = return_to
msg = Message.from_post_args(args)
idres = IdResHandler.new(msg, base)
assert_nothing_raised {
idres.send(:verify_return_to)
}
end
end
end
class DummyEndpoint
attr_accessor :server_url
def initialize(server_url)
@server_url = server_url
end
end
class CheckSigTest < Test::Unit::TestCase
include ProtocolErrorMixin
include TestUtil
def setup
@assoc = GoodAssoc.new('{not_dumb}')
@store = Store::Memory.new
@server_url = 'http://server.url/'
@endpoint = DummyEndpoint.new(@server_url)
@store.store_association(@server_url, @assoc)
@message = Message.from_post_args({
'openid.mode' => 'id_res',
'openid.identity' => '=example',
'openid.sig' => GOODSIG,
'openid.assoc_handle' => @assoc.handle,
'openid.signed' => 'mode,identity,assoc_handle,signed',
'frobboz' => 'banzit',
})
end
def call_idres_method(method_name)
idres = IdResHandler.new(@message, nil, @store, @endpoint)
idres.extend(InstanceDefExtension)
yield idres
idres.send(method_name)
end
def call_check_sig(&proc)
call_idres_method(:check_signature, &proc)
end
def no_check_auth(idres)
idres.instance_def(:check_auth) { fail "Called check_auth" }
end
def test_sign_good
assert_nothing_raised {
call_check_sig(&method(:no_check_auth))
}
end
def test_bad_sig
@message.set_arg(OPENID_NS, 'sig', 'bad sig!')
assert_protocol_error('Bad signature') {
call_check_sig(&method(:no_check_auth))
}
end
def test_check_auth_ok
@message.set_arg(OPENID_NS, 'assoc_handle', 'dumb-handle')
check_auth_called = false
call_check_sig do |idres|
idres.instance_def(:check_auth) do
check_auth_called = true
end
end
assert(check_auth_called)
end
def test_check_auth_ok_no_store
@store = nil
check_auth_called = false
call_check_sig do |idres|
idres.instance_def(:check_auth) do
check_auth_called = true
end
end
assert(check_auth_called)
end
def test_expired_assoc
@assoc.expires_in = -1
@store.store_association(@server_url, @assoc)
assert_protocol_error('Association with') {
call_check_sig(&method(:no_check_auth))
}
end
def call_check_auth(&proc)
assert_log_matches("Using 'check_authentication'") {
call_idres_method(:check_auth, &proc)
}
end
def test_check_auth_create_fail
assert_protocol_error("Could not generate") {
call_check_auth do |idres|
idres.instance_def(:create_check_auth_request) do
raise Message::KeyNotFound, "Testing"
end
end
}
end
def test_check_auth_okay
OpenID.extend(OverrideMethodMixin)
me = self
send_resp = Proc.new do |req, server_url|
me.assert_equal(:req, req)
:expected_response
end
OpenID.with_method_overridden(:make_kv_post, send_resp) do
final_resp = call_check_auth do |idres|
idres.instance_def(:create_check_auth_request) {
:req
}
idres.instance_def(:process_check_auth_response) do |resp|
me.assert_equal(:expected_response, resp)
end
end
end
end
def test_check_auth_process_fail
OpenID.extend(OverrideMethodMixin)
me = self
send_resp = Proc.new do |req, server_url|
me.assert_equal(:req, req)
:expected_response
end
OpenID.with_method_overridden(:make_kv_post, send_resp) do
assert_protocol_error("Testing") do
final_resp = call_check_auth do |idres|
idres.instance_def(:create_check_auth_request) { :req }
idres.instance_def(:process_check_auth_response) do |resp|
me.assert_equal(:expected_response, resp)
raise ProtocolError, "Testing"
end
end
end
end
end
1.times do
# Fields from the signed list
['mode', 'identity', 'assoc_handle'
].each do |field|
test = lambda do
@message.del_arg(OPENID_NS, field)
assert_raises(Message::KeyNotFound) {
call_idres_method(:create_check_auth_request) {}
}
end
define_method("test_create_check_auth_missing_#{field}", test)
end
end
def test_create_check_auth_request_success
ca_msg = call_idres_method(:create_check_auth_request) {}
expected = @message.copy
expected.set_arg(OPENID_NS, 'mode', 'check_authentication')
assert_equal(expected, ca_msg)
end
end
class CheckAuthResponseTest < Test::Unit::TestCase
include TestUtil
include ProtocolErrorMixin
def setup
@message = Message.from_openid_args({
'is_valid' => 'true',
})
@assoc = GoodAssoc.new
@store = Store::Memory.new
@server_url = 'http://invalid/'
@endpoint = DummyEndpoint.new(@server_url)
@idres = IdResHandler.new(nil, nil, @store, @endpoint)
end
def call_process
@idres.send(:process_check_auth_response, @message)
end
def test_valid
assert_log_matches() { call_process }
end
def test_invalid
for is_valid in ['false', 'monkeys']
@message.set_arg(OPENID_NS, 'is_valid', 'false')
assert_protocol_error("Server #{@server_url} responds") {
assert_log_matches() { call_process }
}
end
end
def test_valid_invalidate
@message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
assert_log_matches("Received 'invalidate_handle'") { call_process }
end
def test_invalid_invalidate
@message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
for is_valid in ['false', 'monkeys']
@message.set_arg(OPENID_NS, 'is_valid', 'false')
assert_protocol_error("Server #{@server_url} responds") {
assert_log_matches("Received 'invalidate_handle'") {
call_process
}
}
end
end
def test_invalidate_no_store
@idres.instance_variable_set(:@store, nil)
@message.set_arg(OPENID_NS, 'invalidate_handle', 'cheese')
assert_log_matches("Received 'invalidate_handle'",
'Unexpectedly got "invalidate_handle"') {
call_process
}
end
end
class NonceTest < Test::Unit::TestCase
include TestUtil
include ProtocolErrorMixin
def setup
@store = Object.new
class << @store
attr_accessor :nonces, :succeed
def use_nonce(server_url, time, extra)
@nonces << [server_url, time, extra]
@succeed
end
end
@store.nonces = []
@nonce = Nonce.mk_nonce
end
def call_check_nonce(post_args, succeed=false)
response = Message.from_post_args(post_args)
if !@store.nil?
@store.succeed = succeed
end
idres = IdResHandler.new(response, nil, @store, nil)
idres.send(:check_nonce)
end
def test_openid1_success
assert_nothing_raised {
call_check_nonce({'rp_nonce' => @nonce}, true)
}
end
def test_openid1_missing
assert_protocol_error('Nonce missing') { call_check_nonce({}) }
end
def test_openid2_ignore_rp_nonce
assert_protocol_error('Nonce missing') {
call_check_nonce({'rp_nonce' => @nonce,
'openid.ns' => OPENID2_NS})
}
end
def test_openid2_success
assert_nothing_raised {
call_check_nonce({'openid.response_nonce' => @nonce,
'openid.ns' => OPENID2_NS}, true)
}
end
def test_openid1_ignore_response_nonce
assert_protocol_error('Nonce missing') {
call_check_nonce({'openid.response_nonce' => @nonce})
}
end
def test_no_store
@store = nil
assert_nothing_raised {
call_check_nonce({'rp_nonce' => @nonce})
}
end
def test_already_used
assert_protocol_error('Nonce already used') {
call_check_nonce({'rp_nonce' => @nonce}, false)
}
end
def test_malformed_nonce
assert_protocol_error('Malformed nonce') {
call_check_nonce({'rp_nonce' => 'whee!'})
}
end
end
class DiscoveryVerificationTest < Test::Unit::TestCase
include ProtocolErrorMixin
include TestUtil
def setup
@endpoint = OpenIDServiceEndpoint.new
end
def call_verify(msg_args)
call_verify_modify(msg_args){}
end
def call_verify_modify(msg_args)
msg = Message.from_openid_args(msg_args)
idres = IdResHandler.new(msg, nil, nil, @endpoint)
idres.extend(InstanceDefExtension)
yield idres
idres.send(:verify_discovery_results)
idres.instance_variable_get(:@endpoint)
end
def assert_verify_protocol_error(error_prefix, openid_args)
assert_protocol_error(error_prefix) {call_verify(openid_args)}
end
def test_openid1_no_local_id
@endpoint.claimed_id = 'http://invalid/'
assert_verify_protocol_error("Missing required field: "\
"<#{OPENID1_NS}>identity", {})
end
def test_openid1_no_endpoint
@endpoint = nil
assert_raises(ProtocolError) {
call_verify({'identity' => 'snakes on a plane'})
}
end
def test_openid1_fallback_1_0
claimed_id = 'http://claimed.id/'
@endpoint = nil
resp_mesg = Message.from_openid_args({
'ns' => OPENID1_NS,
'identity' => claimed_id,
})
# Pass the OpenID 1 claimed_id this way since we're passing
# None for the endpoint.
resp_mesg.set_arg(BARE_NS, 'openid1_claimed_id', claimed_id)
# We expect the OpenID 1 discovery verification to try
# matching the discovered endpoint against the 1.1 type and
# fall back to 1.0.
expected_endpoint = OpenIDServiceEndpoint.new
expected_endpoint.type_uris = [OPENID_1_0_TYPE]
expected_endpoint.local_id = nil
expected_endpoint.claimed_id = claimed_id
hacked_discover = Proc.new {
|_claimed_id| ['unused', [expected_endpoint]]
}
idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
assert_log_matches('Performing discovery') {
OpenID.with_method_overridden(:discover, hacked_discover) {
idres.send(:verify_discovery_results)
}
}
actual_endpoint = idres.instance_variable_get(:@endpoint)
assert_equal(actual_endpoint, expected_endpoint)
end
def test_openid2_no_op_endpoint
assert_protocol_error("Missing required field: "\
"<#{OPENID2_NS}>op_endpoint") {
call_verify({'ns'=>OPENID2_NS})
}
end
def test_openid2_local_id_no_claimed
assert_verify_protocol_error('openid.identity is present without',
{'ns' => OPENID2_NS,
'op_endpoint' => 'Phone Home',
'identity' => 'Jorge Lius Borges'})
end
def test_openid2_no_local_id_claimed
assert_log_matches() {
assert_protocol_error('openid.claimed_id is present without') {
call_verify({'ns' => OPENID2_NS,
'op_endpoint' => 'Phone Home',
'claimed_id' => 'Manuel Noriega'})
}
}
end
def test_openid2_no_identifiers
op_endpoint = 'Phone Home'
result_endpoint = assert_log_matches() {
call_verify({'ns' => OPENID2_NS,
'op_endpoint' => op_endpoint})
}
assert(result_endpoint.is_op_identifier)
assert_equal(op_endpoint, result_endpoint.server_url)
assert(result_endpoint.claimed_id.nil?)
end
def test_openid2_no_endpoint_does_disco
endpoint = OpenIDServiceEndpoint.new
endpoint.claimed_id = 'monkeysoft'
@endpoint = nil
result = assert_log_matches('No pre-discovered') {
call_verify_modify({'ns' => OPENID2_NS,
'identity' => 'sour grapes',
'claimed_id' => 'monkeysoft',
'op_endpoint' => 'Phone Home'}) do |idres|
idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
@endpoint = endpoint
end
end
}
assert_equal(endpoint, result)
end
def test_openid2_mismatched_does_disco
@endpoint.claimed_id = 'nothing special, but different'
@endpoint.local_id = 'green cheese'
endpoint = OpenIDServiceEndpoint.new
endpoint.claimed_id = 'monkeysoft'
result = assert_log_matches('Error attempting to use stored',
'Attempting discovery') {
call_verify_modify({'ns' => OPENID2_NS,
'identity' => 'sour grapes',
'claimed_id' => 'monkeysoft',
'op_endpoint' => 'Green Cheese'}) do |idres|
idres.extend(InstanceDefExtension)
idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
@endpoint = endpoint
end
end
}
assert(endpoint.equal?(result))
end
def test_openid2_use_pre_discovered
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = 'http://i-am-sam/'
@endpoint.server_url = 'Phone Home'
@endpoint.type_uris = [OPENID_2_0_TYPE]
result = assert_log_matches() {
call_verify({'ns' => OPENID2_NS,
'identity' => @endpoint.local_id,
'claimed_id' => @endpoint.claimed_id,
'op_endpoint' => @endpoint.server_url
})
}
assert(result.equal?(@endpoint))
end
def test_openid2_use_pre_discovered_wrong_type
text = "verify failed"
me = self
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = 'i am sam'
@endpoint.server_url = 'Phone Home'
@endpoint.type_uris = [OPENID_1_1_TYPE]
endpoint = @endpoint
msg = Message.from_openid_args({'ns' => OPENID2_NS,
'identity' => @endpoint.local_id,
'claimed_id' =>
@endpoint.claimed_id,
'op_endpoint' =>
@endpoint.server_url})
idres = IdResHandler.new(msg, nil, nil, @endpoint)
idres.extend(InstanceDefExtension)
idres.instance_def(:discover_and_verify) { |claimed_id, to_match|
me.assert_equal(endpoint.claimed_id, to_match[0].claimed_id)
me.assert_equal(claimed_id, endpoint.claimed_id)
raise ProtocolError, text
}
assert_log_matches('Error attempting to use stored',
'Attempting discovery') {
assert_protocol_error(text) {
idres.send(:verify_discovery_results)
}
}
end
def test_openid1_use_pre_discovered
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = 'http://i-am-sam/'
@endpoint.server_url = 'Phone Home'
@endpoint.type_uris = [OPENID_1_1_TYPE]
result = assert_log_matches() {
call_verify({'ns' => OPENID1_NS,
'identity' => @endpoint.local_id})
}
assert(result.equal?(@endpoint))
end
def test_openid1_use_pre_discovered_wrong_type
verified_error = Class.new(Exception)
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = 'i am sam'
@endpoint.server_url = 'Phone Home'
@endpoint.type_uris = [OPENID_2_0_TYPE]
assert_log_matches('Error attempting to use stored',
'Attempting discovery') {
assert_raises(verified_error) {
call_verify_modify({'ns' => OPENID1_NS,
'identity' => @endpoint.local_id}) { |idres|
idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
raise verified_error
end
}
}
}
end
def test_openid2_fragment
claimed_id = "http://unittest.invalid/"
claimed_id_frag = claimed_id + "#fragment"
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = claimed_id
@endpoint.server_url = 'Phone Home'
@endpoint.type_uris = [OPENID_2_0_TYPE]
result = assert_log_matches() {
call_verify({'ns' => OPENID2_NS,
'identity' => @endpoint.local_id,
'claimed_id' => claimed_id_frag,
'op_endpoint' => @endpoint.server_url})
}
[:local_id, :server_url, :type_uris].each do |sym|
assert_equal(@endpoint.send(sym), result.send(sym))
end
assert_equal(claimed_id_frag, result.claimed_id)
end
def test_endpoint_without_local_id
# An endpoint like this with no local_id is generated as a result of
# e.g. Yadis discovery with no LocalID tag.
@endpoint.server_url = "http://localhost:8000/openidserver"
@endpoint.claimed_id = "http://localhost:8000/id/id-jo"
to_match = OpenIDServiceEndpoint.new
to_match.server_url = "http://localhost:8000/openidserver"
to_match.claimed_id = "http://localhost:8000/id/id-jo"
to_match.local_id = "http://localhost:8000/id/id-jo"
idres = IdResHandler.new(nil, nil)
assert_log_matches() {
result = idres.send(:verify_discovery_single, @endpoint, to_match)
}
end
end
class IdResTopLevelTest < Test::Unit::TestCase
def test_id_res
endpoint = OpenIDServiceEndpoint.new
endpoint.server_url = 'http://invalid/server'
endpoint.claimed_id = 'http://my.url/'
endpoint.local_id = 'http://invalid/username'
endpoint.type_uris = [OPENID_2_0_TYPE]
assoc = GoodAssoc.new
store = Store::Memory.new
store.store_association(endpoint.server_url, assoc)
signed_fields =
[
'response_nonce',
'op_endpoint',
'assoc_handle',
'identity',
'claimed_id',
'ns',
'return_to',
]
return_to = 'http://return.to/'
args = {
'ns' => OPENID2_NS,
'return_to' => return_to,
'claimed_id' => endpoint.claimed_id,
'identity' => endpoint.local_id,
'assoc_handle' => assoc.handle,
'op_endpoint' => endpoint.server_url,
'response_nonce' => Nonce.mk_nonce,
'signed' => signed_fields.join(','),
'sig' => GOODSIG,
}
msg = Message.from_openid_args(args)
idres = OpenID::Consumer::IdResHandler.new(msg, return_to,
store, endpoint)
assert_equal(idres.signed_fields,
signed_fields.map {|f|'openid.' + f})
end
end
class DiscoverAndVerifyTest < Test::Unit::TestCase
include ProtocolErrorMixin
include TestUtil
def test_no_services
me = self
disco = Proc.new do |e|
me.assert_equal(e, :sentinel)
[:undefined, []]
end
endpoint = OpenIDServiceEndpoint.new
endpoint.claimed_id = :sentinel
idres = IdResHandler.new(nil, nil)
assert_log_matches('Performing discovery on') do
assert_protocol_error('No OpenID information found') do
OpenID.with_method_overridden(:discover, disco) do
idres.send(:discover_and_verify, :sentinel, [endpoint])
end
end
end
end
end
class VerifyDiscoveredServicesTest < Test::Unit::TestCase
include ProtocolErrorMixin
include TestUtil
def test_no_services
endpoint = OpenIDServiceEndpoint.new
endpoint.claimed_id = :sentinel
idres = IdResHandler.new(nil, nil)
assert_log_matches('Discovery verification failure') do
assert_protocol_error('No matching endpoint') do
idres.send(:verify_discovered_services,
'http://bogus.id/', [], [endpoint])
end
end
end
end
end
end
end