forked from GNUsocial/gnu-social
		
	
		
			
	
	
		
			294 lines
		
	
	
		
			8.1 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
		
		
			
		
	
	
			294 lines
		
	
	
		
			8.1 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
|   | <?php | ||
|  | 
 | ||
|  | /* | ||
|  |  * Unit tests for verification of return_to URLs for a realm. | ||
|  |  */ | ||
|  | 
 | ||
|  | require_once 'Auth/OpenID/Discover.php'; | ||
|  | require_once 'Auth/OpenID/TrustRoot.php'; | ||
|  | 
 | ||
|  | require_once 'Auth/Yadis/Yadis.php'; | ||
|  | 
 | ||
|  | /* | ||
|  |  * Tests for building the discovery URL from a realm and a return_to | ||
|  |  * URL | ||
|  |  */ | ||
|  | class Tests_Auth_OpenID_BuildDiscoveryURL extends PHPUnit_Framework_TestCase { | ||
|  |     /* | ||
|  |      * Build a discovery URL out of the realm and a return_to and make | ||
|  |      * sure that it matches the expected discovery URL | ||
|  |      */ | ||
|  |     function failUnlessDiscoURL($realm, $expected_discovery_url) | ||
|  |     { | ||
|  |         $actual_discovery_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm); | ||
|  |         $this->assertEquals($expected_discovery_url, $actual_discovery_url); | ||
|  |     } | ||
|  | 
 | ||
|  |     /* | ||
|  |      * There is no wildcard and the realm is the same as the return_to | ||
|  |      * URL | ||
|  |      */ | ||
|  |     function test_trivial() | ||
|  |     { | ||
|  |         $this->failUnlessDiscoURL('http://example.com/foo', | ||
|  |                                   'http://example.com/foo'); | ||
|  |     } | ||
|  | 
 | ||
|  |     /* | ||
|  |      * There is a wildcard | ||
|  |      */ | ||
|  |     function test_wildcard() | ||
|  |     { | ||
|  |         $this->failUnlessDiscoURL('http://*.example.com/foo', | ||
|  |                                   'http://www.example.com/foo'); | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class _MockDiscover { | ||
|  |     function _MockDiscover($data) { | ||
|  |         $this->data =& $data; | ||
|  |     } | ||
|  | 
 | ||
|  |     function mockDiscover($uri, $fetcher, $discover_function=null) | ||
|  |     { | ||
|  |         $result = new Auth_Yadis_DiscoveryResult($uri); | ||
|  |         $result->response_text = $this->data; | ||
|  |         $result->normalized_uri = $uri; | ||
|  |         return $result; | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class Tests_Auth_OpenID_ExtractReturnToURLs extends PHPUnit_Framework_TestCase { | ||
|  |     var $disco_url = 'http://example.com/'; | ||
|  | 
 | ||
|  |     function failUnlessXRDSHasReturnURLs($data, $expected_return_urls) | ||
|  |     { | ||
|  |         $discover_object = new _MockDiscover($data); | ||
|  |         $actual_return_urls = Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover')); | ||
|  | 
 | ||
|  |         $this->assertEquals($expected_return_urls, $actual_return_urls); | ||
|  |     } | ||
|  | 
 | ||
|  |     function failUnlessDiscoveryFailure($text) | ||
|  |     { | ||
|  |         $discover_object = new _MockDiscover($text); | ||
|  |         $this->assertFalse(Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover'))); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_empty() | ||
|  |     { | ||
|  |         $this->failUnlessDiscoveryFailure(''); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_badXML() | ||
|  |     { | ||
|  |         $this->failUnlessDiscoveryFailure('>'); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_noEntries() | ||
|  |     { | ||
|  |         $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
 | ||
|  | <xrds:XRDS xmlns:xrds="xri://$xrds" | ||
|  |            xmlns="xri://$xrd*($v*2.0)" | ||
|  |            > | ||
|  |   <XRD> | ||
|  |   </XRD> | ||
|  | </xrds:XRDS> | ||
|  | ', array()); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_noReturnToEntries() | ||
|  |     { | ||
|  |         $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
 | ||
|  | <xrds:XRDS xmlns:xrds="xri://$xrds" | ||
|  |            xmlns="xri://$xrd*($v*2.0)" | ||
|  |            > | ||
|  |   <XRD> | ||
|  |     <Service priority="10"> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/server</Type> | ||
|  |       <URI>http://www.myopenid.com/server</URI> | ||
|  |     </Service> | ||
|  |   </XRD> | ||
|  | </xrds:XRDS> | ||
|  | ', array()); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_oneEntry() | ||
|  |     { | ||
|  |         $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
 | ||
|  | <xrds:XRDS xmlns:xrds="xri://$xrds" | ||
|  |            xmlns="xri://$xrd*($v*2.0)" | ||
|  |            > | ||
|  |   <XRD> | ||
|  |     <Service> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/return_to</Type> | ||
|  |       <URI>http://rp.example.com/return</URI> | ||
|  |     </Service> | ||
|  |   </XRD> | ||
|  | </xrds:XRDS> | ||
|  | ', array('http://rp.example.com/return')); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_twoEntries() | ||
|  |     { | ||
|  |         $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
 | ||
|  | <xrds:XRDS xmlns:xrds="xri://$xrds" | ||
|  |            xmlns="xri://$xrd*($v*2.0)" | ||
|  |            > | ||
|  |   <XRD> | ||
|  |     <Service priority="0"> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/return_to</Type> | ||
|  |       <URI>http://rp.example.com/return</URI> | ||
|  |     </Service> | ||
|  |     <Service priority="1"> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/return_to</Type> | ||
|  |       <URI>http://other.rp.example.com/return</URI> | ||
|  |     </Service> | ||
|  |   </XRD> | ||
|  | </xrds:XRDS> | ||
|  | ', array('http://rp.example.com/return', | ||
|  |          'http://other.rp.example.com/return')); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_twoEntries_withOther() | ||
|  |     { | ||
|  |         $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
 | ||
|  | <xrds:XRDS xmlns:xrds="xri://$xrds" | ||
|  |            xmlns="xri://$xrd*($v*2.0)" | ||
|  |            > | ||
|  |   <XRD> | ||
|  |     <Service priority="0"> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/return_to</Type> | ||
|  |       <URI>http://rp.example.com/return</URI> | ||
|  |     </Service> | ||
|  |     <Service priority="1"> | ||
|  |       <Type>http://specs.openid.net/auth/2.0/return_to</Type> | ||
|  |       <URI>http://other.rp.example.com/return</URI> | ||
|  |     </Service> | ||
|  |     <Service priority="0"> | ||
|  |       <Type>http://example.com/LOLCATS</Type> | ||
|  |       <URI>http://example.com/invisible+uri</URI> | ||
|  |     </Service> | ||
|  |   </XRD> | ||
|  | </xrds:XRDS> | ||
|  | ', array('http://rp.example.com/return', | ||
|  |          'http://other.rp.example.com/return')); | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class Tests_Auth_OpenID_ReturnToMatches extends PHPUnit_Framework_TestCase { | ||
|  |     function test_noEntries() | ||
|  |     { | ||
|  |         $this->assertFalse(Auth_OpenID_returnToMatches(array(), 'anything')); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_exactMatch() | ||
|  |     { | ||
|  |         $r = 'http://example.com/return.to'; | ||
|  |         $this->assertTrue(Auth_OpenID_returnToMatches(array($r), $r)); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_garbageMatch() | ||
|  |     { | ||
|  |         $r = 'http://example.com/return.to'; | ||
|  |         $this->assertTrue(Auth_OpenID_returnToMatches( | ||
|  |                    array('This is not a URL at all. In fact, it has characters, ' . | ||
|  |                          'like "<" that are not allowed in URLs', $r), $r)); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_descendant() | ||
|  |     { | ||
|  |         $r = 'http://example.com/return.to'; | ||
|  |         $this->assertTrue(Auth_OpenID_returnToMatches(array($r), | ||
|  |             'http://example.com/return.to/user:joe')); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_wildcard() | ||
|  |     { | ||
|  |         $this->assertFalse(Auth_OpenID_returnToMatches( | ||
|  |                                 array('http://*.example.com/return.to'), | ||
|  |                                 'http://example.com/return.to')); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_noMatch() | ||
|  |     { | ||
|  |         $r = 'http://example.com/return.to'; | ||
|  |         $this->assertFalse(Auth_OpenID_returnToMatches(array($r), | ||
|  |             'http://example.com/xss_exploit')); | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class Verifier { | ||
|  |     function Verifier($test_case, $return_to) | ||
|  |     { | ||
|  |         $this->tc =& $test_case; | ||
|  |         $this->return_to = $return_to; | ||
|  |     } | ||
|  | 
 | ||
|  |     function verify($disco_url) | ||
|  |     { | ||
|  |         $this->tc->assertEquals('http://www.example.com/', $disco_url); | ||
|  | 
 | ||
|  |         if ($this->return_to === false) { | ||
|  |             return false; | ||
|  |         } else { | ||
|  |             return array($this->return_to); | ||
|  |         } | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class Tests_Auth_OpenID_VerifyReturnTo extends PHPUnit_Framework_TestCase { | ||
|  | 
 | ||
|  |     function test_bogusRealm() | ||
|  |     { | ||
|  |         $this->assertFalse(Auth_OpenID_verifyReturnTo('', 'http://example.com/', null)); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_verifyWithDiscoveryCalled() | ||
|  |     { | ||
|  |         $realm = 'http://*.example.com/'; | ||
|  |         $return_to = 'http://www.example.com/foo'; | ||
|  | 
 | ||
|  |         $v = new Verifier($this, $return_to); | ||
|  | 
 | ||
|  |         $this->assertTrue(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_verifyFailWithDiscoveryCalled() | ||
|  |     { | ||
|  |         $realm = 'http://*.example.com/'; | ||
|  |         $return_to = 'http://www.example.com/foo'; | ||
|  | 
 | ||
|  |         $v = new Verifier($this, 'http://something-else.invalid/'); | ||
|  | 
 | ||
|  |         $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); | ||
|  |     } | ||
|  | 
 | ||
|  |     function test_verifyFailIfDiscoveryRedirects() | ||
|  |     { | ||
|  |         $realm = 'http://*.example.com/'; | ||
|  |         $return_to = 'http://www.example.com/foo'; | ||
|  | 
 | ||
|  |         $v = new Verifier($this, false); | ||
|  | 
 | ||
|  |         $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | class Tests_Auth_OpenID_RPVerify extends PHPUnit_Framework_TestSuite { | ||
|  |     function getName() | ||
|  |     { | ||
|  |         return "Tests_Auth_OpenID_RPVerify"; | ||
|  |     } | ||
|  | 
 | ||
|  |     function Tests_Auth_OpenID_RPVerify() | ||
|  |     { | ||
|  |         $this->addTestSuite('Tests_Auth_OpenID_VerifyReturnTo'); | ||
|  |         $this->addTestSuite('Tests_Auth_OpenID_ReturnToMatches'); | ||
|  |         $this->addTestSuite('Tests_Auth_OpenID_ExtractReturnToURLs'); | ||
|  |         $this->addTestSuite('Tests_Auth_OpenID_BuildDiscoveryURL'); | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | 
 |