gnu-social/vendor/openid/php-openid/Tests/Auth/OpenID/AssociationResponse.php

378 lines
12 KiB
PHP
Raw Permalink Normal View History

<?php
require_once "Tests/Auth/OpenID/TestUtil.php";
require_once "Tests/Auth/OpenID/MemStore.php";
require_once "Auth/OpenID/Message.php";
require_once "Auth/OpenID/Server.php";
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/Association.php";
// Some values we can use for convenience (see mkAssocResponse)
global $association_response_values;
$association_response_values = array(
'expires_in' => '1000',
'assoc_handle' => 'a handle',
'assoc_type' => 'a type',
'session_type' => 'a session type',
'ns' => Auth_OpenID_OPENID2_NS
);
/**
* Build an association response message that contains the specified
* subset of keys. The values come from association_response_values.
*
* This is useful for testing for missing keys and other times that we
* don't care what the values are.
*/
function mkAssocResponse($keys)
{
global $association_response_values;
$args = array();
foreach ($keys as $key) {
$args[$key] = $association_response_values[$key];
}
return Auth_OpenID_Message::fromOpenIDArgs($args);
}
class Tests_Auth_OpenID_AssociationResponse extends PHPUnit_Framework_TestCase {
function setUp()
{
$this->store = new Tests_Auth_OpenID_MemStore();
$this->consumer = new Auth_OpenID_GenericConsumer($this->store);
$this->endpoint = new Auth_OpenID_ServiceEndpoint();
}
function failUnlessProtocolError($thing)
{
$this->assertTrue(Auth_OpenID::isFailure($thing));
}
function _run($keys)
{
$msg = mkAssocResponse($keys);
$dumb = null;
$this->assertTrue(Auth_OpenID::isFailure($this->consumer->_extractAssociation($msg, $dumb)));
}
}
/**
* Test for returning an error upon missing fields in association
* responses for OpenID 2
*/
class TestExtractAssociationMissingFieldsOpenID2 extends Tests_Auth_OpenID_AssociationResponse {
function test_noFields_openid2()
{
$this->_run(array('ns'));
}
function test_missingExpires_openid2()
{
$this->_run(array('assoc_handle', 'assoc_type', 'session_type', 'ns'));
}
function test_missingHandle_openid2()
{
$this->_run(array('expires_in', 'assoc_type', 'session_type', 'ns'));
}
function test_missingAssocType_openid2()
{
$this->_run(array('expires_in', 'assoc_handle', 'session_type', 'ns'));
}
function test_missingSessionType_openid2()
{
$this->_run(array('expires_in', 'assoc_handle', 'assoc_type', 'ns'));
}
}
/**
* Test for returning an error upon missing fields in association
* responses for OpenID 2
*/
class TestExtractAssociationMissingFieldsOpenID1 extends Tests_Auth_OpenID_AssociationResponse {
function test_noFields_openid1()
{
$this->_run(array());
}
function test_missingExpires_openid1()
{
$this->_run(array('assoc_handle', 'assoc_type'));
}
function test_missingHandle_openid1()
{
$this->_run(array('expires_in', 'assoc_type'));
}
function test_missingAssocType_openid1()
{
$this->_run(array('expires_in', 'assoc_handle'));
}
}
class DummyAssocationSession {
function DummyAssocationSession($session_type, $allowed_assoc_types=array())
{
$this->session_type = $session_type;
$this->allowed_assoc_types = $allowed_assoc_types;
}
}
class ExtractAssociationSessionTypeMismatch extends Tests_Auth_OpenID_AssociationResponse {
function _run($requested_session_type, $response_session_type, $openid1=false)
{
global $association_response_values;
$assoc_session = new DummyAssocationSession($requested_session_type);
$keys = array_keys($association_response_values);
if ($openid1) {
if (in_array('ns', $keys)) {
unset($keys[array_search('ns', $keys)]);
}
}
$msg = mkAssocResponse($keys);
$msg->setArg(Auth_OpenID_OPENID_NS, 'session_type',
$response_session_type);
$this->assertTrue(
$this->consumer->_extractAssociation($msg, $assoc_session) === null);
}
function test_typeMismatchNoEncBlank_openid2()
{
$this->_run('no-encryption', '');
}
function test_typeMismatchDHSHA1NoEnc_openid2()
{
$this->_run('DH-SHA1', 'no-encryption');
}
function test_typeMismatchDHSHA256NoEnc_openid2()
{
$this->_run('DH-SHA256', 'no-encryption');
}
function test_typeMismatchNoEncDHSHA1_openid2()
{
$this->_run('no-encryption', 'DH-SHA1');
}
function test_typeMismatchDHSHA1NoEnc_openid1()
{
$this->_run('DH-SHA1', 'DH-SHA256', true);
}
function test_typeMismatchDHSHA256NoEnc_openid1()
{
$this->_run('DH-SHA256', 'DH-SHA1', true);
}
function test_typeMismatchNoEncDHSHA1_openid1()
{
$this->_run('no-encryption', 'DH-SHA1', true);
}
}
class TestOpenID1AssociationResponseSessionType extends Tests_Auth_OpenID_AssociationResponse {
function _run($expected_session_type, $session_type_value)
{
// Create a Message with just 'session_type' in it, since
// that's all this function will use. 'session_type' may be
// absent if it's set to None.
$args = array();
if ($session_type_value !== null) {
$args['session_type'] = $session_type_value;
}
$message = Auth_OpenID_Message::fromOpenIDArgs($args);
$this->assertTrue($message->isOpenID1());
$actual_session_type = $this->consumer->_getOpenID1SessionType($message);
$error_message = sprintf('Returned sesion type parameter %s was expected ' .
'to yield session type %s, but yielded %s',
$session_type_value, $expected_session_type,
$actual_session_type);
$this->assertEquals(
$expected_session_type,
$actual_session_type,
$error_message);
}
function test_none()
{
$this->_run('no-encryption', null);
}
function test_empty()
{
$this->_run('no-encryption', '');
}
function test_explicitNoEncryption()
{
$this->_run('no-encryption', 'no-encryption');
}
function test_dhSHA1()
{
$this->_run('DH-SHA1', 'DH-SHA1');
}
// DH-SHA256 is not a valid session type for OpenID1, but this
// function does not test that. This is mostly just to make sure
// that it will pass-through stuff that is not explicitly handled,
// so it will get handled the same way as it is handled for OpenID
// 2
function test_dhSHA256()
{
$this->_run('DH-SHA256', 'DH-SHA256');
}
}
class DummyAssociationSession {
var $secret = "shh! don't tell!";
var $extract_secret_called = false;
var $session_type = null;
var $allowed_assoc_types = null;
function extractSecret($message)
{
$this->extract_secret_called = true;
return $this->secret;
}
}
class TestInvalidFields extends Tests_Auth_OpenID_AssociationResponse {
function setUp()
{
parent::setUp();
$this->session_type = 'testing-session';
// This must something that works for Association.fromExpiresIn
$this->assoc_type = 'HMAC-SHA1';
$this->assoc_handle = 'testing-assoc-handle';
// These arguments should all be valid
$this->assoc_response = Auth_OpenID_Message::fromOpenIDArgs(array(
'expires_in' => '1000',
'assoc_handle' => $this->assoc_handle,
'assoc_type' => $this->assoc_type,
'session_type' => $this->session_type,
'ns' => Auth_OpenID_OPENID2_NS,
));
$this->assoc_session = new DummyAssociationSession();
// Make the session for the response's session type
$this->assoc_session->session_type = $this->session_type;
$this->assoc_session->allowed_assoc_types = array($this->assoc_type);
}
function test_worksWithGoodFields()
{
// Handle a full successful association response
$assoc = $this->consumer->_extractAssociation(
$this->assoc_response, $this->assoc_session);
$this->assertTrue($this->assoc_session->extract_secret_called);
$this->assertEquals($this->assoc_session->secret, $assoc->secret);
$this->assertEquals(1000, $assoc->lifetime);
$this->assertEquals($this->assoc_handle, $assoc->handle);
$this->assertEquals($this->assoc_type, $assoc->assoc_type);
}
function test_badAssocType()
{
// Make sure that the assoc type in the response is not valid
// for the given session.
$this->assoc_session->allowed_assoc_types = array();
$this->assertTrue(
$this->consumer->_extractAssociation($this->assoc_response,
$this->assoc_session) === null);
}
function test_badExpiresIn()
{
// Invalid value for expires_in should cause failure
$this->assoc_response->setArg(Auth_OpenID_OPENID_NS, 'expires_in', 'forever');
$assoc = $this->consumer->_extractAssociation($this->assoc_response,
$this->assoc_session);
$this->assertTrue(Auth_OpenID::isFailure($assoc));
}
}
class TestExtractAssociationDiffieHellman extends Tests_Auth_OpenID_AssociationResponse {
var $secret = 'xxxxxxxxxxxxxxxxxxxx';
function _setUpDH()
{
list($sess, $message) = $this->consumer->_createAssociateRequest(
$this->endpoint, 'HMAC-SHA1', 'DH-SHA1');
// XXX: this is testing _createAssociateRequest
$this->assertEquals($this->endpoint->compatibilityMode(),
$message->isOpenID1());
$server_sess = Auth_OpenID_DiffieHellmanSHA1ServerSession::fromMessage($message);
$server_resp = $server_sess->answer($this->secret);
$server_resp['assoc_type'] = 'HMAC-SHA1';
$server_resp['assoc_handle'] = 'handle';
$server_resp['expires_in'] = '1000';
$server_resp['session_type'] = 'DH-SHA1';
return array($sess, Auth_OpenID_Message::fromOpenIDArgs($server_resp));
}
function test_success()
{
list($sess, $server_resp) = $this->_setUpDH();
$ret = $this->consumer->_extractAssociation($server_resp, $sess);
$this->assertTrue($ret !== null);
$this->assertEquals($ret->assoc_type, 'HMAC-SHA1');
$this->assertEquals($ret->secret, $this->secret);
$this->assertEquals($ret->handle, 'handle');
$this->assertEquals($ret->lifetime, 1000);
}
function test_openid2success()
{
// Use openid 2 type in endpoint so _setUpDH checks
// compatibility mode state properly
$this->endpoint->type_uris = array(Auth_OpenID_TYPE_2_0,
Auth_OpenID_TYPE_1_1);
$this->test_success();
}
/**
* Can't run this test because the base64 decoder is broken.
*/
/*
function test_badDHValues()
{
list($sess, $server_resp) = $this->_setUpDH();
$server_resp->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', "\x00\x00\x00");
$this->assertTrue($this->consumer->_extractAssociation($server_resp, $sess) === null);
}
*/
}
global $Tests_Auth_OpenID_AssociationResponse_other;
$Tests_Auth_OpenID_AssociationResponse_other = array(
new TestInvalidFields(),
new TestOpenID1AssociationResponseSessionType(),
new ExtractAssociationSessionTypeMismatch(),
new TestExtractAssociationMissingFieldsOpenID1(),
new TestExtractAssociationMissingFieldsOpenID2()
);
if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) {
$Tests_Auth_OpenID_AssociationResponse_other[] = new TestExtractAssociationDiffieHellman();
}