/** * @access private */ function _checkReturnTo($message, $return_to) { // Check an OpenID message and its openid.return_to value // against a return_to URL from an application. Return True // on success, False on failure. // Check the openid.return_to args against args in the // original message. $result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs($message->toPostArgs()); if (Auth_OpenID::isFailure($result)) { return false; } // Check the return_to base URL against the one in the // message. $msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); if (Auth_OpenID::isFailure($return_to)) { // XXX log me return false; } $return_to_parts = parse_url(Auth_OpenID_urinorm($return_to)); $msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to)); // If port is absent from both, add it so it's equal in the // check below. if (!array_key_exists('port', $return_to_parts) && !array_key_exists('port', $msg_return_to_parts)) { $return_to_parts['port'] = null; $msg_return_to_parts['port'] = null; } // If path is absent from both, add it so it's equal in the // check below. if (!array_key_exists('path', $return_to_parts) && !array_key_exists('path', $msg_return_to_parts)) { $return_to_parts['path'] = null; $msg_return_to_parts['path'] = null; } // The URL scheme, authority, and path MUST be the same // between the two URLs. foreach (array('scheme', 'host', 'port', 'path') as $component) { // If the url component is absent in either URL, fail. // There should always be a scheme, host, port, and path. if (!array_key_exists($component, $return_to_parts)) { return false; } if (!array_key_exists($component, $msg_return_to_parts)) { return false; } if (Auth_OpenID::arrayGet($return_to_parts, $component) !== Auth_OpenID::arrayGet($msg_return_to_parts, $component)) { return false; } } return true; }
function test_500() { // 500 as an example of any non-200, non-400 code. $response = new Auth_Yadis_HTTPResponse(); $response->status = 500; $response->body = "foo:bar\nbaz:quux\n"; $result = Auth_OpenID_GenericConsumer::_httpResponseToMessage($response, $this->server_url); $this->assertTrue($result === null); }