aboutsummaryrefslogtreecommitdiff
path: root/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php
diff options
context:
space:
mode:
Diffstat (limited to 'models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php')
-rw-r--r--models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php293
1 files changed, 293 insertions, 0 deletions
diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php
new file mode 100644
index 000000000..1482af4c4
--- /dev/null
+++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php
@@ -0,0 +1,293 @@
+<?php
+
+/*
+ * Unit tests for verification of return_to URLs for a realm.
+ */
+
+require_once 'Auth/OpenID/Discover.php';
+require_once 'Auth/OpenID/TrustRoot.php';
+
+require_once 'Auth/Yadis/Yadis.php';
+
+/*
+ * Tests for building the discovery URL from a realm and a return_to
+ * URL
+ */
+class Tests_Auth_OpenID_BuildDiscoveryURL extends PHPUnit_Framework_TestCase {
+ /*
+ * Build a discovery URL out of the realm and a return_to and make
+ * sure that it matches the expected discovery URL
+ */
+ function failUnlessDiscoURL($realm, $expected_discovery_url)
+ {
+ $actual_discovery_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm);
+ $this->assertEquals($expected_discovery_url, $actual_discovery_url);
+ }
+
+ /*
+ * There is no wildcard and the realm is the same as the return_to
+ * URL
+ */
+ function test_trivial()
+ {
+ $this->failUnlessDiscoURL('http://example.com/foo',
+ 'http://example.com/foo');
+ }
+
+ /*
+ * There is a wildcard
+ */
+ function test_wildcard()
+ {
+ $this->failUnlessDiscoURL('http://*.example.com/foo',
+ 'http://www.example.com/foo');
+ }
+}
+
+class _MockDiscover {
+ function _MockDiscover($data) {
+ $this->data =& $data;
+ }
+
+ function mockDiscover($uri, $fetcher, $discover_function=null)
+ {
+ $result = new Auth_Yadis_DiscoveryResult($uri);
+ $result->response_text = $this->data;
+ $result->normalized_uri = $uri;
+ return $result;
+ }
+}
+
+class Tests_Auth_OpenID_ExtractReturnToURLs extends PHPUnit_Framework_TestCase {
+ var $disco_url = 'http://example.com/';
+
+ function failUnlessXRDSHasReturnURLs($data, $expected_return_urls)
+ {
+ $discover_object = new _MockDiscover($data);
+ $actual_return_urls = Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover'));
+
+ $this->assertEquals($expected_return_urls, $actual_return_urls);
+ }
+
+ function failUnlessDiscoveryFailure($text)
+ {
+ $discover_object = new _MockDiscover($text);
+ $this->assertFalse(Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover')));
+ }
+
+ function test_empty()
+ {
+ $this->failUnlessDiscoveryFailure('');
+ }
+
+ function test_badXML()
+ {
+ $this->failUnlessDiscoveryFailure('>');
+ }
+
+ function test_noEntries()
+ {
+ $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)"
+ >
+ <XRD>
+ </XRD>
+</xrds:XRDS>
+', array());
+ }
+
+ function test_noReturnToEntries()
+ {
+ $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)"
+ >
+ <XRD>
+ <Service priority="10">
+ <Type>http://specs.openid.net/auth/2.0/server</Type>
+ <URI>http://www.myopenid.com/server</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
+', array());
+ }
+
+ function test_oneEntry()
+ {
+ $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)"
+ >
+ <XRD>
+ <Service>
+ <Type>http://specs.openid.net/auth/2.0/return_to</Type>
+ <URI>http://rp.example.com/return</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
+', array('http://rp.example.com/return'));
+ }
+
+ function test_twoEntries()
+ {
+ $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)"
+ >
+ <XRD>
+ <Service priority="0">
+ <Type>http://specs.openid.net/auth/2.0/return_to</Type>
+ <URI>http://rp.example.com/return</URI>
+ </Service>
+ <Service priority="1">
+ <Type>http://specs.openid.net/auth/2.0/return_to</Type>
+ <URI>http://other.rp.example.com/return</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
+', array('http://rp.example.com/return',
+ 'http://other.rp.example.com/return'));
+ }
+
+ function test_twoEntries_withOther()
+ {
+ $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)"
+ >
+ <XRD>
+ <Service priority="0">
+ <Type>http://specs.openid.net/auth/2.0/return_to</Type>
+ <URI>http://rp.example.com/return</URI>
+ </Service>
+ <Service priority="1">
+ <Type>http://specs.openid.net/auth/2.0/return_to</Type>
+ <URI>http://other.rp.example.com/return</URI>
+ </Service>
+ <Service priority="0">
+ <Type>http://example.com/LOLCATS</Type>
+ <URI>http://example.com/invisible+uri</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
+', array('http://rp.example.com/return',
+ 'http://other.rp.example.com/return'));
+ }
+}
+
+class Tests_Auth_OpenID_ReturnToMatches extends PHPUnit_Framework_TestCase {
+ function test_noEntries()
+ {
+ $this->assertFalse(Auth_OpenID_returnToMatches(array(), 'anything'));
+ }
+
+ function test_exactMatch()
+ {
+ $r = 'http://example.com/return.to';
+ $this->assertTrue(Auth_OpenID_returnToMatches(array($r), $r));
+ }
+
+ function test_garbageMatch()
+ {
+ $r = 'http://example.com/return.to';
+ $this->assertTrue(Auth_OpenID_returnToMatches(
+ array('This is not a URL at all. In fact, it has characters, ' .
+ 'like "<" that are not allowed in URLs', $r), $r));
+ }
+
+ function test_descendant()
+ {
+ $r = 'http://example.com/return.to';
+ $this->assertTrue(Auth_OpenID_returnToMatches(array($r),
+ 'http://example.com/return.to/user:joe'));
+ }
+
+ function test_wildcard()
+ {
+ $this->assertFalse(Auth_OpenID_returnToMatches(
+ array('http://*.example.com/return.to'),
+ 'http://example.com/return.to'));
+ }
+
+ function test_noMatch()
+ {
+ $r = 'http://example.com/return.to';
+ $this->assertFalse(Auth_OpenID_returnToMatches(array($r),
+ 'http://example.com/xss_exploit'));
+ }
+}
+
+class Verifier {
+ function Verifier($test_case, $return_to)
+ {
+ $this->tc =& $test_case;
+ $this->return_to = $return_to;
+ }
+
+ function verify($disco_url)
+ {
+ $this->tc->assertEquals('http://www.example.com/', $disco_url);
+
+ if ($this->return_to === false) {
+ return false;
+ } else {
+ return array($this->return_to);
+ }
+ }
+}
+
+class Tests_Auth_OpenID_VerifyReturnTo extends PHPUnit_Framework_TestCase {
+
+ function test_bogusRealm()
+ {
+ $this->assertFalse(Auth_OpenID_verifyReturnTo('', 'http://example.com/', null));
+ }
+
+ function test_verifyWithDiscoveryCalled()
+ {
+ $realm = 'http://*.example.com/';
+ $return_to = 'http://www.example.com/foo';
+
+ $v = new Verifier($this, $return_to);
+
+ $this->assertTrue(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify')));
+ }
+
+ function test_verifyFailWithDiscoveryCalled()
+ {
+ $realm = 'http://*.example.com/';
+ $return_to = 'http://www.example.com/foo';
+
+ $v = new Verifier($this, 'http://something-else.invalid/');
+
+ $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify')));
+ }
+
+ function test_verifyFailIfDiscoveryRedirects()
+ {
+ $realm = 'http://*.example.com/';
+ $return_to = 'http://www.example.com/foo';
+
+ $v = new Verifier($this, false);
+
+ $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify')));
+ }
+}
+
+class Tests_Auth_OpenID_RPVerify extends PHPUnit_Framework_TestSuite {
+ function getName()
+ {
+ return "Tests_Auth_OpenID_RPVerify";
+ }
+
+ function Tests_Auth_OpenID_RPVerify()
+ {
+ $this->addTestSuite('Tests_Auth_OpenID_VerifyReturnTo');
+ $this->addTestSuite('Tests_Auth_OpenID_ReturnToMatches');
+ $this->addTestSuite('Tests_Auth_OpenID_ExtractReturnToURLs');
+ $this->addTestSuite('Tests_Auth_OpenID_BuildDiscoveryURL');
+ }
+}
+
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 02:01:56 +0000