test_pape.rb
247 lines
| 9.7 KiB
| text/x-ruby
|
RubyLexer
Eric Davis
|
r2376 | require 'openid/extensions/pape' | ||
| require 'openid/message' | ||||
| require 'openid/server' | ||||
| require 'openid/consumer/responses' | ||||
| module OpenID | ||||
| module PAPETest | ||||
| class PapeRequestTestCase < Test::Unit::TestCase | ||||
| def setup | ||||
| @req = PAPE::Request.new | ||||
| end | ||||
| def test_construct | ||||
| assert_equal([], @req.preferred_auth_policies) | ||||
| assert_equal(nil, @req.max_auth_age) | ||||
| assert_equal('pape', @req.ns_alias) | ||||
| req2 = PAPE::Request.new([PAPE::AUTH_MULTI_FACTOR], 1000) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.preferred_auth_policies) | ||||
| assert_equal(1000, req2.max_auth_age) | ||||
| end | ||||
| def test_add_policy_uri | ||||
| assert_equal([], @req.preferred_auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies) | ||||
| end | ||||
| def test_get_extension_args | ||||
| assert_equal({'preferred_auth_policies' => ''}, @req.get_extension_args) | ||||
| @req.add_policy_uri('http://uri') | ||||
| assert_equal({'preferred_auth_policies' => 'http://uri'}, @req.get_extension_args) | ||||
| @req.add_policy_uri('http://zig') | ||||
| assert_equal({'preferred_auth_policies' => 'http://uri http://zig'}, @req.get_extension_args) | ||||
| @req.max_auth_age = 789 | ||||
| assert_equal({'preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'}, @req.get_extension_args) | ||||
| end | ||||
| def test_parse_extension_args | ||||
| args = {'preferred_auth_policies' => 'http://foo http://bar', | ||||
| 'max_auth_age' => '9'} | ||||
| @req.parse_extension_args(args) | ||||
| assert_equal(9, @req.max_auth_age) | ||||
| assert_equal(['http://foo','http://bar'], @req.preferred_auth_policies) | ||||
| end | ||||
| def test_parse_extension_args_empty | ||||
| @req.parse_extension_args({}) | ||||
| assert_equal(nil, @req.max_auth_age) | ||||
| assert_equal([], @req.preferred_auth_policies) | ||||
| end | ||||
| def test_from_openid_request | ||||
| openid_req_msg = Message.from_openid_args({ | ||||
| 'mode' => 'checkid_setup', | ||||
| 'ns' => OPENID2_NS, | ||||
| 'ns.pape' => PAPE::NS_URI, | ||||
| 'pape.preferred_auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '), | ||||
| 'pape.max_auth_age' => '5476' | ||||
| }) | ||||
| oid_req = Server::OpenIDRequest.new | ||||
| oid_req.message = openid_req_msg | ||||
| req = PAPE::Request.from_openid_request(oid_req) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.preferred_auth_policies) | ||||
| assert_equal(5476, req.max_auth_age) | ||||
| end | ||||
| def test_from_openid_request_no_pape | ||||
| message = Message.new | ||||
| openid_req = Server::OpenIDRequest.new | ||||
| openid_req.message = message | ||||
| pape_req = PAPE::Request.from_openid_request(openid_req) | ||||
| assert(pape_req.nil?) | ||||
| end | ||||
| def test_preferred_types | ||||
| @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| pt = @req.preferred_types([PAPE::AUTH_MULTI_FACTOR, | ||||
| PAPE::AUTH_MULTI_FACTOR_PHYSICAL]) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], pt) | ||||
| end | ||||
| end | ||||
| class DummySuccessResponse | ||||
| attr_accessor :message | ||||
| def initialize(message, signed_stuff) | ||||
| @message = message | ||||
| @signed_stuff = signed_stuff | ||||
| end | ||||
| def get_signed_ns(ns_uri) | ||||
| return @signed_stuff | ||||
| end | ||||
| end | ||||
| class PapeResponseTestCase < Test::Unit::TestCase | ||||
| def setup | ||||
| @req = PAPE::Response.new | ||||
| end | ||||
| def test_construct | ||||
| assert_equal([], @req.auth_policies) | ||||
| assert_equal(nil, @req.auth_time) | ||||
| assert_equal('pape', @req.ns_alias) | ||||
| assert_equal(nil, @req.nist_auth_level) | ||||
| req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies) | ||||
| assert_equal("1983-11-05T12:30:24Z", req2.auth_time) | ||||
| assert_equal(3, req2.nist_auth_level) | ||||
| end | ||||
| def test_add_policy_uri | ||||
| assert_equal([], @req.auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies) | ||||
| @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies) | ||||
| end | ||||
| def test_get_extension_args | ||||
| assert_equal({'auth_policies' => 'none'}, @req.get_extension_args) | ||||
| @req.add_policy_uri('http://uri') | ||||
| assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args) | ||||
| @req.add_policy_uri('http://zig') | ||||
| assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args) | ||||
| @req.auth_time = "1983-11-05T12:30:24Z" | ||||
| assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args) | ||||
| @req.nist_auth_level = 3 | ||||
| assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args) | ||||
| end | ||||
| def test_get_extension_args_error_auth_age | ||||
| @req.auth_time = "the beginning of time" | ||||
| assert_raises(ArgumentError) { @req.get_extension_args } | ||||
| end | ||||
| def test_get_extension_args_error_nist_auth_level | ||||
| @req.nist_auth_level = "high as a kite" | ||||
| assert_raises(ArgumentError) { @req.get_extension_args } | ||||
| @req.nist_auth_level = 5 | ||||
| assert_raises(ArgumentError) { @req.get_extension_args } | ||||
| @req.nist_auth_level = -1 | ||||
| assert_raises(ArgumentError) { @req.get_extension_args } | ||||
| end | ||||
| def test_parse_extension_args | ||||
| args = {'auth_policies' => 'http://foo http://bar', | ||||
| 'auth_time' => '1983-11-05T12:30:24Z'} | ||||
| @req.parse_extension_args(args) | ||||
| assert_equal('1983-11-05T12:30:24Z', @req.auth_time) | ||||
| assert_equal(['http://foo','http://bar'], @req.auth_policies) | ||||
| end | ||||
| def test_parse_extension_args_empty | ||||
| @req.parse_extension_args({}) | ||||
| assert_equal(nil, @req.auth_time) | ||||
| assert_equal([], @req.auth_policies) | ||||
| end | ||||
| def test_parse_extension_args_strict_bogus1 | ||||
| args = {'auth_policies' => 'http://foo http://bar', | ||||
| 'auth_time' => 'this one time'} | ||||
| assert_raises(ArgumentError) { | ||||
| @req.parse_extension_args(args, true) | ||||
| } | ||||
| end | ||||
| def test_parse_extension_args_strict_bogus2 | ||||
| args = {'auth_policies' => 'http://foo http://bar', | ||||
| 'auth_time' => '1983-11-05T12:30:24Z', | ||||
| 'nist_auth_level' => 'some'} | ||||
| assert_raises(ArgumentError) { | ||||
| @req.parse_extension_args(args, true) | ||||
| } | ||||
| end | ||||
| def test_parse_extension_args_strict_good | ||||
| args = {'auth_policies' => 'http://foo http://bar', | ||||
| 'auth_time' => '2007-10-11T05:25:18Z', | ||||
| 'nist_auth_level' => '0'} | ||||
| @req.parse_extension_args(args, true) | ||||
| assert_equal(['http://foo','http://bar'], @req.auth_policies) | ||||
| assert_equal('2007-10-11T05:25:18Z', @req.auth_time) | ||||
| assert_equal(0, @req.nist_auth_level) | ||||
| end | ||||
| def test_parse_extension_args_nostrict_bogus | ||||
| args = {'auth_policies' => 'http://foo http://bar', | ||||
| 'auth_time' => 'some time ago', | ||||
| 'nist_auth_level' => 'some'} | ||||
| @req.parse_extension_args(args) | ||||
| assert_equal(['http://foo','http://bar'], @req.auth_policies) | ||||
| assert_equal(nil, @req.auth_time) | ||||
| assert_equal(nil, @req.nist_auth_level) | ||||
| end | ||||
| def test_from_success_response | ||||
| openid_req_msg = Message.from_openid_args({ | ||||
| 'mode' => 'id_res', | ||||
| 'ns' => OPENID2_NS, | ||||
| 'ns.pape' => PAPE::NS_URI, | ||||
| 'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '), | ||||
| 'pape.auth_time' => '1983-11-05T12:30:24Z' | ||||
| }) | ||||
| signed_stuff = { | ||||
| 'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '), | ||||
| 'auth_time' => '1983-11-05T12:30:24Z' | ||||
| } | ||||
| oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff) | ||||
| req = PAPE::Response.from_success_response(oid_req) | ||||
| assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies) | ||||
| assert_equal('1983-11-05T12:30:24Z', req.auth_time) | ||||
| end | ||||
| def test_from_success_response_unsigned | ||||
| openid_req_msg = Message.from_openid_args({ | ||||
| 'mode' => 'id_res', | ||||
| 'ns' => OPENID2_NS, | ||||
| 'ns.pape' => PAPE::NS_URI, | ||||
| 'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '), | ||||
| 'pape.auth_time' => '1983-11-05T12:30:24Z' | ||||
| }) | ||||
| signed_stuff = {} | ||||
| endpoint = OpenIDServiceEndpoint.new | ||||
| oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff) | ||||
| req = PAPE::Response.from_success_response(oid_req) | ||||
| assert(req.nil?, req.inspect) | ||||
| end | ||||
| end | ||||
| end | ||||
| end | ||||