/** * Sample key: * abcdef1234566890 * Sample timestamp: * 1332470760 * Encoded key: * cc80462bfc0da7e614237d7cab4b7971b0e71e9f|1332470760 */ function test_sso_key_encoding() { $key = "abcdef1234566890"; iclicker_service::setSharedKey($key); // test expired timestamp $encodedKey = "cc80462bfc0da7e614237d7cab4b7971b0e71e9f|1332470760"; try { iclicker_service::verifyKey($encodedKey); $this->fail("should have died"); } catch (ClickerSecurityException $e) { $this->assertNotNull($e->getMessage()); } // test invalid format try { iclicker_service::verifyKey("xxxxxxxxxxxxx"); $this->fail("should have died"); } catch (InvalidArgumentException $e) { $this->assertNotNull($e->getMessage()); } try { iclicker_service::verifyKey("xxxxxxxxxxxxx|"); $this->fail("should have died"); } catch (InvalidArgumentException $e) { $this->assertNotNull($e->getMessage()); } try { iclicker_service::verifyKey("xxxxxxxx|12344ffff"); $this->fail("should have died"); } catch (InvalidArgumentException $e) { $this->assertNotNull($e->getMessage()); } // test valid encoded key $timestamp = time(); $encodedKey = sha1($key . ":" . $timestamp) . '|' . $timestamp; $result = iclicker_service::verifyKey($encodedKey); $this->assertTrue($result); echo "<div><b>SSO key:</b> key={$key}, ts={$timestamp} <br/> encoded=<input type='text' size='" . (strlen($encodedKey) + 2) . "' value='{$encodedKey}'/></div>" . PHP_EOL; }
$valid = false; $output = "Only POST and GET methods are supported"; $status = 405; // method not allowed } if ($valid) { // check against the ones we know and process $parts = explode('/', $cntlr->path); $pathSeg0 = count($parts) > 0 ? $parts[0] : NULL; $pathSeg1 = count($parts) > 1 ? $parts[1] : NULL; $pathSeg2 = count($parts) > 2 ? $parts[2] : null; try { if ($pathSeg0 == 'verifykey') { // SPECIAL case handling (no authn handling) $ssoKey = optional_param(iclicker_controller::SSO_KEY, NULL, PARAM_NOTAGS); if (iclicker_service::verifyKey($ssoKey)) { $cntlr->setStatus(200); $output = "Verified"; } else { $cntlr->setStatus(501); $output = "Disabled"; } $cntlr->setContentType("text/plain"); $cntlr->sendResponse($output); return; /* } else if ('verify_go_ws' == $pathSeg0) { // test the go webservices $clicker_id = $pathSeg1; $last_name = $pathSeg2; $output = iclicker_service::ws_go_verify_clickerid($clicker_id, $last_name);