Permalink
Browse files

[project @ Consumer: require that op_endpoint be signed in id_res res…

…ponses]

Ignore-this: ed18f1a60982df1fcb457299069c74bc
  • Loading branch information...
1 parent dba285c commit a52e842dd8b7b49eca6400efdab876a5352e2b52 tailor committed Apr 20, 2009
Showing with 38 additions and 18 deletions.
  1. +2 −1 openid/consumer/consumer.py
  2. +36 −17 openid/test/test_consumer.py
@@ -822,7 +822,8 @@ def _idResCheckForFields(self, message):
require_sigs = {
OPENID2_NS: basic_sig_fields + ['response_nonce',
'claimed_id',
- 'assoc_handle',],
+ 'assoc_handle',
+ 'op_endpoint',],
OPENID1_NS: basic_sig_fields,
}
@@ -506,7 +506,7 @@ def setUp(self):
'assoc_handle': 'does not matter',
'sig': GOODSIG,
'response_nonce': mkNonce(),
- 'signed': 'identity,return_to,response_nonce,assoc_handle,claimed_id',
+ 'signed': 'identity,return_to,response_nonce,assoc_handle,claimed_id,op_endpoint',
'claimed_id': claimed_id,
'op_endpoint': self.server_url,
'ns':OPENID2_NS,
@@ -534,7 +534,7 @@ def test_idResNoIdentity(self):
self.message.delArg(OPENID_NS, 'identity')
self.message.delArg(OPENID_NS, 'claimed_id')
self.endpoint.claimed_id = None
- self.message.setArg(OPENID_NS, 'signed', 'return_to,response_nonce,assoc_handle')
+ self.message.setArg(OPENID_NS, 'signed', 'return_to,response_nonce,assoc_handle,op_endpoint')
r = self.consumer.complete(self.message, self.endpoint, None)
self.failUnlessSuccess(r)
@@ -767,7 +767,7 @@ def test(self):
'op_endpoint':'my favourite server',
'response_nonce':'use only once',
},
- ['return_to', 'response_nonce', 'assoc_handle'])
+ ['return_to', 'response_nonce', 'assoc_handle', 'op_endpoint'])
test_openid2Success_identifiers = mkSuccessTest(
{'ns':OPENID2_NS,
@@ -780,9 +780,9 @@ def test(self):
'response_nonce':'use only once',
},
['return_to', 'response_nonce', 'identity',
- 'claimed_id', 'assoc_handle'])
+ 'claimed_id', 'assoc_handle', 'op_endpoint'])
- def mkFailureTest(openid_args, signed_list):
+ def mkMissingFieldTest(openid_args):
def test(self):
message = Message.fromOpenIDArgs(openid_args)
try:
@@ -793,35 +793,54 @@ def test(self):
self.fail('Expected an error, but none occurred')
return test
- test_openid1Missing_returnToSig = mkFailureTest(
+ def mkMissingSignedTest(openid_args):
+ def test(self):
+ message = Message.fromOpenIDArgs(openid_args)
+ try:
+ self.consumer._idResCheckForFields(message)
+ except ProtocolError, why:
+ self.failUnless(why[0].endswith('not signed'))
+ else:
+ self.fail('Expected an error, but none occurred')
+ return test
+
+ test_openid1Missing_returnToSig = mkMissingSignedTest(
{'return_to':'return',
'assoc_handle':'assoc handle',
'sig':'a signature',
'identity':'someone',
- },
- ['identity'])
+ 'signed':'identity',
+ })
- test_openid1Missing_identitySig = mkFailureTest(
+ test_openid1Missing_identitySig = mkMissingSignedTest(
{'return_to':'return',
'assoc_handle':'assoc handle',
'sig':'a signature',
'identity':'someone',
- },
- ['return_to'])
+ 'signed':'return_to'
+ })
- test_openid1MissingReturnTo = mkFailureTest(
+ test_openid2Missing_opEndpointSig = mkMissingSignedTest(
+ {'ns':OPENID2_NS,
+ 'return_to':'return',
+ 'assoc_handle':'assoc handle',
+ 'sig':'a signature',
+ 'identity':'someone',
+ 'op_endpoint':'the endpoint',
+ 'signed':'return_to,identity,assoc_handle'
+ })
+
+ test_openid1MissingReturnTo = mkMissingFieldTest(
{'assoc_handle':'assoc handle',
'sig':'a signature',
'identity':'someone',
- },
- ['return_to', 'identity'])
+ })
- test_openid1MissingAssocHandle = mkFailureTest(
+ test_openid1MissingAssocHandle = mkMissingFieldTest(
{'return_to':'return',
'sig':'a signature',
'identity':'someone',
- },
- ['return_to', 'identity'])
+ })
# XXX: I could go on...

0 comments on commit a52e842

Please sign in to comment.