function test_fromSuccessResponse() { $name = "ziggy"; $value = "stardust"; $uri = "http://david.bowie.name/"; $args = array('mode' => 'id_res', 'ns' => Auth_OpenID_OPENID2_NS, 'ns.ax' => Auth_OpenID_AX_NS_URI, 'ax.mode' => 'fetch_response', 'ax.update_url' => 'http://example.com/realm/update_path', 'ax.type.' . $name => $uri, 'ax.count.' . $name => '1', 'ax.value.' . $name . '.1' => $value); $sf = array(); foreach (array_keys($args) as $k) { array_push($sf, $k); } $msg = Auth_OpenID_Message::fromOpenIDArgs($args); $e = new FauxEndpoint(); $resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf); $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp, false); $this->assertFalse($ax_resp === null); $this->assertTrue(is_a($ax_resp, 'Auth_OpenID_AX_FetchResponse')); $values = $ax_resp->get($uri); $this->assertEquals(array($value), $values); }
function test_overrideRequired() { // Be sure that caller CANNOT change the form charset for // encoding type. $m = Auth_OpenID_Message::fromPostArgs($this->postargs); $tag_attrs = $this->form_tag_attrs; $tag_attrs['accept-charset'] = 'UCS4'; $tag_attrs['enctype'] = 'invalid/x-broken'; $html = $m->toFormMarkup($this->action_url, $tag_attrs, $this->submit_text); $this->_checkForm($html, $m, $this->action_url, $tag_attrs, $this->submit_text); }
/** * Given an HTTP query in an array (key-value pairs), decode it * into an Auth_OpenID_Request object. */ function decode($query) { if (!$query) { return null; } $message = Auth_OpenID_Message::fromPostArgs($query); if ($message === null) { /* * It's useful to have a Message attached to a * ProtocolError, so we override the bad ns value to build * a Message out of it. Kinda kludgy, since it's made of * lies, but the parts that aren't lies are more useful * than a 'None'. */ $old_ns = $query['openid.ns']; $query['openid.ns'] = Auth_OpenID_OPENID2_NS; $message = Auth_OpenID_Message::fromPostArgs($query); return new Auth_OpenID_ServerError( $message, sprintf("Invalid OpenID namespace URI: %s", $old_ns)); } $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); if (!$mode) { return new Auth_OpenID_ServerError($message, "No mode value in message"); } if (Auth_OpenID::isFailure($mode)) { return new Auth_OpenID_ServerError($message, $mode->message); } $handlerCls = Auth_OpenID::arrayGet($this->handlers, $mode, $this->defaultDecoder($message)); if (!is_a($handlerCls, 'Auth_OpenID_ServerError')) { return call_user_func_array(array($handlerCls, 'fromMessage'), array($message, $this->server)); } else { return $handlerCls; } }
function fromKVForm($kvform_string) { // Create a Message from a KVForm string return Auth_OpenID_Message::fromOpenIDArgs(Auth_OpenID_KVForm::toArray($kvform_string)); }
/** * @access private */ function _createAssociateRequest($endpoint, $assoc_type, $session_type) { if (array_key_exists($session_type, $this->session_types)) { $session_type_class = $this->session_types[$session_type]; if (is_callable($session_type_class)) { $assoc_session = $session_type_class(); } else { $assoc_session = new $session_type_class(); } } else { return null; } $args = array('mode' => 'associate', 'assoc_type' => $assoc_type); if (!$endpoint->compatibilityMode()) { $args['ns'] = Auth_OpenID_OPENID2_NS; } // Leave out the session type if we're in compatibility mode // *and* it's no-encryption. if (!$endpoint->compatibilityMode() || $assoc_session->session_type != 'no-encryption') { $args['session_type'] = $assoc_session->session_type; } $args = array_merge($args, $assoc_session->getRequest()); $message = Auth_OpenID_Message::fromOpenIDArgs($args); return array($assoc_session, $message); }
function test_200() { $response = new Auth_Yadis_HTTPResponse(); $response->status = 200; $response->body = "foo:bar\nbaz:quux\n"; $r = Auth_OpenID_GenericConsumer::_httpResponseToMessage($response, $this->server_url); $expected_msg = Auth_OpenID_Message::fromOpenIDArgs(array('foo' => 'bar', 'baz' => 'quux')); $this->assertEquals($expected_msg, $r); }
function index() { try { $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } $consumer = Injector::inst()->get('MyOpenIDConsumer'); $query = Auth_OpenID::getQuery(); $message = Auth_OpenID_Message::fromPostArgs($query); $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce'); list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id'); error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp)); // Complete the authentication process using the server's response. $response = $consumer->complete(OpenStackIdCommon::getReturnTo()); if ($response->status == Auth_OpenID_CANCEL) { error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN); throw new Exception('The verification was cancelled. Please try again.'); } else { if ($response->status == Auth_OpenID_FAILURE) { error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE'); SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN); throw new Exception("The OpenID authentication failed."); } else { if ($response->status == Auth_OpenID_SUCCESS) { error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS'); $openid = $response->getDisplayIdentifier(); $openid = OpenStackIdCommon::escape($openid); if ($response->endpoint->canonicalID) { $openid = escape($response->endpoint->canonicalID); } //get user info from openid response $member = null; list($email, $full_name) = $this->getUserProfileInfo($response); if (!is_null($email)) { //try to get user by email $member = $this->member_repository->findByEmail($email); } if (!$member) { // or by openid $member = Member::get()->filter('IdentityURL', $openid)->first(); } if ($member) { $result = $member->canLogIn(); if ($result->valid()) { $member->setIdentityUrl($openid); $member->write(); $member->LogIn(true); return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } throw new Exception("Inactive User!"); } throw new Exception("The OpenID authentication failed: can not find user " . $openid); } } } } catch (Exception $ex) { Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); SS_Log::log($ex, SS_Log::WARN); return $this->redirect("Security/badlogin"); } }
function _setUpDH() { list($sess, $message) = $this->consumer->_createAssociateRequest($this->endpoint, 'HMAC-SHA1', 'DH-SHA1'); // XXX: this is testing _createAssociateRequest $this->assertEquals($this->endpoint->compatibilityMode(), $message->isOpenID1()); $server_sess = Auth_OpenID_DiffieHellmanSHA1ServerSession::fromMessage($message); $server_resp = $server_sess->answer($this->secret); $server_resp['assoc_type'] = 'HMAC-SHA1'; $server_resp['assoc_handle'] = 'handle'; $server_resp['expires_in'] = '1000'; $server_resp['session_type'] = 'DH-SHA1'; return array($sess, Auth_OpenID_Message::fromOpenIDArgs($server_resp)); }
function test_openID2MismatchedDoesDisco_failure() { $mismatched = new Auth_OpenID_ServiceEndpoint(); $mismatched->identity = 'nothing special, but different'; $mismatched->local_id = 'green cheese'; $op_endpoint = 'Phone Home'; $msg = Auth_OpenID_Message::fromOpenIDArgs(array('ns' => Auth_OpenID_OPENID2_NS, 'identity' => 'sour grapes', 'claimed_id' => 'monkeysoft', 'op_endpoint' => $op_endpoint)); $result = $this->consumer->_verifyDiscoveryResults($msg, $mismatched); $this->assertTrue(Auth_OpenID::isFailure($result)); }
function test_fromPostArgs_ns11() { // An example of the stuff that some Drupal installations send us, // which includes openid.ns but is 1.1. $query = array('openid.assoc_handle' => '', 'openid.claimed_id' => 'http://foobar.invalid/', 'openid.identity' => 'http://foobar.myopenid.com', 'openid.mode' => 'checkid_setup', 'openid.ns' => 'http://openid.net/signon/1.1', 'openid.ns.sreg' => 'http://openid.net/extensions/sreg/1.1', 'openid.return_to' => 'http://drupal.invalid/return_to', 'openid.sreg.required' => 'nickname,email', 'openid.trust_root' => 'http://drupal.invalid'); $m = Auth_OpenID_Message::fromPostArgs($query); $this->assertTrue($m->isOpenID1()); }
function test_fromSuccessResponse() { $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'id_res', 'ns' => Auth_OpenID_OPENID2_NS, 'ns.pape' => Auth_OpenID_PAPE_NS_URI, 'auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), 'auth_time' => '2008-03-02T12:34:56Z')); $signed_stuff = array('auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), 'auth_time' => '2008-03-02T12:34:56Z'); $oid_req = new PAPE_DummySuccessResponse($openid_req_msg, $signed_stuff); $req = Auth_OpenID_PAPE_Response::fromSuccessResponse($oid_req); $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $req->auth_policies); $this->assertEquals('2008-03-02T12:34:56Z', $req->auth_time); }
function test_openidUpdateURLVerificationSuccessReturnTo() { $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'checkid_setup', 'ns' => Auth_OpenID_OPENID2_NS, 'return_to' => 'http://example.com/realm', 'ns.ax' => Auth_OpenID_AX_NS_URI, 'ax.update_url' => 'http://example.com/realm/update_path', 'ax.mode' => 'fetch_request')); $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req_msg); $this->assertFalse(Auth_OpenID_AX::isError($fr)); }
function testUnsupportedWithRetry() { $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1'); $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1'); $assoc = new Auth_OpenID_Association('handle', 'secretxx', 'issued', 10000, 'HMAC-SHA1'); $this->consumer->return_messages = array($assoc, $msg); $result = $this->consumer->_negotiateAssociation($this->endpoint); $this->assertTrue($result === null); // $this->failUnlessLogMatches('Server error when requesting an association') }
function test_verifyAssocMismatch() { // Attempt to validate sign-all message with a signed-list // assoc. $assoc_handle = '{vroom}{zoom}'; $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); $this->store->storeAssociation($this->dumb_key, $assoc); $signed = Auth_OpenID_Message::fromPostArgs(array('foo' => 'bar', 'apple' => 'orange', 'openid.sig' => "d71xlHtqnq98DonoSgoK/nD+QRM=")); $verified = $this->signatory->verify($assoc_handle, $signed); $this->assertFalse($verified); }
function _test($uri) { // Create a request message with simple registration fields $sreg_req = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname')); $req_msg = new Auth_OpenID_Message($uri); $req_msg->updateArgs(Auth_OpenID_SREG_NS_URI, $sreg_req->getExtensionArgs()); $req = new Auth_OpenID_Request(); $req->message =& $req_msg; $req->namespace = $req_msg->getOpenIDNamespace(); // -> send checkid_* request // Create an empty response message $resp_msg = new Auth_OpenID_Message($uri); $resp = new Auth_OpenID_ServerResponse($req); $resp->fields = $resp_msg; $data = array('nickname' => 'linusaur', 'postcode' => '12345', 'country' => 'US', 'gender' => 'M', 'fullname' => 'Leonhard Euler', 'email' => '*****@*****.**', 'dob' => '0000-00-00', 'language' => 'en-us'); // Put the requested data fields in the response message $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $data); $resp->addExtension($sreg_resp); // <- send id_res response // Extract the fields that were sent $sreg_data_resp = $resp->fields->getArgs(Auth_OpenID_SREG_NS_URI); $this->assertEquals(array('nickname' => 'linusaur', 'email' => '*****@*****.**', 'fullname' => 'Leonhard Euler'), $sreg_data_resp); }
/** * Given an HTTP query in an array (key-value pairs), decode it * into an Auth_OpenID_Request object. */ function decode($query) { if (!$query) { return null; } $message = Auth_OpenID_Message::fromPostArgs($query); $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); if (!$mode) { return new Auth_OpenID_ServerError($message, "No mode value in message"); } $handlerCls = Auth_OpenID::arrayGet($this->handlers, $mode, $this->defaultDecoder($message)); if (!is_a($handlerCls, 'Auth_OpenID_ServerError')) { return call_user_func_array(array($handlerCls, 'fromMessage'), array($message, $this->server)); } else { return $handlerCls; } }