def runTest(self): tr = TrustRoot.parse(self.case) if self.sanity == 'sane': assert tr.isSane(), self.case elif self.sanity == 'insane': assert not tr.isSane(), self.case else: assert tr is None, tr
def runTest(self): tr = TrustRoot.parse(self.tr) self.failIf(tr is None, self.tr) match = tr.validateURL(self.rt) if self.match: assert match else: assert not match
class FetchRequest(AXMessage): """An attribute exchange 'fetch_request' message. This message is sent by a relying party when it wishes to obtain attributes about the subject of an OpenID authentication request. @ivar requested_attributes: The attributes that have been requested thus far, indexed by the type URI. @type requested_attributes: {str:AttrInfo} @ivar update_url: A URL that will accept responses for this attribute exchange request, even in the absence of the user who made this request. """ mode = 'fetch_request' def __init__(self, update_url=None): AXMessage.__init__(self) self.requested_attributes = {} self.update_url = update_url def add(self, attribute): """Add an attribute to this attribute exchange request. @param attribute: The attribute that is being requested @type attribute: C{L{AttrInfo}} @returns: None @raise KeyError: when the requested attribute is already present in this fetch request. """ if attribute.type_uri in self.requested_attributes: raise KeyError('The attribute %r has already been requested' % (attribute.type_uri, )) self.requested_attributes[attribute.type_uri] = attribute def getExtensionArgs(self): """Get the serialized form of this attribute fetch request. @returns: The fetch request message parameters @rtype: {unicode:unicode} """ aliases = NamespaceMap() required = [] if_available = [] ax_args = self._newArgs() for type_uri, attribute in self.requested_attributes.iteritems(): if attribute.alias is None: alias = aliases.add(type_uri) else: # This will raise an exception when the second # attribute with the same alias is added. I think it # would be better to complain at the time that the # attribute is added to this object so that the code # that is adding it is identified in the stack trace, # but it's more work to do so, and it won't be 100% # accurate anyway, since the attributes are # mutable. So for now, just live with the fact that # we'll learn about the error later. # # The other possible approach is to hide the error and # generate a new alias on the fly. I think that would # probably be bad. alias = aliases.addAlias(type_uri, attribute.alias) if attribute.required: required.append(alias) else: if_available.append(alias) if attribute.count != 1: ax_args['count.' + alias] = str(attribute.count) ax_args['type.' + alias] = type_uri if required: ax_args['required'] = ','.join(required) if if_available: ax_args['if_available'] = ','.join(if_available) return ax_args def getRequiredAttrs(self): """Get the type URIs for all attributes that have been marked as required. @returns: A list of the type URIs for attributes that have been marked as required. @rtype: [str] """ required = [] for type_uri, attribute in self.requested_attributes.iteritems(): if attribute.required: required.append(type_uri) return required def fromOpenIDRequest(cls, openid_request): """Extract a FetchRequest from an OpenID message @param openid_request: The OpenID authentication request containing the attribute fetch request @type openid_request: C{L{openid.server.server.CheckIDRequest}} @rtype: C{L{FetchRequest}} or C{None} @returns: The FetchRequest extracted from the message or None, if the message contained no AX extension. @raises KeyError: if the AuthRequest is not consistent in its use of namespace aliases. @raises AXError: When parseExtensionArgs would raise same. @see: L{parseExtensionArgs} """ message = openid_request.message ax_args = message.getArgs(cls.ns_uri) self = cls() try: self.parseExtensionArgs(ax_args) except NotAXMessage, err: return None if self.update_url: # Update URL must match the openid.realm of the underlying # OpenID 2 message. realm = message.getArg(OPENID_NS, 'realm', message.getArg(OPENID_NS, 'return_to')) if not realm: raise AXError( ("Cannot validate update_url %r " + "against absent realm") % (self.update_url, )) tr = TrustRoot.parse(realm) if not tr.validateURL(self.update_url): raise AXError( "Update URL %r failed validation against realm %r" % ( self.update_url, realm, )) return self