def runOneTest(self):
csess = self.csess_fact()
msg = Message.fromOpenIDArgs(csess.getRequest())
ssess = self.ssess_fact.fromMessage(msg)
check_secret = csess.extractSecret(
Message.fromOpenIDArgs(ssess.answer(self.secret)))
self.failUnlessEqual(self.secret, check_secret)
def test(self):
# Create a request message with simple registration fields
sreg_req = sreg.SRegRequest(required=['nickname', 'email'],
optional=['fullname'])
req_msg = Message()
req_msg.updateArgs(sreg.ns_uri, sreg_req.getExtensionArgs())
req = OpenIDRequest()
req.message = req_msg
req.namespace = req_msg.getOpenIDNamespace()
# -> send checkid_* request
# Create an empty response message
resp_msg = Message()
resp = OpenIDResponse(req)
resp.fields = resp_msg
# Put the requested data fields in the response message
sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, data)
resp.addExtension(sreg_resp)
# <- send id_res response
# Extract the fields that were sent
sreg_data_resp = resp_msg.getArgs(sreg.ns_uri)
self.failUnlessEqual(
{
'nickname': 'linusaur',
'email': '*****@*****.**',
'fullname': 'Leonhard Euler',
}, sreg_data_resp)
def test_fromSuccessResponse_signed(self):
message = Message.fromOpenIDArgs({
'sreg.nickname': 'The Mad Stork',
})
success_resp = DummySuccessResponse(message, {})
sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp)
self.failIf(sreg_resp)
def testNotAllowed(self):
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def test_fromSuccessResponse_signed(self):
message = Message.fromOpenIDArgs({
'sreg.nickname':'The Mad Stork',
})
success_resp = DummySuccessResponse(message, {})
sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp)
self.failIf(sreg_resp)
def setUp(self):
self.message = m = Message(OPENID2_NS)
m.updateArgs(OPENID2_NS, {'mode': 'id_res',
'identifier': '=example'})
m.updateArgs(BARE_NS, {'xey': 'value'})
self.args = {'openid.mode': 'id_res',
'openid.identifier': '=example',
'xey': 'value'}
def testBadResponse(self):
"""
Test the case where the response to an associate request is a
server error or is otherwise undecipherable.
"""
self.consumer.return_messages = [Message(self.endpoint.preferredNamespace())]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def test_fromSuccessResponse_unsigned(self):
message = Message.fromOpenIDArgs({
'sreg.nickname': 'The Mad Stork',
})
success_resp = DummySuccessResponse(message, {})
sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp,
signed_only=False)
self.failUnlessEqual([('nickname', 'The Mad Stork')],
sreg_resp.items())
def test_fromOpenIDRequestWithoutExtension(self):
"""return None for an OpenIDRequest without AX paramaters."""
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
})
oreq = DummyRequest(openid_req_msg)
r = ax.FetchRequest.fromOpenIDRequest(oreq)
self.failUnless(r is None, "%s is not None" % (r,))
def mkAssocResponse(*keys):
"""Build an association response message that contains the
specified subset of keys. The values come from
`association_response_values`.
This is useful for testing for missing keys and other times that
we don't care what the values are."""
args = dict([(key, association_response_values[key]) for key in keys])
return Message.fromOpenIDArgs(args)
def test_fromOpenIDRequestWithoutExtension(self):
"""return None for an OpenIDRequest without AX paramaters."""
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
})
oreq = DummyRequest(openid_req_msg)
r = ax.FetchRequest.fromOpenIDRequest(oreq)
self.failUnless(r is None, "%s is not None" % (r, ))
def mkAssocResponse(*keys):
"""Build an association response message that contains the
specified subset of keys. The values come from
`association_response_values`.
This is useful for testing for missing keys and other times that
we don't care what the values are."""
args = dict([(key, association_response_values[key]) for key in keys])
return Message.fromOpenIDArgs(args)
def test_fromSuccessResponse_unsigned(self):
message = Message.fromOpenIDArgs({
'sreg.nickname':'The Mad Stork',
})
success_resp = DummySuccessResponse(message, {})
sreg_resp = sreg.SRegResponse.fromSuccessResponse(success_resp,
signed_only=False)
self.failUnlessEqual([('nickname', 'The Mad Stork')],
sreg_resp.items())
def testEmptySessionType(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def test_openID1_sregNSfromArgs(self):
args = {
'sreg.optional': 'nickname',
'sreg.required': 'dob',
}
m = Message.fromOpenIDArgs(args)
self.failUnless(m.getArg(sreg.ns_uri_1_1, 'optional') == 'nickname')
self.failUnless(m.getArg(sreg.ns_uri_1_1, 'required') == 'dob')
def test_openidNoRealm(self):
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://different.site/path',
'ax.mode': 'fetch_request',
})
self.failUnlessRaises(ax.AXError, ax.FetchRequest.fromOpenIDRequest,
DummyRequest(openid_req_msg))
def test_openID1_sregNSfromArgs(self):
args = {
'sreg.optional': 'nickname',
'sreg.required': 'dob',
}
m = Message.fromOpenIDArgs(args)
self.failUnless(m.getArg(sreg.ns_uri_1_1, 'optional') == 'nickname')
self.failUnless(m.getArg(sreg.ns_uri_1_1, 'required') == 'dob')
def test_openidUpdateURLVerificationSuccessReturnTo(self):
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
'return_to': 'http://example.com/realm',
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://example.com/realm/update_path',
'ax.mode': 'fetch_request',
})
fr = ax.FetchRequest.fromOpenIDRequest(DummyRequest(openid_req_msg))
def test_openidUpdateURLVerificationSuccessReturnTo(self):
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
'return_to': 'http://example.com/realm',
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://example.com/realm/update_path',
'ax.mode': 'fetch_request',
})
fr = ax.FetchRequest.fromOpenIDRequest(DummyRequest(openid_req_msg))
def test_openidNoRealm(self):
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://different.site/path',
'ax.mode': 'fetch_request',
})
self.failUnlessRaises(ax.AXError,
ax.FetchRequest.fromOpenIDRequest,
DummyRequest(openid_req_msg))
def setUp(self):
self.message = m = Message(OPENID2_NS)
m.updateArgs(OPENID2_NS, {
'mode': 'id_res',
'identifier': '=example',
'signed': 'identifier,mode',
'sig': 'cephalopod',
})
m.updateArgs(BARE_NS, {'xey': 'value'})
self.assoc = association.Association.fromExpiresIn(
3600, '{sha1}', 'very_secret', "HMAC-SHA1")
def testUnsupportedWithRetry(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is None)
self.failUnlessLogMatches('Server error when requesting an association')
def test(self):
# Create a request message with simple registration fields
sreg_req = sreg.SRegRequest(required=['nickname', 'email'],
optional=['fullname'])
req_msg = Message()
req_msg.updateArgs(sreg.ns_uri, sreg_req.getExtensionArgs())
req = OpenIDRequest()
req.message = req_msg
req.namespace = req_msg.getOpenIDNamespace()
# -> send checkid_* request
# Create an empty response message
resp_msg = Message()
resp = OpenIDResponse(req)
resp.fields = resp_msg
# Put the requested data fields in the response message
sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, data)
resp.addExtension(sreg_resp)
# <- send id_res response
# Extract the fields that were sent
sreg_data_resp = resp_msg.getArgs(sreg.ns_uri)
self.failUnlessEqual(
{'nickname':'linusaur',
'email':'*****@*****.**',
'fullname':'Leonhard Euler',
}, sreg_data_resp)
def testUnsupportedWithRetryAndFail(self):
"""
Test the case where an unsupported-typ response triggers a
retry, but the retry fails and None is returned instead.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
self.consumer.return_messages = [msg,
Message(self.endpoint.preferredNamespace())]
self.failUnlessEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server %s refused' % (self.endpoint.server_url))
def test_fromOpenIDRequestWithoutData(self):
"""return something for SuccessResponse with AX paramaters,
even if it is the empty set."""
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'realm': 'http://example.com/realm',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.mode': 'fetch_request',
})
oreq = DummyRequest(openid_req_msg)
r = ax.FetchRequest.fromOpenIDRequest(oreq)
self.failUnless(r is not None)
def test_fromOpenIDRequestWithoutData(self):
"""return something for SuccessResponse with AX paramaters,
even if it is the empty set."""
openid_req_msg = Message.fromOpenIDArgs({
'mode': 'checkid_setup',
'realm': 'http://example.com/realm',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.mode': 'fetch_request',
})
oreq = DummyRequest(openid_req_msg)
r = ax.FetchRequest.fromOpenIDRequest(oreq)
self.failUnless(r is not None)
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server sent unsupported session/association type:')
def test_fromSuccessResponseWithoutExtension(self):
"""return None for SuccessResponse with no AX paramaters."""
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf)
r = ax.FetchResponse.fromSuccessResponse(oreq)
self.failUnless(r is None, "%s is not None" % (r,))
def testEmptySessionType(self):
"""
Test the case where the session type (session_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server responded with unsupported association ' +
'session but did not supply a fallback.')
def _setUpDH(self):
sess, message = self.consumer._createAssociateRequest(
self.endpoint, 'HMAC-SHA1', 'DH-SHA1')
# XXX: this is testing _createAssociateRequest
self.failUnlessEqual(self.endpoint.compatibilityMode(),
message.isOpenID1())
server_sess = DiffieHellmanSHA1ServerSession.fromMessage(message)
server_resp = server_sess.answer(self.secret)
server_resp['assoc_type'] = 'HMAC-SHA1'
server_resp['assoc_handle'] = 'handle'
server_resp['expires_in'] = '1000'
server_resp['session_type'] = 'DH-SHA1'
return sess, Message.fromOpenIDArgs(server_resp)
def _setUpDH(self):
sess, message = self.consumer._createAssociateRequest(
self.endpoint, 'HMAC-SHA1', 'DH-SHA1')
# XXX: this is testing _createAssociateRequest
self.failUnlessEqual(self.endpoint.compatibilityMode(),
message.isOpenID1())
server_sess = DiffieHellmanSHA1ServerSession.fromMessage(message)
server_resp = server_sess.answer(self.secret)
server_resp['assoc_type'] = 'HMAC-SHA1'
server_resp['assoc_handle'] = 'handle'
server_resp['expires_in'] = '1000'
server_resp['session_type'] = 'DH-SHA1'
return sess, Message.fromOpenIDArgs(server_resp)
def test_fromSuccessResponseWithoutExtension(self):
"""return None for SuccessResponse with no AX paramaters."""
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf)
r = ax.FetchResponse.fromSuccessResponse(oreq)
self.failUnless(r is None, "%s is not None" % (r, ))
def test_aintGotSignedList(self):
m = Message(OPENID2_NS)
m.updateArgs(OPENID2_NS, {'mode': 'id_res',
'identifier': '=example',
'sig': 'coyote',
})
m.updateArgs(BARE_NS, {'xey': 'value'})
assoc = association.Association.fromExpiresIn(
3600, '{sha1}', 'very_secret', "HMAC-SHA1")
self.failUnlessRaises(ValueError, assoc.checkMessageSignature, m)
def testUnsupportedWithRetry(self):
"""
Test the case where an unsupported-type response triggers a
retry to get an association with the new preferred type.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is assoc)
self.failUnlessLogMatches('Unsupported association type')
def test_fromSuccessResponseWithoutData(self):
"""return something for SuccessResponse with AX paramaters,
even if it is the empty set."""
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.mode': 'fetch_response',
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf)
r = ax.FetchResponse.fromSuccessResponse(oreq)
self.failUnless(r is not None)
def _doTest(self, expected_session_type, session_type_value):
# Create a Message with just 'session_type' in it, since
# that's all this function will use. 'session_type' may be
# absent if it's set to None.
args = {}
if session_type_value is not None:
args['session_type'] = session_type_value
message = Message.fromOpenIDArgs(args)
self.failUnless(message.isOpenID1())
actual_session_type = self.consumer._getOpenID1SessionType(message)
error_message = (
'Returned sesion type parameter %r was expected '
'to yield session type %r, but yielded %r' %
(session_type_value, expected_session_type, actual_session_type))
self.failUnlessEqual(expected_session_type, actual_session_type,
error_message)
def _doTest(self, expected_session_type, session_type_value):
# Create a Message with just 'session_type' in it, since
# that's all this function will use. 'session_type' may be
# absent if it's set to None.
args = {}
if session_type_value is not None:
args['session_type'] = session_type_value
message = Message.fromOpenIDArgs(args)
self.failUnless(message.isOpenID1())
actual_session_type = self.consumer._getOpenID1SessionType(message)
error_message = ('Returned sesion type parameter %r was expected '
'to yield session type %r, but yielded %r' %
(session_type_value, expected_session_type,
actual_session_type))
self.failUnlessEqual(
expected_session_type, actual_session_type, error_message)
def test_fromSuccessResponseWithoutData(self):
"""return something for SuccessResponse with AX paramaters,
even if it is the empty set."""
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.mode': 'fetch_response',
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
oreq = SuccessResponse(Endpoint(), msg, signed_fields=sf)
r = ax.FetchResponse.fromSuccessResponse(oreq)
self.failUnless(r is not None)
def setUp(self):
BaseAssocTest.setUp(self)
self.session_type = 'testing-session'
# This must something that works for Association.fromExpiresIn
self.assoc_type = 'HMAC-SHA1'
self.assoc_handle = 'testing-assoc-handle'
# These arguments should all be valid
self.assoc_response = Message.fromOpenIDArgs({
'expires_in': '1000',
'assoc_handle': self.assoc_handle,
'assoc_type': self.assoc_type,
'session_type': self.session_type,
'ns': OPENID2_NS,
})
self.assoc_session = DummyAssociationSession()
# Make the session for the response's session type
self.assoc_session.session_type = self.session_type
self.assoc_session.allowed_assoc_types = [self.assoc_type]
def setUp(self):
BaseAssocTest.setUp(self)
self.session_type = 'testing-session'
# This must something that works for Association.fromExpiresIn
self.assoc_type = 'HMAC-SHA1'
self.assoc_handle = 'testing-assoc-handle'
# These arguments should all be valid
self.assoc_response = Message.fromOpenIDArgs({
'expires_in': '1000',
'assoc_handle':self.assoc_handle,
'assoc_type':self.assoc_type,
'session_type':self.session_type,
'ns':OPENID2_NS,
})
self.assoc_session = DummyAssociationSession()
# Make the session for the response's session type
self.assoc_session.session_type = self.session_type
self.assoc_session.allowed_assoc_types = [self.assoc_type]
def test_fromSuccessResponseWithData(self):
name = 'ext0'
value = 'snozzberry'
uri = "http://willy.wonka.name/"
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://example.com/realm/update_path',
'ax.mode': 'fetch_response',
'ax.type.'+name: uri,
'ax.count.'+name: '1',
'ax.value.%s.1'%name: value,
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
resp = SuccessResponse(Endpoint(), msg, signed_fields=sf)
ax_resp = ax.FetchResponse.fromSuccessResponse(resp)
values = ax_resp.get(uri)
self.failUnlessEqual([value], values)
def test_fromSuccessResponseWithData(self):
name = 'ext0'
value = 'snozzberry'
uri = "http://willy.wonka.name/"
args = {
'mode': 'id_res',
'ns': OPENID2_NS,
'ns.ax': ax.AXMessage.ns_uri,
'ax.update_url': 'http://example.com/realm/update_path',
'ax.mode': 'fetch_response',
'ax.type.' + name: uri,
'ax.count.' + name: '1',
'ax.value.%s.1' % name: value,
}
sf = ['openid.' + i for i in args.keys()]
msg = Message.fromOpenIDArgs(args)
class Endpoint:
claimed_id = 'http://invalid.'
resp = SuccessResponse(Endpoint(), msg, signed_fields=sf)
ax_resp = ax.FetchResponse.fromSuccessResponse(resp)
values = ax_resp.get(uri)
self.failUnlessEqual([value], values)
def __init__(self):
self.message = Message()
def testBadResponse(self):
self.consumer.return_messages = [Message(self.endpoint.preferredNamespace())]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
