[project @ pape5: test and handle missing namespace declarations]

mpdaugherty · Oct 13, 2008 · 23e78e5 · 23e78e5
1 parent cae1a1d
commit 23e78e5
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/openid/extensions/draft/pape5.py b/openid/extensions/draft/pape5.py
@@ -424,13 +424,17 @@ def parseExtensionArgs(self, args, is_openid1, strict=False):
                 try:
                     uri = args['auth_level.ns.%s' % (alias,)]
                 except KeyError:
+                    if is_openid1:
+                        uri = self._default_auth_level_aliases.get(alias)
+                    else:
+                        uri = None
+
+                if uri is None:
                     if strict:
                         raise ValueError(
                             'Undefined auth level alias: %r' % (alias,))
-                    else:
-                        continue # Skip this auth level declaration
-
-                self.setAuthLevel(uri, val, alias)
+                else:
+                    self.setAuthLevel(uri, val, alias)
 
         auth_time = args.get('auth_time')
         if auth_time:

diff --git a/openid/test/test_pape_draft5.py b/openid/test/test_pape_draft5.py
@@ -349,16 +349,35 @@ def test_parseExtensionArgs_strict_bogus1(self):
         self.failUnlessRaises(ValueError, self.resp.parseExtensionArgs,
                               args, is_openid1=False, strict=True)
 
+    def test_parseExtensionArgs_openid1_strict(self):
+        args = {'auth_level.nist': '0',
+                'auth_policies': pape.AUTH_NONE,
+                }
+        self.resp.parseExtensionArgs(args, strict=True, is_openid1=True)
+        self.failUnlessEqual('0', self.resp.getAuthLevel(pape.LEVELS_NIST))
+        self.failUnlessEqual([], self.resp.auth_policies)
+
     def test_parseExtensionArgs_strict_no_namespace_decl_openid2(self):
         # Test the case where the namespace is not declared for an
         # auth level.
-        args = {'auth_policies': 'http://foo http://bar',
-                'auth_time': '1970-01-01T00:00:00Z',
-                'auth_level.nist': 'some',
+        args = {'auth_policies': pape.AUTH_NONE,
+                'auth_level.nist': '0',
                 }
         self.failUnlessRaises(ValueError, self.resp.parseExtensionArgs,
                               args, is_openid1=False, strict=True)
 
+    def test_parseExtensionArgs_nostrict_no_namespace_decl_openid2(self):
+        # Test the case where the namespace is not declared for an
+        # auth level.
+        args = {'auth_policies': pape.AUTH_NONE,
+                'auth_level.nist': '0',
+                }
+        self.resp.parseExtensionArgs(args, is_openid1=False, strict=False)
+
+        # There is no namespace declaration for this auth level.
+        self.failUnlessRaises(KeyError, self.resp.getAuthLevel,
+                              pape.LEVELS_NIST)
+
     def test_parseExtensionArgs_strict_good(self):
         args = {'auth_policies': 'http://foo http://bar',
                 'auth_time': '1970-01-01T00:00:00Z',