def runOneTest(self): csess = self.csess_fact() msg = Message.fromOpenIDArgs(csess.getRequest()) ssess = self.ssess_fact.fromMessage(msg) check_secret = csess.extractSecret( Message.fromOpenIDArgs(ssess.answer(self.secret))) self.failUnlessEqual(self.secret, check_secret)
def test(self): # Create a request message with simple registration fields sreg_req = sreg.SRegRequest(required=['nickname', 'email'], optional=['fullname']) req_msg = Message() req_msg.updateArgs(sreg.ns_uri, sreg_req.getExtensionArgs()) req = OpenIDRequest() req.message = req_msg req.namespace = req_msg.getOpenIDNamespace() # -> send checkid_* request # Create an empty response message resp_msg = Message() resp = OpenIDResponse(req) resp.fields = resp_msg # Put the requested data fields in the response message sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, data) resp.addExtension(sreg_resp) # <- send id_res response # Extract the fields that were sent sreg_data_resp = resp_msg.getArgs(sreg.ns_uri) self.failUnlessEqual( { 'nickname': 'linusaur', 'email': '*****@*****.**', 'fullname': 'Leonhard Euler', }, sreg_data_resp)
def test_fromSuccessResponse_signed(self): message = Message.fromOpenIDArgs({ 'sreg.nickname': 'The Mad Stork', }) success_resp = DummySuccessResponse(message, {}) sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp) self.failIf(sreg_resp)
def testNotAllowed(self): allowed_types = [] negotiator = association.SessionNegotiator(allowed_types) self.consumer.negotiator = negotiator msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed') msg.setArg(OPENID_NS, 'session_type', 'not-allowed') self.consumer.return_messages = [msg] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Server error when requesting an association')
def test_fromSuccessResponse_signed(self): message = Message.fromOpenIDArgs({ 'sreg.nickname':'The Mad Stork', }) success_resp = DummySuccessResponse(message, {}) sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp) self.failIf(sreg_resp)
def setUp(self): self.message = m = Message(OPENID2_NS) m.updateArgs(OPENID2_NS, {'mode': 'id_res', 'identifier': '=example'}) m.updateArgs(BARE_NS, {'xey': 'value'}) self.args = {'openid.mode': 'id_res', 'openid.identifier': '=example', 'xey': 'value'}
def testBadResponse(self): """ Test the case where the response to an associate request is a server error or is otherwise undecipherable. """ self.consumer.return_messages = [Message(self.endpoint.preferredNamespace())] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Server error when requesting an association')
def test_fromSuccessResponse_unsigned(self): message = Message.fromOpenIDArgs({ 'sreg.nickname': 'The Mad Stork', }) success_resp = DummySuccessResponse(message, {}) sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp, signed_only=False) self.failUnlessEqual([('nickname', 'The Mad Stork')], sreg_resp.items())
def test_fromOpenIDRequestWithoutExtension(self): """return None for an OpenIDRequest without AX paramaters.""" openid_req_msg = Message.fromOpenIDArgs({ 'mode': 'checkid_setup', 'ns': OPENID2_NS, }) oreq = DummyRequest(openid_req_msg) r = ax.FetchRequest.fromOpenIDRequest(oreq) self.failUnless(r is None, "%s is not None" % (r,))
def mkAssocResponse(*keys): """Build an association response message that contains the specified subset of keys. The values come from `association_response_values`. This is useful for testing for missing keys and other times that we don't care what the values are.""" args = dict([(key, association_response_values[key]) for key in keys]) return Message.fromOpenIDArgs(args)
def test_fromOpenIDRequestWithoutExtension(self): """return None for an OpenIDRequest without AX paramaters.""" openid_req_msg = Message.fromOpenIDArgs({ 'mode': 'checkid_setup', 'ns': OPENID2_NS, }) oreq = DummyRequest(openid_req_msg) r = ax.FetchRequest.fromOpenIDRequest(oreq) self.failUnless(r is None, "%s is not None" % (r, ))
def test_fromSuccessResponse_unsigned(self): message = Message.fromOpenIDArgs({ 'sreg.nickname':'The Mad Stork', }) success_resp = DummySuccessResponse(message, {}) sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp, signed_only=False) self.failUnlessEqual([('nickname', 'The Mad Stork')], sreg_resp.items())
def testEmptySessionType(self): msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type') # not set: msg.setArg(OPENID_NS, 'session_type', None) self.consumer.return_messages = [msg] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Server error when requesting an association')
def test_openID1_sregNSfromArgs(self): args = { 'sreg.optional': 'nickname', 'sreg.required': 'dob', } m = Message.fromOpenIDArgs(args) self.failUnless(m.getArg(sreg.ns_uri_1_1, 'optional') == 'nickname') self.failUnless(m.getArg(sreg.ns_uri_1_1, 'required') == 'dob')
def test_openidNoRealm(self): openid_req_msg = Message.fromOpenIDArgs({ 'mode': 'checkid_setup', 'ns': OPENID2_NS, 'ns.ax': ax.AXMessage.ns_uri, 'ax.update_url': 'http://different.site/path', 'ax.mode': 'fetch_request', }) self.failUnlessRaises(ax.AXError, ax.FetchRequest.fromOpenIDRequest, DummyRequest(openid_req_msg))
def test_openidUpdateURLVerificationSuccessReturnTo(self): openid_req_msg = Message.fromOpenIDArgs({ 'mode': 'checkid_setup', 'ns': OPENID2_NS, 'return_to': 'http://example.com/realm', 'ns.ax': ax.AXMessage.ns_uri, 'ax.update_url': 'http://example.com/realm/update_path', 'ax.mode': 'fetch_request', }) fr = ax.FetchRequest.fromOpenIDRequest(DummyRequest(openid_req_msg))
def setUp(self): self.message = m = Message(OPENID2_NS) m.updateArgs(OPENID2_NS, { 'mode': 'id_res', 'identifier': '=example', 'signed': 'identifier,mode', 'sig': 'cephalopod', }) m.updateArgs(BARE_NS, {'xey': 'value'}) self.assoc = association.Association.fromExpiresIn( 3600, '{sha1}', 'very_secret', "HMAC-SHA1")
def testUnsupportedWithRetry(self): msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1') msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1') assoc = association.Association( 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1') self.consumer.return_messages = [msg, assoc] self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is None) self.failUnlessLogMatches('Server error when requesting an association')
def test(self): # Create a request message with simple registration fields sreg_req = sreg.SRegRequest(required=['nickname', 'email'], optional=['fullname']) req_msg = Message() req_msg.updateArgs(sreg.ns_uri, sreg_req.getExtensionArgs()) req = OpenIDRequest() req.message = req_msg req.namespace = req_msg.getOpenIDNamespace() # -> send checkid_* request # Create an empty response message resp_msg = Message() resp = OpenIDResponse(req) resp.fields = resp_msg # Put the requested data fields in the response message sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, data) resp.addExtension(sreg_resp) # <- send id_res response # Extract the fields that were sent sreg_data_resp = resp_msg.getArgs(sreg.ns_uri) self.failUnlessEqual( {'nickname':'linusaur', 'email':'*****@*****.**', 'fullname':'Leonhard Euler', }, sreg_data_resp)
def testUnsupportedWithRetryAndFail(self): """ Test the case where an unsupported-typ response triggers a retry, but the retry fails and None is returned instead. """ msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1') msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1') self.consumer.return_messages = [msg, Message(self.endpoint.preferredNamespace())] self.failUnlessEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Unsupported association type', 'Server %s refused' % (self.endpoint.server_url))
def test_fromOpenIDRequestWithoutData(self): """return something for SuccessResponse with AX paramaters, even if it is the empty set.""" openid_req_msg = Message.fromOpenIDArgs({ 'mode': 'checkid_setup', 'realm': 'http://example.com/realm', 'ns': OPENID2_NS, 'ns.ax': ax.AXMessage.ns_uri, 'ax.mode': 'fetch_request', }) oreq = DummyRequest(openid_req_msg) r = ax.FetchRequest.fromOpenIDRequest(oreq) self.failUnless(r is not None)
def testNotAllowed(self): """ Test the case where an unsupported-type response specifies a preferred (assoc_type, session_type) combination that is not allowed by the consumer's SessionNegotiator. """ allowed_types = [] negotiator = association.SessionNegotiator(allowed_types) self.consumer.negotiator = negotiator msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed') msg.setArg(OPENID_NS, 'session_type', 'not-allowed') self.consumer.return_messages = [msg] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Unsupported association type', 'Server sent unsupported session/association type:')
def test_fromSuccessResponseWithoutExtension(self): """return None for SuccessResponse with no AX paramaters.""" args = { 'mode': 'id_res', 'ns': OPENID2_NS, } sf = ['openid.' + i for i in args.keys()] msg = Message.fromOpenIDArgs(args) class Endpoint: claimed_id = 'http://invalid.' oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf) r = ax.FetchResponse.fromSuccessResponse(oreq) self.failUnless(r is None, "%s is not None" % (r,))
def testEmptySessionType(self): """ Test the case where the session type (session_type) returned in an unsupported-type response is absent. """ msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type') # not set: msg.setArg(OPENID_NS, 'session_type', None) self.consumer.return_messages = [msg] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Unsupported association type', 'Server responded with unsupported association ' + 'session but did not supply a fallback.')
def _setUpDH(self): sess, message = self.consumer._createAssociateRequest( self.endpoint, 'HMAC-SHA1', 'DH-SHA1') # XXX: this is testing _createAssociateRequest self.failUnlessEqual(self.endpoint.compatibilityMode(), message.isOpenID1()) server_sess = DiffieHellmanSHA1ServerSession.fromMessage(message) server_resp = server_sess.answer(self.secret) server_resp['assoc_type'] = 'HMAC-SHA1' server_resp['assoc_handle'] = 'handle' server_resp['expires_in'] = '1000' server_resp['session_type'] = 'DH-SHA1' return sess, Message.fromOpenIDArgs(server_resp)
def test_fromSuccessResponseWithoutExtension(self): """return None for SuccessResponse with no AX paramaters.""" args = { 'mode': 'id_res', 'ns': OPENID2_NS, } sf = ['openid.' + i for i in args.keys()] msg = Message.fromOpenIDArgs(args) class Endpoint: claimed_id = 'http://invalid.' oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf) r = ax.FetchResponse.fromSuccessResponse(oreq) self.failUnless(r is None, "%s is not None" % (r, ))
def test_aintGotSignedList(self): m = Message(OPENID2_NS) m.updateArgs(OPENID2_NS, {'mode': 'id_res', 'identifier': '=example', 'sig': 'coyote', }) m.updateArgs(BARE_NS, {'xey': 'value'}) assoc = association.Association.fromExpiresIn( 3600, '{sha1}', 'very_secret', "HMAC-SHA1") self.failUnlessRaises(ValueError, assoc.checkMessageSignature, m)
def testUnsupportedWithRetry(self): """ Test the case where an unsupported-type response triggers a retry to get an association with the new preferred type. """ msg = Message(self.endpoint.preferredNamespace()) msg.setArg(OPENID_NS, 'error', 'Unsupported type') msg.setArg(OPENID_NS, 'error_code', 'unsupported-type') msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1') msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1') assoc = association.Association( 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1') self.consumer.return_messages = [msg, assoc] self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is assoc) self.failUnlessLogMatches('Unsupported association type')
def test_fromSuccessResponseWithoutData(self): """return something for SuccessResponse with AX paramaters, even if it is the empty set.""" args = { 'mode': 'id_res', 'ns': OPENID2_NS, 'ns.ax': ax.AXMessage.ns_uri, 'ax.mode': 'fetch_response', } sf = ['openid.' + i for i in args.keys()] msg = Message.fromOpenIDArgs(args) class Endpoint: claimed_id = 'http://invalid.' oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf) r = ax.FetchResponse.fromSuccessResponse(oreq) self.failUnless(r is not None)
def _doTest(self, expected_session_type, session_type_value): # Create a Message with just 'session_type' in it, since # that's all this function will use. 'session_type' may be # absent if it's set to None. args = {} if session_type_value is not None: args['session_type'] = session_type_value message = Message.fromOpenIDArgs(args) self.failUnless(message.isOpenID1()) actual_session_type = self.consumer._getOpenID1SessionType(message) error_message = ( 'Returned sesion type parameter %r was expected ' 'to yield session type %r, but yielded %r' % (session_type_value, expected_session_type, actual_session_type)) self.failUnlessEqual(expected_session_type, actual_session_type, error_message)
def _doTest(self, expected_session_type, session_type_value): # Create a Message with just 'session_type' in it, since # that's all this function will use. 'session_type' may be # absent if it's set to None. args = {} if session_type_value is not None: args['session_type'] = session_type_value message = Message.fromOpenIDArgs(args) self.failUnless(message.isOpenID1()) actual_session_type = self.consumer._getOpenID1SessionType(message) error_message = ('Returned sesion type parameter %r was expected ' 'to yield session type %r, but yielded %r' % (session_type_value, expected_session_type, actual_session_type)) self.failUnlessEqual( expected_session_type, actual_session_type, error_message)
def setUp(self): BaseAssocTest.setUp(self) self.session_type = 'testing-session' # This must something that works for Association.fromExpiresIn self.assoc_type = 'HMAC-SHA1' self.assoc_handle = 'testing-assoc-handle' # These arguments should all be valid self.assoc_response = Message.fromOpenIDArgs({ 'expires_in': '1000', 'assoc_handle': self.assoc_handle, 'assoc_type': self.assoc_type, 'session_type': self.session_type, 'ns': OPENID2_NS, }) self.assoc_session = DummyAssociationSession() # Make the session for the response's session type self.assoc_session.session_type = self.session_type self.assoc_session.allowed_assoc_types = [self.assoc_type]
def setUp(self): BaseAssocTest.setUp(self) self.session_type = 'testing-session' # This must something that works for Association.fromExpiresIn self.assoc_type = 'HMAC-SHA1' self.assoc_handle = 'testing-assoc-handle' # These arguments should all be valid self.assoc_response = Message.fromOpenIDArgs({ 'expires_in': '1000', 'assoc_handle':self.assoc_handle, 'assoc_type':self.assoc_type, 'session_type':self.session_type, 'ns':OPENID2_NS, }) self.assoc_session = DummyAssociationSession() # Make the session for the response's session type self.assoc_session.session_type = self.session_type self.assoc_session.allowed_assoc_types = [self.assoc_type]
def test_fromSuccessResponseWithData(self): name = 'ext0' value = 'snozzberry' uri = "http://willy.wonka.name/" args = { 'mode': 'id_res', 'ns': OPENID2_NS, 'ns.ax': ax.AXMessage.ns_uri, 'ax.update_url': 'http://example.com/realm/update_path', 'ax.mode': 'fetch_response', 'ax.type.'+name: uri, 'ax.count.'+name: '1', 'ax.value.%s.1'%name: value, } sf = ['openid.' + i for i in args.keys()] msg = Message.fromOpenIDArgs(args) class Endpoint: claimed_id = 'http://invalid.' resp = SuccessResponse(Endpoint(), msg, signed_fields=sf) ax_resp = ax.FetchResponse.fromSuccessResponse(resp) values = ax_resp.get(uri) self.failUnlessEqual([value], values)
def test_fromSuccessResponseWithData(self): name = 'ext0' value = 'snozzberry' uri = "http://willy.wonka.name/" args = { 'mode': 'id_res', 'ns': OPENID2_NS, 'ns.ax': ax.AXMessage.ns_uri, 'ax.update_url': 'http://example.com/realm/update_path', 'ax.mode': 'fetch_response', 'ax.type.' + name: uri, 'ax.count.' + name: '1', 'ax.value.%s.1' % name: value, } sf = ['openid.' + i for i in args.keys()] msg = Message.fromOpenIDArgs(args) class Endpoint: claimed_id = 'http://invalid.' resp = SuccessResponse(Endpoint(), msg, signed_fields=sf) ax_resp = ax.FetchResponse.fromSuccessResponse(resp) values = ax_resp.get(uri) self.failUnlessEqual([value], values)
def __init__(self): self.message = Message()
def testBadResponse(self): self.consumer.return_messages = [Message(self.endpoint.preferredNamespace())] self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None) self.failUnlessLogMatches('Server error when requesting an association')