/vendor/gems/ruby-openid-2.1.2/test/test_associationmanager.rb
Ruby | 917 lines | 689 code | 143 blank | 85 comment | 6 complexity | f7c350ec891d7270b81c8018379b2830 MD5 | raw file
Possible License(s): Apache-2.0
- require "openid/consumer/associationmanager"
- require "openid/association"
- require "openid/dh"
- require "openid/util"
- require "openid/cryptutil"
- require "openid/message"
- require "openid/store/memory"
- require "test/unit"
- require "util"
- require "time"
- module OpenID
- class DHAssocSessionTest < Test::Unit::TestCase
- def test_sha1_get_request
- # Initialized without an explicit DH gets defaults
- sess = Consumer::DiffieHellmanSHA1Session.new
- assert_equal(['dh_consumer_public'], sess.get_request.keys)
- assert_nothing_raised do
- Util::from_base64(sess.get_request['dh_consumer_public'])
- end
- end
- def test_sha1_get_request_custom_dh
- dh = DiffieHellman.new(1299721, 2)
- sess = Consumer::DiffieHellmanSHA1Session.new(dh)
- req = sess.get_request
- assert_equal(['dh_consumer_public', 'dh_modulus', 'dh_gen'].sort,
- req.keys.sort)
- assert_equal(dh.modulus, CryptUtil.base64_to_num(req['dh_modulus']))
- assert_equal(dh.generator, CryptUtil.base64_to_num(req['dh_gen']))
- assert_nothing_raised do
- Util::from_base64(req['dh_consumer_public'])
- end
- end
- end
- module TestDiffieHellmanResponseParametersMixin
- def setup
- session_cls = self.class.session_cls
- # Pre-compute DH with small prime so tests run quickly.
- @server_dh = DiffieHellman.new(100389557, 2)
- @consumer_dh = DiffieHellman.new(100389557, 2)
- # base64(btwoc(g ^ xb mod p))
- @dh_server_public = CryptUtil.num_to_base64(@server_dh.public)
- @secret = CryptUtil.random_string(session_cls.secret_size)
- enc_mac_key_unencoded =
- @server_dh.xor_secret(session_cls.hashfunc,
- @consumer_dh.public,
- @secret)
- @enc_mac_key = Util.to_base64(enc_mac_key_unencoded)
- @consumer_session = session_cls.new(@consumer_dh)
- @msg = Message.new(self.class.message_namespace)
- end
- def test_extract_secret
- @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
- @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
- extracted = @consumer_session.extract_secret(@msg)
- assert_equal(extracted, @secret)
- end
- def test_absent_serve_public
- @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
- assert_raises(Message::KeyNotFound) {
- @consumer_session.extract_secret(@msg)
- }
- end
- def test_absent_mac_key
- @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
- assert_raises(Message::KeyNotFound) {
- @consumer_session.extract_secret(@msg)
- }
- end
- def test_invalid_base64_public
- @msg.set_arg(OPENID_NS, 'dh_server_public', 'n o t b a s e 6 4.')
- @msg.set_arg(OPENID_NS, 'enc_mac_key', @enc_mac_key)
- assert_raises(ArgumentError) {
- @consumer_session.extract_secret(@msg)
- }
- end
- def test_invalid_base64_mac_key
- @msg.set_arg(OPENID_NS, 'dh_server_public', @dh_server_public)
- @msg.set_arg(OPENID_NS, 'enc_mac_key', 'n o t base 64')
- assert_raises(ArgumentError) {
- @consumer_session.extract_secret(@msg)
- }
- end
- end
- class TestConsumerOpenID1DHSHA1 < Test::Unit::TestCase
- include TestDiffieHellmanResponseParametersMixin
- class << self
- attr_reader :session_cls, :message_namespace
- end
- @session_cls = Consumer::DiffieHellmanSHA1Session
- @message_namespace = OPENID1_NS
- end
- class TestConsumerOpenID2DHSHA1 < Test::Unit::TestCase
- include TestDiffieHellmanResponseParametersMixin
- class << self
- attr_reader :session_cls, :message_namespace
- end
- @session_cls = Consumer::DiffieHellmanSHA1Session
- @message_namespace = OPENID2_NS
- end
- class TestConsumerOpenID2DHSHA256 < Test::Unit::TestCase
- include TestDiffieHellmanResponseParametersMixin
- class << self
- attr_reader :session_cls, :message_namespace
- end
- @session_cls = Consumer::DiffieHellmanSHA256Session
- @message_namespace = OPENID2_NS
- end
- class TestConsumerNoEncryptionSession < Test::Unit::TestCase
- def setup
- @sess = Consumer::NoEncryptionSession.new
- end
- def test_empty_request
- assert_equal(@sess.get_request, {})
- end
- def test_get_secret
- secret = 'shhh!' * 4
- mac_key = Util.to_base64(secret)
- msg = Message.from_openid_args({'mac_key' => mac_key})
- assert_equal(secret, @sess.extract_secret(msg))
- end
- end
- class TestCreateAssociationRequest < Test::Unit::TestCase
- def setup
- @server_url = 'http://invalid/'
- @assoc_manager = Consumer::AssociationManager.new(nil, @server_url)
- class << @assoc_manager
- def compatibility_mode=(val)
- @compatibility_mode = val
- end
- end
- @assoc_type = 'HMAC-SHA1'
- end
- def test_no_encryption_sends_type
- session_type = 'no-encryption'
- session, args = @assoc_manager.send(:create_associate_request,
- @assoc_type,
- session_type)
- assert(session.is_a?(Consumer::NoEncryptionSession))
- expected = Message.from_openid_args(
- {'ns' => OPENID2_NS,
- 'session_type' => session_type,
- 'mode' => 'associate',
- 'assoc_type' => @assoc_type,
- })
- assert_equal(expected, args)
- end
- def test_no_encryption_compatibility
- @assoc_manager.compatibility_mode = true
- session_type = 'no-encryption'
- session, args = @assoc_manager.send(:create_associate_request,
- @assoc_type,
- session_type)
- assert(session.is_a?(Consumer::NoEncryptionSession))
- assert_equal(Message.from_openid_args({'mode' => 'associate',
- 'assoc_type' => @assoc_type,
- }), args)
- end
- def test_dh_sha1_compatibility
- @assoc_manager.compatibility_mode = true
- session_type = 'DH-SHA1'
- session, args = @assoc_manager.send(:create_associate_request,
- @assoc_type,
- session_type)
- assert(session.is_a?(Consumer::DiffieHellmanSHA1Session))
- # This is a random base-64 value, so just check that it's
- # present.
- assert_not_nil(args.get_arg(OPENID1_NS, 'dh_consumer_public'))
- args.del_arg(OPENID1_NS, 'dh_consumer_public')
- # OK, session_type is set here and not for no-encryption
- # compatibility
- expected = Message.from_openid_args({'mode' => 'associate',
- 'session_type' => 'DH-SHA1',
- 'assoc_type' => @assoc_type,
- })
- assert_equal(expected, args)
- end
- end
- class TestAssociationManagerExpiresIn < Test::Unit::TestCase
- def expires_in_msg(val)
- msg = Message.from_openid_args({'expires_in' => val})
- Consumer::AssociationManager.extract_expires_in(msg)
- end
- def test_parse_fail
- ['',
- '-2',
- ' 1',
- ' ',
- '0x00',
- 'foosball',
- '1\n',
- '100,000,000,000',
- ].each do |x|
- assert_raises(ProtocolError) {expires_in_msg(x)}
- end
- end
- def test_parse
- ['0',
- '1',
- '1000',
- '9999999',
- '01',
- ].each do |n|
- assert_equal(n.to_i, expires_in_msg(n))
- end
- end
- end
- class TestAssociationManagerCreateSession < Test::Unit::TestCase
- def test_invalid
- assert_raises(ArgumentError) {
- Consumer::AssociationManager.create_session('monkeys')
- }
- end
- def test_sha256
- sess = Consumer::AssociationManager.create_session('DH-SHA256')
- assert(sess.is_a?(Consumer::DiffieHellmanSHA256Session))
- end
- end
- module NegotiationTestMixin
- include TestUtil
- def mk_message(args)
- args['ns'] = @openid_ns
- Message.from_openid_args(args)
- end
- def call_negotiate(responses, negotiator=nil)
- store = nil
- compat = self.class::Compat
- assoc_manager = Consumer::AssociationManager.new(store, @server_url,
- compat, negotiator)
- class << assoc_manager
- attr_accessor :responses
- def request_association(assoc_type, session_type)
- m = @responses.shift
- if m.is_a?(Message)
- raise ServerError.from_message(m)
- else
- return m
- end
- end
- end
- assoc_manager.responses = responses
- assoc_manager.negotiate_association
- end
- end
- # Test the session type negotiation behavior of an OpenID 2
- # consumer.
- class TestOpenID2SessionNegotiation < Test::Unit::TestCase
- include NegotiationTestMixin
- Compat = false
- def setup
- @server_url = 'http://invalid/'
- @openid_ns = OPENID2_NS
- end
- # Test the case where the response to an associate request is a
- # server error or is otherwise undecipherable.
- def test_bad_response
- assert_log_matches('Server error when requesting an association') {
- assert_equal(call_negotiate([mk_message({})]), nil)
- }
- end
- # Test the case where the association type (assoc_type) returned
- # in an unsupported-type response is absent.
- def test_empty_assoc_type
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'session_type' => 'new-session-type',
- })
- assert_log_matches('Unsupported association type',
- "Server #{@server_url} responded with unsupported "\
- "association session but did not supply a fallback."
- ) {
- assert_equal(call_negotiate([msg]), nil)
- }
- end
- # Test the case where the session type (session_type) returned
- # in an unsupported-type response is absent.
- def test_empty_session_type
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'new-assoc-type',
- })
- assert_log_matches('Unsupported association type',
- "Server #{@server_url} responded with unsupported "\
- "association session but did not supply a fallback."
- ) {
- assert_equal(call_negotiate([msg]), nil)
- }
- end
- # Test the case where an unsupported-type response specifies a
- # preferred (assoc_type, session_type) combination that is not
- # allowed by the consumer's SessionNegotiator.
- def test_not_allowed
- negotiator = AssociationNegotiator.new([])
- negotiator.instance_eval{
- @allowed_types = [['assoc_bogus', 'session_bogus']]
- }
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'not-allowed',
- 'session_type' => 'not-allowed',
- })
- assert_log_matches('Unsupported association type',
- 'Server sent unsupported session/association type:') {
- assert_equal(call_negotiate([msg], negotiator), nil)
- }
- end
- # Test the case where an unsupported-type response triggers a
- # retry to get an association with the new preferred type.
- def test_unsupported_with_retry
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'HMAC-SHA1',
- 'session_type' => 'DH-SHA1',
- })
- assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
- assert_log_matches('Unsupported association type') {
- assert_equal(assoc, call_negotiate([msg, assoc]))
- }
- end
- # Test the case where an unsupported-typ response triggers a
- # retry, but the retry fails and nil is returned instead.
- def test_unsupported_with_retry_and_fail
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'HMAC-SHA1',
- 'session_type' => 'DH-SHA1',
- })
- assert_log_matches('Unsupported association type',
- "Server #{@server_url} refused") {
- assert_equal(call_negotiate([msg, msg]), nil)
- }
- end
- # Test the valid case, wherein an association is returned on the
- # first attempt to get one.
- def test_valid
- assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
- assert_log_matches() {
- assert_equal(call_negotiate([assoc]), assoc)
- }
- end
- end
- # Tests for the OpenID 1 consumer association session behavior. See
- # the docs for TestOpenID2SessionNegotiation. Notice that this
- # class is not a subclass of the OpenID 2 tests. Instead, it uses
- # many of the same inputs but inspects the log messages logged with
- # oidutil.log. See the calls to self.failUnlessLogMatches. Some of
- # these tests pass openid2-style messages to the openid 1
- # association processing logic to be sure it ignores the extra data.
- class TestOpenID1SessionNegotiation < Test::Unit::TestCase
- include NegotiationTestMixin
- Compat = true
- def setup
- @server_url = 'http://invalid/'
- @openid_ns = OPENID1_NS
- end
- def test_bad_response
- assert_log_matches('Server error when requesting an association') {
- response = call_negotiate([mk_message({})])
- assert_equal(nil, response)
- }
- end
- def test_empty_assoc_type
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'session_type' => 'new-session-type',
- })
- assert_log_matches('Server error when requesting an association') {
- response = call_negotiate([msg])
- assert_equal(nil, response)
- }
- end
- def test_empty_session_type
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'new-assoc-type',
- })
- assert_log_matches('Server error when requesting an association') {
- response = call_negotiate([msg])
- assert_equal(nil, response)
- }
- end
- def test_not_allowed
- negotiator = AssociationNegotiator.new([])
- negotiator.instance_eval{
- @allowed_types = [['assoc_bogus', 'session_bogus']]
- }
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'not-allowed',
- 'session_type' => 'not-allowed',
- })
- assert_log_matches('Server error when requesting an association') {
- response = call_negotiate([msg])
- assert_equal(nil, response)
- }
- end
- def test_unsupported_with_retry
- msg = mk_message({'error' => 'Unsupported type',
- 'error_code' => 'unsupported-type',
- 'assoc_type' => 'HMAC-SHA1',
- 'session_type' => 'DH-SHA1',
- })
- assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
- assert_log_matches('Server error when requesting an association') {
- response = call_negotiate([msg, assoc])
- assert_equal(nil, response)
- }
- end
- def test_valid
- assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
- assert_log_matches() {
- response = call_negotiate([assoc])
- assert_equal(assoc, response)
- }
- end
- end
- class TestExtractAssociation < Test::Unit::TestCase
- include ProtocolErrorMixin
- # An OpenID associate response (without the namespace)
- DEFAULTS = {
- 'expires_in' => '1000',
- 'assoc_handle' => 'a handle',
- 'assoc_type' => 'a type',
- 'session_type' => 'a session type',
- }
- def setup
- @assoc_manager = Consumer::AssociationManager.new(nil, nil)
- end
- # Make tests that ensure that an association response that is
- # missing required fields will raise an Message::KeyNotFound.
- #
- # According to 'Association Session Response' subsection 'Common
- # Response Parameters', the following fields are required for
- # OpenID 2.0:
- #
- # * ns
- # * session_type
- # * assoc_handle
- # * assoc_type
- # * expires_in
- #
- # In OpenID 1, everything except 'session_type' and 'ns' are
- # required.
- MISSING_FIELD_SETS = ([["no_fields", []]] +
- (DEFAULTS.keys.map do |f|
- fields = DEFAULTS.keys
- fields.delete(f)
- ["missing_#{f}", fields]
- end)
- )
- [OPENID1_NS, OPENID2_NS].each do |ns|
- MISSING_FIELD_SETS.each do |name, fields|
- # OpenID 1 is allowed to be missing session_type
- if ns != OPENID1_NS and name != 'missing_session_type'
- test = lambda do
- msg = Message.new(ns)
- fields.each do |field|
- msg.set_arg(ns, field, DEFAULTS[field])
- end
- assert_raises(Message::KeyNotFound) do
- @assoc_manager.send(:extract_association, msg, nil)
- end
- end
- define_method("test_#{name}", test)
- end
- end
- end
- # assert that extracting a response that contains the given
- # response session type when the request was made for the given
- # request session type will raise a ProtocolError indicating
- # session type mismatch
- def assert_session_mismatch(req_type, resp_type, ns)
- # Create an association session that has "req_type" as its
- # session_type and no allowed_assoc_types
- assoc_session_class = Class.new do
- @session_type = req_type
- def self.session_type
- @session_type
- end
- def self.allowed_assoc_types
- []
- end
- end
- assoc_session = assoc_session_class.new
- # Build an OpenID 1 or 2 association response message that has
- # the specified association session type
- msg = Message.new(ns)
- msg.update_args(ns, DEFAULTS)
- msg.set_arg(ns, 'session_type', resp_type)
- # The request type and response type have been chosen to produce
- # a session type mismatch.
- assert_protocol_error('Session type mismatch') {
- @assoc_manager.send(:extract_association, msg, assoc_session)
- }
- end
- [['no-encryption', '', OPENID2_NS],
- ['DH-SHA1', 'no-encryption', OPENID2_NS],
- ['DH-SHA256', 'no-encryption', OPENID2_NS],
- ['no-encryption', 'DH-SHA1', OPENID2_NS],
- ['DH-SHA1', 'DH-SHA256', OPENID1_NS],
- ['DH-SHA256', 'DH-SHA1', OPENID1_NS],
- ['no-encryption', 'DH-SHA1', OPENID1_NS],
- ].each do |req_type, resp_type, ns|
- test = lambda { assert_session_mismatch(req_type, resp_type, ns) }
- name = "test_mismatch_req_#{req_type}_resp_#{resp_type}_#{ns}"
- define_method(name, test)
- end
- def test_openid1_no_encryption_fallback
- # A DH-SHA1 session
- assoc_session = Consumer::DiffieHellmanSHA1Session.new
- # An OpenID 1 no-encryption association response
- msg = Message.from_openid_args({
- 'expires_in' => '1000',
- 'assoc_handle' => 'a handle',
- 'assoc_type' => 'HMAC-SHA1',
- 'mac_key' => 'X' * 20,
- })
- # Should succeed
- assoc = @assoc_manager.send(:extract_association, msg, assoc_session)
- assert_equal('a handle', assoc.handle)
- assert_equal('HMAC-SHA1', assoc.assoc_type)
- assert(assoc.expires_in.between?(999, 1000))
- assert('X' * 20, assoc.secret)
- end
- end
- class GetOpenIDSessionTypeTest < Test::Unit::TestCase
- include TestUtil
- SERVER_URL = 'http://invalid/'
- def do_test(expected_session_type, session_type_value)
- # Create a Message with just 'session_type' in it, since
- # that's all this function will use. 'session_type' may be
- # absent if it's set to None.
- args = {}
- if !session_type_value.nil?
- args['session_type'] = session_type_value
- end
- message = Message.from_openid_args(args)
- assert(message.is_openid1)
- assoc_manager = Consumer::AssociationManager.new(nil, SERVER_URL)
- actual_session_type = assoc_manager.send(:get_openid1_session_type,
- message)
- error_message = ("Returned session type parameter #{session_type_value}"\
- "was expected to yield session type "\
- "#{expected_session_type}, but yielded "\
- "#{actual_session_type}")
- assert_equal(expected_session_type, actual_session_type, error_message)
- end
- [['nil', 'no-encryption', nil],
- ['empty', 'no-encryption', ''],
- ['dh_sha1', 'DH-SHA1', 'DH-SHA1'],
- ['dh_sha256', 'DH-SHA256', 'DH-SHA256'],
- ].each {|name, expected, input|
- # Define a test method that will check what session type will be
- # used if the OpenID 1 response to an associate call sets the
- # 'session_type' field to `session_type_value`
- test = lambda {assert_log_matches() { do_test(expected, input) } }
- define_method("test_#{name}", &test)
- }
- # This one's different because it expects log messages
- def test_explicit_no_encryption
- assert_log_matches("WARNING: #{SERVER_URL} sent 'no-encryption'"){
- do_test('no-encryption', 'no-encryption')
- }
- end
- end
- class ExtractAssociationTest < Test::Unit::TestCase
- include ProtocolErrorMixin
- SERVER_URL = 'http://invalid/'
- def setup
- @session_type = 'testing-session'
- # This must something that works for Association::from_expires_in
- @assoc_type = 'HMAC-SHA1'
- @assoc_handle = 'testing-assoc-handle'
- # These arguments should all be valid
- @assoc_response =
- Message.from_openid_args({
- 'expires_in' => '1000',
- 'assoc_handle' => @assoc_handle,
- 'assoc_type' => @assoc_type,
- 'session_type' => @session_type,
- 'ns' => OPENID2_NS,
- })
- assoc_session_cls = Class.new do
- class << self
- attr_accessor :allowed_assoc_types, :session_type
- end
- attr_reader :extract_secret_called, :secret
- def initialize
- @extract_secret_called = false
- @secret = 'shhhhh!'
- end
- def extract_secret(_)
- @extract_secret_called = true
- @secret
- end
- end
- @assoc_session = assoc_session_cls.new
- @assoc_session.class.allowed_assoc_types = [@assoc_type]
- @assoc_session.class.session_type = @session_type
- @assoc_manager = Consumer::AssociationManager.new(nil, SERVER_URL)
- end
- def call_extract
- @assoc_manager.send(:extract_association,
- @assoc_response, @assoc_session)
- end
- # Handle a full successful association response
- def test_works_with_good_fields
- assoc = call_extract
- assert(@assoc_session.extract_secret_called)
- assert_equal(@assoc_session.secret, assoc.secret)
- assert_equal(1000, assoc.lifetime)
- assert_equal(@assoc_handle, assoc.handle)
- assert_equal(@assoc_type, assoc.assoc_type)
- end
- def test_bad_assoc_type
- # Make sure that the assoc type in the response is not valid
- # for the given session.
- @assoc_session.class.allowed_assoc_types = []
- assert_protocol_error('Unsupported assoc_type for sess') {call_extract}
- end
- def test_bad_expires_in
- # Invalid value for expires_in should cause failure
- @assoc_response.set_arg(OPENID_NS, 'expires_in', 'forever')
- assert_protocol_error('Invalid expires_in') {call_extract}
- end
- end
- class TestExtractAssociationDiffieHellman < Test::Unit::TestCase
- include ProtocolErrorMixin
- SECRET = 'x' * 20
- def setup
- @assoc_manager = Consumer::AssociationManager.new(nil, nil)
- end
- def setup_dh
- sess, message = @assoc_manager.send(:create_associate_request,
- 'HMAC-SHA1', 'DH-SHA1')
- server_dh = DiffieHellman.new
- cons_dh = sess.instance_variable_get('@dh')
- enc_mac_key = server_dh.xor_secret(CryptUtil.method(:sha1),
- cons_dh.public, SECRET)
- server_resp = {
- 'dh_server_public' => CryptUtil.num_to_base64(server_dh.public),
- 'enc_mac_key' => Util.to_base64(enc_mac_key),
- 'assoc_type' => 'HMAC-SHA1',
- 'assoc_handle' => 'handle',
- 'expires_in' => '1000',
- 'session_type' => 'DH-SHA1',
- }
- if @assoc_manager.instance_variable_get(:@compatibility_mode)
- server_resp['ns'] = OPENID2_NS
- end
- return [sess, Message.from_openid_args(server_resp)]
- end
- def test_success
- sess, server_resp = setup_dh
- ret = @assoc_manager.send(:extract_association, server_resp, sess)
- assert(!ret.nil?)
- assert_equal(ret.assoc_type, 'HMAC-SHA1')
- assert_equal(ret.secret, SECRET)
- assert_equal(ret.handle, 'handle')
- assert_equal(ret.lifetime, 1000)
- end
- def test_openid2success
- # Use openid 1 type in endpoint so _setUpDH checks
- # compatibility mode state properly
- @assoc_manager.instance_variable_set('@compatibility_mode', true)
- test_success()
- end
- def test_bad_dh_values
- sess, server_resp = setup_dh
- server_resp.set_arg(OPENID_NS, 'enc_mac_key', '\x00\x00\x00')
- assert_protocol_error('Malformed response for') {
- @assoc_manager.send(:extract_association, server_resp, sess)
- }
- end
- end
- class TestAssocManagerGetAssociation < Test::Unit::TestCase
- include FetcherMixin
- include TestUtil
- attr_reader :negotiate_association
- def setup
- @server_url = 'http://invalid/'
- @store = Store::Memory.new
- @assoc_manager = Consumer::AssociationManager.new(@store, @server_url)
- @assoc_manager.extend(Const)
- @assoc = Association.new('handle', 'secret', Time.now, 10000,
- 'HMAC-SHA1')
- end
- def set_negotiate_response(assoc)
- @assoc_manager.const(:negotiate_association, assoc)
- end
- def test_not_in_store_no_response
- set_negotiate_response(nil)
- assert_equal(nil, @assoc_manager.get_association)
- end
- def test_not_in_store_negotiate_assoc
- # Not stored beforehand:
- stored_assoc = @store.get_association(@server_url, @assoc.handle)
- assert_equal(nil, stored_assoc)
- # Returned from associate call:
- set_negotiate_response(@assoc)
- assert_equal(@assoc, @assoc_manager.get_association)
- # It should have been stored:
- stored_assoc = @store.get_association(@server_url, @assoc.handle)
- assert_equal(@assoc, stored_assoc)
- end
- def test_in_store_no_response
- set_negotiate_response(nil)
- @store.store_association(@server_url, @assoc)
- assert_equal(@assoc, @assoc_manager.get_association)
- end
- def test_request_assoc_with_status_error
- fetcher_class = Class.new do
- define_method(:fetch) do |*args|
- MockResponse.new(500, '')
- end
- end
- with_fetcher(fetcher_class.new) do
- assert_log_matches('Got HTTP status error when requesting') {
- result = @assoc_manager.send(:request_association, 'HMAC-SHA1',
- 'no-encryption')
- assert(result.nil?)
- }
- end
- end
- end
- class TestAssocManagerRequestAssociation < Test::Unit::TestCase
- include FetcherMixin
- include TestUtil
- def setup
- @assoc_manager = Consumer::AssociationManager.new(nil, 'http://invalid/')
- @assoc_type = 'HMAC-SHA1'
- @session_type = 'no-encryption'
- @message = Message.new(OPENID2_NS)
- @message.update_args(OPENID_NS, {
- 'assoc_type' => @assoc_type,
- 'session_type' => @session_type,
- 'assoc_handle' => 'kaboodle',
- 'expires_in' => '1000',
- 'mac_key' => 'X' * 20,
- })
- end
- def make_request
- kv = @message.to_kvform
- fetcher_class = Class.new do
- define_method(:fetch) do |*args|
- MockResponse.new(200, kv)
- end
- end
- with_fetcher(fetcher_class.new) do
- @assoc_manager.send(:request_association, @assoc_type, @session_type)
- end
- end
- # The association we get is from valid processing of our result,
- # and that no errors are raised
- def test_success
- assert_equal('kaboodle', make_request.handle)
- end
- # A missing parameter gets translated into a log message and
- # causes the method to return nil
- def test_missing_fields
- @message.del_arg(OPENID_NS, 'assoc_type')
- assert_log_matches('Missing required par') {
- assert_equal(nil, make_request)
- }
- end
- # A bad value results in a log message and causes the method to
- # return nil
- def test_protocol_error
- @message.set_arg(OPENID_NS, 'expires_in', 'goats')
- assert_log_matches('Protocol error processing') {
- assert_equal(nil, make_request)
- }
- end
- end
- end