Permalink
Browse files

[project @ Allow explicit OpenID 1.1 namespace URI in id_res responses]

Ignore-this: f5039238ccff04b87aaa0958fc86627e
  • Loading branch information...
1 parent 16de71f commit dff5fc267d3e160c10f45e3596fc97bf07d3a53b tailor committed Jul 28, 2009
Showing with 82 additions and 41 deletions.
  1. +1 −1 lib/openid/consumer.rb
  2. +1 −1 lib/openid/consumer/associationmanager.rb
  3. +3 −3 lib/openid/consumer/idres.rb
  4. +77 −36 test/test_idres.rb
@@ -376,7 +376,7 @@ def complete_setup_needed(message, unused_return_to)
def complete_id_res(message, current_url)
if message.is_openid1
- setup_url = message.get_arg(OPENID1_NS, 'user_setup_url')
+ setup_url = message.get_arg(OPENID_NS, 'user_setup_url')
if !setup_url.nil?
return SetupNeededResponse.new(last_requested_endpoint, setup_url)
end
@@ -246,7 +246,7 @@ def create_associate_request(assoc_type, session_type)
def get_openid1_session_type(assoc_response)
# If it's an OpenID 1 message, allow session_type to default
# to nil (which signifies "no-encryption")
- session_type = assoc_response.get_arg(OPENID1_NS, 'session_type')
+ session_type = assoc_response.get_arg(OPENID_NS, 'session_type')
# Handle the differences between no-encryption association
# respones in OpenID 1 and 2:
@@ -115,7 +115,7 @@ def check_for_fields
require_fields = basic_fields + ['op_endpoint']
require_sigs = basic_sig_fields +
['response_nonce', 'claimed_id', 'assoc_handle', 'op_endpoint']
- when OPENID1_NS
+ when OPENID1_NS, OPENID11_NS
require_fields = basic_fields + ['identity']
require_sigs = basic_sig_fields
else
@@ -276,7 +276,7 @@ def process_check_auth_response(response)
def check_nonce
case openid_namespace
- when OPENID1_NS
+ when OPENID1_NS, OPENID11_NS
nonce =
@message.get_arg(BARE_NS, Consumer.openid1_return_to_nonce_name)
@@ -309,7 +309,7 @@ def check_nonce
def verify_discovery_results
begin
case openid_namespace
- when OPENID1_NS
+ when OPENID1_NS, OPENID11_NS
verify_discovery_results_openid1
when OPENID2_NS
verify_discovery_results_openid2
View
@@ -61,6 +61,7 @@ def mkMsg(ns, fields, signed_fields)
# test all missing fields for OpenID 1 and 2
1.times do
[["openid1", OPENID1_NS, OPENID1_FIELDS],
+ ["openid1", OPENID11_NS, OPENID1_FIELDS],
["openid2", OPENID2_NS, OPENID2_FIELDS],
].each do |ver, ns, all_fields|
all_fields.each do |field|
@@ -81,6 +82,7 @@ def mkMsg(ns, fields, signed_fields)
# Test all missing signed for OpenID 1 and 2
1.times do
[["openid1", OPENID1_NS, OPENID1_FIELDS, OPENID1_SIGNED],
+ ["openid1", OPENID11_NS, OPENID1_FIELDS, OPENID1_SIGNED],
["openid2", OPENID2_NS, OPENID2_FIELDS, OPENID2_SIGNED],
].each do |ver, ns, all_fields, signed_fields|
signed_fields.each do |signed_field|
@@ -144,6 +146,14 @@ def test_success_openid1
idres.send(:check_for_fields)
}
end
+
+ def test_success_openid1_1
+ msg = mkMsg(OPENID11_NS, OPENID1_FIELDS, OPENID1_SIGNED)
+ idres = IdResHandler.new(msg, nil)
+ assert_nothing_raised {
+ idres.send(:check_for_fields)
+ }
+ end
end
class ReturnToArgsTest < Test::Unit::TestCase
@@ -499,13 +509,23 @@ def call_check_nonce(post_args, succeed=false)
end
def test_openid1_success
- assert_nothing_raised {
- call_check_nonce({'rp_nonce' => @nonce}, true)
- }
+ [{},
+ {'openid.ns' => OPENID1_NS},
+ {'openid.ns' => OPENID11_NS}
+ ].each do |args|
+ assert_nothing_raised {
+ call_check_nonce({'rp_nonce' => @nonce}.merge(args), true)
+ }
+ end
end
def test_openid1_missing
- assert_protocol_error('Nonce missing') { call_check_nonce({}) }
+ [{},
+ {'openid.ns' => OPENID1_NS},
+ {'openid.ns' => OPENID11_NS}
+ ].each do |args|
+ assert_protocol_error('Nonce missing') { call_check_nonce(args) }
+ end
end
def test_openid2_ignore_rp_nonce
@@ -523,9 +543,14 @@ def test_openid2_success
end
def test_openid1_ignore_response_nonce
- assert_protocol_error('Nonce missing') {
- call_check_nonce({'openid.response_nonce' => @nonce})
- }
+ [{},
+ {'openid.ns' => OPENID1_NS},
+ {'openid.ns' => OPENID11_NS}
+ ].each do |args|
+ assert_protocol_error('Nonce missing') {
+ call_check_nonce({'openid.response_nonce' => @nonce}.merge(args))
+ }
+ end
end
def test_no_store
@@ -587,37 +612,38 @@ def test_openid1_no_endpoint
end
def test_openid1_fallback_1_0
- claimed_id = 'http://claimed.id/'
- @endpoint = nil
- resp_mesg = Message.from_openid_args({
- 'ns' => OPENID1_NS,
- 'identity' => claimed_id,
- })
+ [OPENID1_NS, OPENID11_NS].each do |openid1_ns|
+ claimed_id = 'http://claimed.id/'
+ @endpoint = nil
+ resp_mesg = Message.from_openid_args({
+ 'ns' => openid1_ns,
+ 'identity' => claimed_id,
+ })
- # Pass the OpenID 1 claimed_id this way since we're passing
- # None for the endpoint.
- resp_mesg.set_arg(BARE_NS, 'openid1_claimed_id', claimed_id)
-
- # We expect the OpenID 1 discovery verification to try
- # matching the discovered endpoint against the 1.1 type and
- # fall back to 1.0.
- expected_endpoint = OpenIDServiceEndpoint.new
- expected_endpoint.type_uris = [OPENID_1_0_TYPE]
- expected_endpoint.local_id = nil
- expected_endpoint.claimed_id = claimed_id
-
- hacked_discover = Proc.new {
- |_claimed_id| ['unused', [expected_endpoint]]
- }
- idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
- assert_log_matches('Performing discovery') {
- OpenID.with_method_overridden(:discover, hacked_discover) {
- idres.send(:verify_discovery_results)
- }
- }
- actual_endpoint = idres.instance_variable_get(:@endpoint)
- assert_equal(actual_endpoint, expected_endpoint)
+ # Pass the OpenID 1 claimed_id this way since we're
+ # passing None for the endpoint.
+ resp_mesg.set_arg(BARE_NS, 'openid1_claimed_id', claimed_id)
+
+ # We expect the OpenID 1 discovery verification to try
+ # matching the discovered endpoint against the 1.1 type
+ # and fall back to 1.0.
+ expected_endpoint = OpenIDServiceEndpoint.new
+ expected_endpoint.type_uris = [OPENID_1_0_TYPE]
+ expected_endpoint.local_id = nil
+ expected_endpoint.claimed_id = claimed_id
+ hacked_discover = Proc.new {
+ |_claimed_id| ['unused', [expected_endpoint]]
+ }
+ idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
+ assert_log_matches('Performing discovery') {
+ OpenID.with_method_overridden(:discover, hacked_discover) {
+ idres.send(:verify_discovery_results)
+ }
+ }
+ actual_endpoint = idres.instance_variable_get(:@endpoint)
+ assert_equal(actual_endpoint, expected_endpoint)
+ end
end
def test_openid2_no_op_endpoint
@@ -710,6 +736,21 @@ def test_verify_discovery_single_claimed_id_mismatch
assert(e.to_s =~ /different subjects/)
end
+ def test_openid1_1_verify_discovery_single_no_server_url
+ idres = IdResHandler.new(nil, nil)
+ @endpoint.local_id = 'my identity'
+ @endpoint.claimed_id = 'http://i-am-sam/'
+ @endpoint.server_url = 'Phone Home'
+ @endpoint.type_uris = [OPENID_1_1_TYPE]
+
+ to_match = @endpoint.dup
+ to_match.claimed_id = 'http://i-am-sam/'
+ to_match.type_uris = [OPENID_1_1_TYPE]
+ to_match.server_url = nil
+
+ idres.send(:verify_discovery_single, @endpoint, to_match)
+ end
+
def test_openid2_use_pre_discovered
@endpoint.local_id = 'my identity'
@endpoint.claimed_id = 'http://i-am-sam/'

0 comments on commit dff5fc2

Please sign in to comment.