def create_sreg_response(self, fullname='', email='', identifier=''):
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "fullname", fullname)
message.setArg(SREG_NS, "email", email)
endpoint = OpenIDServiceEndpoint()
endpoint.display_identifier = identifier
return SuccessResponse(endpoint, message, signed_fields=message.toPostArgs().keys())
def create_sreg_response(self, fullname='', email='', identifier=''):
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "fullname", fullname)
message.setArg(SREG_NS, "email", email)
endpoint = OpenIDServiceEndpoint()
endpoint.display_identifier = identifier
return SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
def make_openid_response(self, sreg_args=None, teams_args=None):
endpoint = self.make_fake_openid_endpoint(claimed_id='some-id')
message = Message(OPENID2_NS)
if sreg_args is not None:
for key, value in sreg_args.items():
message.setArg(SREG_NS, key, value)
if teams_args is not None:
for key, value in teams_args.items():
message.setArg(TEAMS_NS, key, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
return response
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
with LogCapture() as logbook:
self.assertIsNone(
self.consumer._negotiateAssociation(self.endpoint))
unsupported_msg = StringComparison(
'Server sent unsupported session/association type: .*')
logbook.check(('openid.consumer.consumer', 'ERROR',
StringComparison('Unsupported association type .*')),
('openid.consumer.consumer', 'ERROR', unsupported_msg))
def make_openid_response(self, sreg_args=None, teams_args=None):
endpoint = OpenIDServiceEndpoint()
endpoint.claimed_id = 'some-id'
message = Message(OPENID2_NS)
if sreg_args is not None:
for key, value in sreg_args.items():
message.setArg(SREG_NS, key, value)
if teams_args is not None:
for key, value in teams_args.items():
message.setArg(TEAMS_NS, key, value)
response = SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
return response
def testEmptySessionType(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def test_completeBadReturnTo(self):
"""Test GenericConsumer.complete()'s handling of bad return_to
values.
"""
return_to = "http://some.url/path?foo=bar"
# Scheme, authority, and path differences are checked by
# GenericConsumer._checkReturnTo. Query args checked by
# GenericConsumer._verifyReturnToArgs.
bad_return_tos = [
# Scheme only
"https://some.url/path?foo=bar",
# Authority only
"http://some.url.invalid/path?foo=bar",
# Path only
"http://some.url/path_extra?foo=bar",
# Query args differ
"http://some.url/path?foo=bar2",
"http://some.url/path?foo2=bar",
]
m = Message(OPENID1_NS)
m.setArg(OPENID_NS, 'mode', 'cancel')
m.setArg(BARE_NS, 'foo', 'bar')
endpoint = None
for bad in bad_return_tos:
m.setArg(OPENID_NS, 'return_to', bad)
self.failIf(self.consumer._checkReturnTo(m, return_to))
def make_response_ax(self,
schema="http://axschema.org/",
fullname="Some User",
nickname="someuser",
email="*****@*****.**",
first=None,
last=None,
verified=False):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
("account_verified",
"http://ns.login.ubuntu.com/2013/validation/account",
"token_via_email" if verified else "no")]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(endpoint,
message,
signed_fields=message.toPostArgs().keys())
def test_completeGoodReturnTo(self):
"""Test GenericConsumer.complete()'s handling of good
return_to values.
"""
return_to = "http://some.url/path"
good_return_tos = [
(return_to, {}),
(return_to + "?another=arg", {(BARE_NS, 'another'): 'arg'}),
(return_to + "?another=arg#fragment", {(BARE_NS, 'another'): 'arg'}),
("HTTP"+return_to[4:], {}),
(return_to.replace('url','URL'), {}),
("http://some.url:80/path", {}),
("http://some.url/p%61th", {}),
("http://some.url/./path", {}),
]
endpoint = None
for good, extra in good_return_tos:
m = Message(OPENID1_NS)
m.setArg(OPENID_NS, 'mode', 'cancel')
for ns, key in extra:
m.setArg(ns, key, extra[(ns, key)])
m.setArg(OPENID_NS, 'return_to', good)
result = self.consumer.complete(m, endpoint, return_to)
self.failUnless(isinstance(result, CancelResponse), \
"Expected CancelResponse, got %r for %s" % (result, good,))
def make_response_ax(
self, schema="http://axschema.org/",
fullname="Some User", nickname="someuser", email="*****@*****.**",
first=None, last=None, verified=False):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", schema + "namePerson/friendly", nickname),
("fullname", schema + "namePerson", fullname),
("email", schema + "contact/email", email),
("account_verified",
"http://ns.login.ubuntu.com/2013/validation/account",
"token_via_email" if verified else "no")
]
if first:
attributes.append(
("first", "http://axschema.org/namePerson/first", first))
if last:
attributes.append(
("last", "http://axschema.org/namePerson/last", last))
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
return SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
def testNotAllowed(self):
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def testNotAllowed(self):
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def testEmptySessionType(self):
"""
Test the case where the session type (session_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server responded with unsupported association ' +
'session but did not supply a fallback.')
def testNotAllowed(self):
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
logbook.check(
('openid.consumer.consumer', 'ERROR', StringComparison('Server error when requesting an association .*')))
def testEmptyAssocType(self):
msg = Message(self.endpoint.ns())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
# not set: msg.setArg(OPENID_NS, 'assoc_type', None)
msg.setArg(OPENID_NS, 'session_type', 'new-session-type')
_requestAssociation.return_values = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def testEmptyAssocType(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
# not set: msg.setArg(OPENID_NS, 'assoc_type', None)
msg.setArg(OPENID_NS, "session_type", "new-session-type")
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches("Server error when requesting an association")
def testEmptySessionType(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Server error when requesting an association')
def testEmptySessionType(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
logbook.check(
('openid.consumer.consumer', 'ERROR', StringComparison('Server error when requesting an association .*')))
def testUnsupportedWithRetry(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
msg.setArg(OPENID_NS, "assoc_type", "HMAC-SHA1")
msg.setArg(OPENID_NS, "session_type", "DH-SHA1")
assoc = association.Association("handle", "secret", "issued", 10000, "HMAC-SHA1")
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is None)
self.failUnlessLogMatches("Server error when requesting an association")
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
msg.setArg(OPENID_NS, "assoc_type", "not-allowed")
msg.setArg(OPENID_NS, "session_type", "not-allowed")
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches("Unsupported association type", "Server sent unsupported session/association type:")
def testUnsupportedWithRetry(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is None)
self.failUnlessLogMatches('Server error when requesting an association')
def testUnsupportedWithRetry(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association('handle', b'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
logbook.check(
('openid.consumer.consumer', 'ERROR', StringComparison('Server error when requesting an association .*')))
def test_extract_user_details_sreg(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "nickname", "someuser")
message.setArg(SREG_NS, "fullname", "Some User")
message.setArg(SREG_NS, "email", "*****@*****.**")
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def test_extract_user_details_sreg(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
message.setArg(SREG_NS, "nickname", "someuser")
message.setArg(SREG_NS, "fullname", "Some User")
message.setArg(SREG_NS, "email", "*****@*****.**")
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
def testUnsupportedWithRetry(self):
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is None)
self.failUnlessLogMatches('Server error when requesting an association')
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server sent unsupported session/association type:')
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.ns())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
_requestAssociation.return_values = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server sent unsupported session/association type:')
def testUnsupportedWithRetryAndFail(self):
"""
Test the case where an unsupported-typ response triggers a
retry, but the retry fails and None is returned instead.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
msg.setArg(OPENID_NS, "assoc_type", "HMAC-SHA1")
msg.setArg(OPENID_NS, "session_type", "DH-SHA1")
self.consumer.return_messages = [msg, Message(self.endpoint.preferredNamespace())]
self.failUnlessEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches("Unsupported association type", "Server %s refused" % (self.endpoint.server_url))
def testNotAllowed(self):
"""
Test the case where an unsupported-type response specifies a
preferred (assoc_type, session_type) combination that is not
allowed by the consumer's SessionNegotiator.
"""
allowed_types = []
negotiator = association.SessionNegotiator(allowed_types)
self.consumer.negotiator = negotiator
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'not-allowed')
msg.setArg(OPENID_NS, 'session_type', 'not-allowed')
self.consumer.return_messages = [msg]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
unsupported_msg = StringComparison('Server sent unsupported session/association type: .*')
logbook.check(('openid.consumer.consumer', 'WARNING', StringComparison('Unsupported association type .*')),
('openid.consumer.consumer', 'WARNING', unsupported_msg))
def testUnsupportedWithRetry(self):
"""
Test the case where an unsupported-type response triggers a
retry to get an association with the new preferred type.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
msg.setArg(OPENID_NS, "assoc_type", "HMAC-SHA1")
msg.setArg(OPENID_NS, "session_type", "DH-SHA1")
assoc = association.Association("handle", "secret", "issued", 10000, "HMAC-SHA1")
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is assoc)
self.failUnlessLogMatches("Unsupported association type")
def testEmptySessionType(self):
"""
Test the case where the session type (session_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
no_fallback_msg = 'Server responded with unsupported association session but did not supply a fallback.'
logbook.check(('openid.consumer.consumer', 'WARNING', StringComparison('Unsupported association type .*')),
('openid.consumer.consumer', 'WARNING', no_fallback_msg))
def testUnsupportedWithRetry(self):
"""
Test the case where an unsupported-type response triggers a
retry to get an association with the new preferred type.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association('handle', b'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
with LogCapture() as logbook:
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), assoc)
logbook.check(('openid.consumer.consumer', 'WARNING', StringComparison('Unsupported association type .*')))
def testEmptyAssocType(self):
"""
Test the case where the association type (assoc_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.ns())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
# not set: msg.delArg(OPENID_NS, 'assoc_type')
msg.setArg(OPENID_NS, 'session_type', 'new-session-type')
_requestAssociation.return_values = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server responded with unsupported association ' +
'session but did not supply a fallback.')
def testEmptySessionType(self):
"""
Test the case where the session type (session_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'new-assoc-type')
# not set: msg.setArg(OPENID_NS, 'session_type', None)
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server responded with unsupported association ' +
'session but did not supply a fallback.')
def testEmptyAssocType(self):
"""
Test the case where the association type (assoc_type) returned
in an unsupported-type response is absent.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, "error", "Unsupported type")
msg.setArg(OPENID_NS, "error_code", "unsupported-type")
# not set: msg.delArg(OPENID_NS, 'assoc_type')
msg.setArg(OPENID_NS, "session_type", "new-session-type")
self.consumer.return_messages = [msg]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches(
"Unsupported association type",
"Server responded with unsupported association " + "session but did not supply a fallback.",
)
def testUnsupportedWithRetry(self):
"""
Test the case where an unsupported-type response triggers a
retry to get an association with the new preferred type.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is assoc)
self.failUnlessLogMatches('Unsupported association type')
def testUnsupportedWithRetry(self):
"""
Test the case where an unsupported-type response triggers a
retry to get an association with the new preferred type.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
assoc = association.Association(
'handle', 'secret', 'issued', 10000, 'HMAC-SHA1')
self.consumer.return_messages = [msg, assoc]
self.failUnless(self.consumer._negotiateAssociation(self.endpoint) is assoc)
self.failUnlessLogMatches('Unsupported association type')
def testUnsupportedWithRetryAndFail(self):
"""
Test the case where an unsupported-typ response triggers a
retry, but the retry fails and None is returned instead.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
self.consumer.return_messages = [msg,
Message(self.endpoint.preferredNamespace())]
self.failUnlessEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server %s refused' % (self.endpoint.server_url))
def testUnsupportedWithRetryAndFail(self):
"""
Test the case where an unsupported-typ response triggers a
retry, but the retry fails and None is returned instead.
"""
msg = Message(self.endpoint.ns())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
_requestAssociation.return_values = [msg,
Message(self.endpoint.ns())]
self.assertEqual(self.consumer._negotiateAssociation(self.endpoint), None)
self.failUnlessLogMatches('Unsupported association type',
'Server %s refused' % (self.endpoint.server_url))
def testUnsupportedWithRetryAndFail(self):
"""
Test the case where an unsupported-typ response triggers a
retry, but the retry fails and None is returned instead.
"""
msg = Message(self.endpoint.preferredNamespace())
msg.setArg(OPENID_NS, 'error', 'Unsupported type')
msg.setArg(OPENID_NS, 'error_code', 'unsupported-type')
msg.setArg(OPENID_NS, 'assoc_type', 'HMAC-SHA1')
msg.setArg(OPENID_NS, 'session_type', 'DH-SHA1')
self.consumer.return_messages = [msg,
Message(self.endpoint.preferredNamespace())]
with LogCapture() as logbook:
self.assertIsNone(self.consumer._negotiateAssociation(self.endpoint))
refused_msg = StringComparison('Server %s refused its .*' % self.endpoint.server_url)
logbook.check(('openid.consumer.consumer', 'WARNING', StringComparison('Unsupported association type .*')),
('openid.consumer.consumer', 'ERROR', refused_msg))
def test_extract_user_details_ax(self):
endpoint = OpenIDServiceEndpoint()
message = Message(OPENID2_NS)
attributes = [
("nickname", "http://axschema.org/namePerson/friendly", "someuser"),
("fullname", "http://axschema.org/namePerson", "Some User"),
("email", "http://axschema.org/contact/email", "*****@*****.**"),
]
message.setArg(AX_NS, "mode", "fetch_response")
for (alias, uri, value) in attributes:
message.setArg(AX_NS, "type.%s" % alias, uri)
message.setArg(AX_NS, "value.%s" % alias, value)
response = SuccessResponse(
endpoint, message, signed_fields=message.toPostArgs().keys())
data = self.backend._extract_user_details(response)
self.assertEqual(data, {"nickname": "someuser",
"first_name": "Some",
"last_name": "User",
"email": "*****@*****.**"})
class EmptyMessageTest(unittest.TestCase):
def setUp(self):
self.msg = Message()
def test_toPostArgs(self):
self.assertEqual(self.msg.toPostArgs(), {})
def test_toArgs(self):
self.assertEqual(self.msg.toArgs(), {})
def test_toKVForm(self):
self.assertEqual(self.msg.toKVForm(), '')
def test_toURLEncoded(self):
self.assertEqual(self.msg.toURLEncoded(), '')
def test_toURL(self):
base_url = 'http://base.url/'
self.assertEqual(self.msg.toURL(base_url), base_url)
def test_getOpenID(self):
self.assertIsNone(self.msg.getOpenIDNamespace())
def test_getKeyOpenID(self):
# Could reasonably return None instead of raising an
# exception. I'm not sure which one is more right, since this
# case should only happen when you're building a message from
# scratch and so have no default namespace.
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.getKey, OPENID_NS, 'foo')
def test_getKeyBARE(self):
self.assertEqual(self.msg.getKey(BARE_NS, 'foo'), 'foo')
def test_getKeyNS1(self):
self.assertIsNone(self.msg.getKey(OPENID1_NS, 'foo'))
def test_getKeyNS2(self):
self.assertIsNone(self.msg.getKey(OPENID2_NS, 'foo'))
def test_getKeyNS3(self):
self.assertIsNone(self.msg.getKey('urn:nothing-significant', 'foo'))
def test_hasKey(self):
# Could reasonably return False instead of raising an
# exception. I'm not sure which one is more right, since this
# case should only happen when you're building a message from
# scratch and so have no default namespace.
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.hasKey, OPENID_NS, 'foo')
def test_hasKeyBARE(self):
self.assertFalse(self.msg.hasKey(BARE_NS, 'foo'))
def test_hasKeyNS1(self):
self.assertFalse(self.msg.hasKey(OPENID1_NS, 'foo'))
def test_hasKeyNS2(self):
self.assertFalse(self.msg.hasKey(OPENID2_NS, 'foo'))
def test_hasKeyNS3(self):
self.assertFalse(self.msg.hasKey('urn:nothing-significant', 'foo'))
def test_getAliasedArgSuccess(self):
msg = Message.fromPostArgs({'openid.ns.test': 'urn://foo', 'openid.test.flub': 'bogus'})
actual_uri = msg.getAliasedArg('ns.test', no_default)
self.assertEqual("urn://foo", actual_uri)
def test_getAliasedArgFailure(self):
msg = Message.fromPostArgs({'openid.test.flub': 'bogus'})
self.assertRaises(KeyError, msg.getAliasedArg, 'ns.test', no_default)
def test_getArg(self):
# Could reasonably return None instead of raising an
# exception. I'm not sure which one is more right, since this
# case should only happen when you're building a message from
# scratch and so have no default namespace.
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.getArg, OPENID_NS, 'foo')
test_getArgBARE = mkGetArgTest(BARE_NS, 'foo')
test_getArgNS1 = mkGetArgTest(OPENID1_NS, 'foo')
test_getArgNS2 = mkGetArgTest(OPENID2_NS, 'foo')
test_getArgNS3 = mkGetArgTest('urn:nothing-significant', 'foo')
def test_getArgs(self):
# Could reasonably return {} instead of raising an
# exception. I'm not sure which one is more right, since this
# case should only happen when you're building a message from
# scratch and so have no default namespace.
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.getArgs, OPENID_NS)
def test_getArgsBARE(self):
self.assertEqual(self.msg.getArgs(BARE_NS), {})
def test_getArgsNS1(self):
self.assertEqual(self.msg.getArgs(OPENID1_NS), {})
def test_getArgsNS2(self):
self.assertEqual(self.msg.getArgs(OPENID2_NS), {})
def test_getArgsNS3(self):
self.assertEqual(self.msg.getArgs('urn:nothing-significant'), {})
def test_updateArgs(self):
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.updateArgs, OPENID_NS, {'does not': 'matter'})
def _test_updateArgsNS(self, ns):
update_args = {
'Camper van Beethoven': 'David Lowery',
'Magnolia Electric Co.': 'Jason Molina',
}
self.assertEqual(self.msg.getArgs(ns), {})
self.msg.updateArgs(ns, update_args)
self.assertEqual(self.msg.getArgs(ns), update_args)
def test_updateArgsBARE(self):
self._test_updateArgsNS(BARE_NS)
def test_updateArgsNS1(self):
self._test_updateArgsNS(OPENID1_NS)
def test_updateArgsNS2(self):
self._test_updateArgsNS(OPENID2_NS)
def test_updateArgsNS3(self):
self._test_updateArgsNS('urn:nothing-significant')
def test_setArg(self):
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.setArg, OPENID_NS, 'does not', 'matter')
def _test_setArgNS(self, ns):
key = 'Camper van Beethoven'
value = 'David Lowery'
self.assertIsNone(self.msg.getArg(ns, key))
self.msg.setArg(ns, key, value)
self.assertEqual(self.msg.getArg(ns, key), value)
def test_setArgBARE(self):
self._test_setArgNS(BARE_NS)
def test_setArgNS1(self):
self._test_setArgNS(OPENID1_NS)
def test_setArgNS2(self):
self._test_setArgNS(OPENID2_NS)
def test_setArgNS3(self):
self._test_setArgNS('urn:nothing-significant')
def test_setArgToNone(self):
self.assertRaises(AssertionError, self.msg.setArg, OPENID1_NS, 'op_endpoint', None)
def test_delArg(self):
# Could reasonably raise KeyError instead of raising
# UndefinedOpenIDNamespace. I'm not sure which one is more
# right, since this case should only happen when you're
# building a message from scratch and so have no default
# namespace.
warning_msg = "UndefinedOpenIDNamespace exception is deprecated."
with ShouldWarn(DeprecationWarning(warning_msg)):
warnings.simplefilter('always')
self.assertRaises(UndefinedOpenIDNamespace, self.msg.delArg, OPENID_NS, 'key')
def _test_delArgNS(self, ns):
key = 'Camper van Beethoven'
self.assertRaises(KeyError, self.msg.delArg, ns, key)
def test_delArgBARE(self):
self._test_delArgNS(BARE_NS)
def test_delArgNS1(self):
self._test_delArgNS(OPENID1_NS)
def test_delArgNS2(self):
self._test_delArgNS(OPENID2_NS)
def test_delArgNS3(self):
self._test_delArgNS('urn:nothing-significant')
def test_isOpenID1(self):
self.assertFalse(self.msg.isOpenID1())
def test_isOpenID2(self):
self.assertFalse(self.msg.isOpenID2())
