aboutsummaryrefslogtreecommitdiff
path: root/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php
diff options
context:
space:
mode:
Diffstat (limited to 'models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php')
-rw-r--r--models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php346
1 files changed, 346 insertions, 0 deletions
diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php
new file mode 100644
index 000000000..02628fc2b
--- /dev/null
+++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php
@@ -0,0 +1,346 @@
+<?php
+
+require_once "Tests/Auth/OpenID/TestUtil.php";
+require_once "Tests/Auth/OpenID/MemStore.php";
+
+require_once "Auth/OpenID/Message.php";
+require_once "Auth/OpenID/Consumer.php";
+
+/**
+ * A consumer whose _requestAssocation will return predefined results
+ * instead of trying to actually perform association requests.
+ */
+class ErrorRaisingConsumer extends Auth_OpenID_GenericConsumer {
+ // The list of objects to be returned by successive calls to
+ // _requestAssocation. Each call will pop the first element from
+ // this list and return it to _negotiateAssociation. If the
+ // element is a Message object, it will be wrapped in a
+ // ServerErrorContainer exception. Otherwise it will be returned
+ // as-is.
+ var $return_messages = array();
+
+ function _requestAssociation($endpoint, $assoc_type, $session_type)
+ {
+ $m = array_pop($this->return_messages);
+ if (is_a($m, 'Auth_OpenID_Message')) {
+ return Auth_OpenID_ServerErrorContainer::fromMessage($m);
+ } else if (Auth_OpenID::isFailure($m)) {
+ return $m;
+ } else {
+ return $m;
+ }
+ }
+}
+
+/**
+ * Test the session type negotiation behavior of an OpenID 2 consumer.
+ */
+class TestOpenID2SessionNegotiation extends PHPUnit_Framework_TestCase {
+ function setUp()
+ {
+ $dumb = null;
+ $this->consumer = new ErrorRaisingConsumer($dumb);
+ $this->endpoint = new Auth_OpenID_ServiceEndpoint();
+ $this->endpoint->type_uris = array(Auth_OpenID_TYPE_2_0);
+ $this->endpoint->server_url = 'bogus';
+ }
+
+ /**
+ * Test the case where the response to an associate request is a
+ * server error or is otherwise undecipherable.
+ */
+ function testBadResponse()
+ {
+ $this->consumer->return_messages = array(
+ new Auth_OpenID_Message($this->endpoint->preferredNamespace()));
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ /**
+ * Test the case where the response to an associate request is a
+ * a failure response object.
+ */
+ function testBadResponseWithFailure()
+ {
+ $this->consumer->return_messages = array(
+ new Auth_OpenID_FailureResponse($this->endpoint));
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ /**
+ * Test the case where the association type (assoc_type) returned
+ * in an unsupported-type response is absent.
+ */
+ function testEmptyAssocType()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', null);
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'new-session-type');
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Unsupported association type',
+ // 'Server responded with unsupported association ' +
+ // 'session but did not supply a fallback.')
+ }
+
+ /**
+ * Test the case where the session type (session_type) returned in
+ * an unsupported-type response is absent.
+ */
+ function testEmptySessionType()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'new-assoc-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', null);
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Unsupported association type',
+ // 'Server responded with unsupported association ' +
+ // 'session but did not supply a fallback.')
+ }
+
+ /**
+ * Test the case where an unsupported-type response specifies a
+ * preferred (assoc_type, session_type) combination that is not
+ * allowed by the consumer's SessionNegotiator.
+ */
+ function testNotAllowed()
+ {
+ $allowed_types = array();
+
+ $negotiator = new Auth_OpenID_SessionNegotiator($allowed_types);
+ $this->consumer->negotiator = $negotiator;
+
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'not-allowed');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'not-allowed');
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Unsupported association type',
+ // 'Server sent unsupported session/association type:')
+ }
+
+ /**
+ * Test the case where an unsupported-type response triggers a
+ * retry to get an association with the new preferred type.
+ */
+ function testUnsupportedWithRetry()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1');
+
+ $assoc = new Auth_OpenID_Association(
+ 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1');
+
+ $this->consumer->return_messages = array($msg, $assoc);
+ $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc);
+
+ // $this->failUnlessLogMatches('Unsupported association type');
+ }
+
+ /**
+ * Test the case where an unsupported-typ response triggers a
+ * retry, but the retry fails and None is returned instead.
+ */
+ function testUnsupportedWithRetryAndFail()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1');
+
+ $this->consumer->return_messages = array($msg,
+ new Auth_OpenID_Message($this->endpoint->preferredNamespace()));
+
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Unsupported association type',
+ // 'Server %s refused' % ($this->endpoint.server_url))
+ }
+
+ /**
+ * Test the valid case, wherein an association is returned on the
+ * first attempt to get one.
+ */
+ function testValid()
+ {
+ $assoc = new Auth_OpenID_Association(
+ 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1');
+
+ $this->consumer->return_messages = array($assoc);
+ $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc);
+ // $this->failUnlessLogEmpty()
+ }
+}
+
+/**
+ * Tests for the OpenID 1 consumer association session behavior. See
+ * the docs for TestOpenID2SessionNegotiation. Notice that this class
+ * is not a subclass of the OpenID 2 tests. Instead, it uses many of
+ * the same inputs but inspects the log messages logged with
+ * oidutil.log. See the calls to $this->failUnlessLogMatches. Some
+ * of these tests pass openid2-style messages to the openid 1
+ * association processing logic to be sure it ignores the extra data.
+ */
+class TestOpenID1SessionNegotiation extends PHPUnit_Framework_TestCase {
+ function setUp()
+ {
+ $dumb = null;
+ $this->consumer = new ErrorRaisingConsumer($dumb);
+
+ $this->endpoint = new Auth_OpenID_ServiceEndpoint();
+ $this->endpoint->type_uris = array(Auth_OpenID_OPENID1_NS);
+ $this->endpoint->server_url = 'bogus';
+ }
+
+ function testBadResponse()
+ {
+ $this->consumer->return_messages =
+ array(new Auth_OpenID_Message($this->endpoint->preferredNamespace()));
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ function testEmptyAssocType()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', null);
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'new-session-type');
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ function testEmptySessionType()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'new-assoc-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', null);
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Server error when requesting an association');
+ }
+
+ function testNotAllowed()
+ {
+ $allowed_types = array();
+
+ $negotiator = new Auth_OpenID_SessionNegotiator($allowed_types);
+ $this->consumer->negotiator = $negotiator;
+
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'not-allowed');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'not-allowed');
+
+ $this->consumer->return_messages = array($msg);
+ $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null);
+
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ function testUnsupportedWithRetry()
+ {
+ $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace());
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1');
+ $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1');
+
+ $assoc = new Auth_OpenID_Association(
+ 'handle', 'secretxx', 'issued', 10000, 'HMAC-SHA1');
+
+ $this->consumer->return_messages = array($assoc, $msg);
+
+ $result = $this->consumer->_negotiateAssociation($this->endpoint);
+ $this->assertTrue($result === null);
+
+ // $this->failUnlessLogMatches('Server error when requesting an association')
+ }
+
+ function testValid()
+ {
+ $assoc = new Auth_OpenID_Association(
+ 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1');
+
+ $this->consumer->return_messages = array($assoc);
+ $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc);
+ // $this->failUnlessLogEmpty()
+ }
+}
+
+class TestNegotiatorBehaviors extends PHPUnit_Framework_TestCase {
+ function setUp()
+ {
+ $this->allowed_types = array(
+ array('HMAC-SHA1', 'no-encryption'),
+ array('HMAC-SHA256', 'no-encryption')
+ );
+
+ $this->n = new Auth_OpenID_SessionNegotiator($this->allowed_types);
+ }
+
+ function testAddAllowedTypeNoSessionTypes()
+ {
+ $this->assertFalse($this->n->addAllowedType('invalid'));
+ }
+
+ function testAddAllowedTypeBadSessionType()
+ {
+ $this->assertFalse($this->n->addAllowedType('assoc1', 'invalid'));
+ }
+
+ function testAddAllowedTypeContents()
+ {
+ $assoc_type = 'HMAC-SHA1';
+ $this->assertTrue($this->n->addAllowedType($assoc_type));
+
+ foreach (Auth_OpenID_getSessionTypes($assoc_type) as $typ) {
+ $this->assertTrue(in_array(array($assoc_type, $typ),
+ $this->n->allowed_types));
+ }
+ }
+}
+
+class Tests_Auth_OpenID_Negotiation extends PHPUnit_Framework_TestSuite {
+
+ function getName()
+ {
+ return 'Tests_Auth_OpenID_Negotiation';
+ }
+
+ function Tests_Auth_OpenID_Negotiation()
+ {
+ $this->addTestSuite('TestNegotiatorBehaviors');
+ $this->addTestSuite('TestOpenID1SessionNegotiation');
+ $this->addTestSuite('TestOpenID2SessionNegotiation');
+ }
+}
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 01:43:02 +0000