openid.test.test_pape

1 2 from openid.extensions.draft import pape2 as pape 3 from openid.message import * 4 from openid.server import server 5 6 import unittest 7

8 -class PapeRequestTestCase(unittest.TestCase):

9 - def setUp(self):

10 self.req = pape.Request()

11

12 - def test_construct(self):

13 self.failUnlessEqual([], self.req.preferred_auth_policies) 14 self.failUnlessEqual(None, self.req.max_auth_age) 15 self.failUnlessEqual('pape', self.req.ns_alias) 16 17 req2 = pape.Request([pape.AUTH_MULTI_FACTOR], 1000) 18 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], req2.preferred_auth_policies) 19 self.failUnlessEqual(1000, req2.max_auth_age)

20

21 - def test_add_policy_uri(self):

22 self.failUnlessEqual([], self.req.preferred_auth_policies) 23 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 24 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.req.preferred_auth_policies) 25 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 26 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.req.preferred_auth_policies) 27 self.req.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 28 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], 29 self.req.preferred_auth_policies) 30 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 31 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], 32 self.req.preferred_auth_policies)

33

34 - def test_getExtensionArgs(self):

35 self.failUnlessEqual({'preferred_auth_policies': ''}, self.req.getExtensionArgs()) 36 self.req.addPolicyURI('http://uri') 37 self.failUnlessEqual({'preferred_auth_policies': 'http://uri'}, self.req.getExtensionArgs()) 38 self.req.addPolicyURI('http://zig') 39 self.failUnlessEqual({'preferred_auth_policies': 'http://uri http://zig'}, self.req.getExtensionArgs()) 40 self.req.max_auth_age = 789 41 self.failUnlessEqual({'preferred_auth_policies': 'http://uri http://zig', 'max_auth_age': '789'}, self.req.getExtensionArgs())

42

43 - def test_parseExtensionArgs(self):

44 args = {'preferred_auth_policies': 'http://foo http://bar', 45 'max_auth_age': '9'} 46 self.req.parseExtensionArgs(args) 47 self.failUnlessEqual(9, self.req.max_auth_age) 48 self.failUnlessEqual(['http://foo','http://bar'], self.req.preferred_auth_policies)

49

50 - def test_parseExtensionArgs_empty(self):

51 self.req.parseExtensionArgs({}) 52 self.failUnlessEqual(None, self.req.max_auth_age) 53 self.failUnlessEqual([], self.req.preferred_auth_policies)

54

55 - def test_fromOpenIDRequest(self):

56 openid_req_msg = Message.fromOpenIDArgs({ 57 'mode': 'checkid_setup', 58 'ns': OPENID2_NS, 59 'ns.pape': pape.ns_uri, 60 'pape.preferred_auth_policies': ' '.join([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT]), 61 'pape.max_auth_age': '5476' 62 }) 63 oid_req = server.OpenIDRequest() 64 oid_req.message = openid_req_msg 65 req = pape.Request.fromOpenIDRequest(oid_req) 66 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], req.preferred_auth_policies) 67 self.failUnlessEqual(5476, req.max_auth_age)

68

69 - def test_fromOpenIDRequest_no_pape(self):

70 message = Message() 71 openid_req = server.OpenIDRequest() 72 openid_req.message = message 73 pape_req = pape.Request.fromOpenIDRequest(openid_req) 74 assert(pape_req is None)

75

76 - def test_preferred_types(self):

77 self.req.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 78 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 79 pt = self.req.preferredTypes([pape.AUTH_MULTI_FACTOR, 80 pape.AUTH_MULTI_FACTOR_PHYSICAL]) 81 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], pt)

82

83 -class DummySuccessResponse:

84 - def __init__(self, message, signed_stuff):

85 self.message = message 86 self.signed_stuff = signed_stuff

87

88 - def getSignedNS(self, ns_uri):

89 return self.signed_stuff

90

91 -class PapeResponseTestCase(unittest.TestCase):

92 - def setUp(self):

93 self.req = pape.Response()

94

95 - def test_construct(self):

96 self.failUnlessEqual([], self.req.auth_policies) 97 self.failUnlessEqual(None, self.req.auth_time) 98 self.failUnlessEqual('pape', self.req.ns_alias) 99 self.failUnlessEqual(None, self.req.nist_auth_level) 100 101 req2 = pape.Response([pape.AUTH_MULTI_FACTOR], "2004-12-11T10:30:44Z", 3) 102 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], req2.auth_policies) 103 self.failUnlessEqual("2004-12-11T10:30:44Z", req2.auth_time) 104 self.failUnlessEqual(3, req2.nist_auth_level)

105

106 - def test_add_policy_uri(self):

107 self.failUnlessEqual([], self.req.auth_policies) 108 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 109 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.req.auth_policies) 110 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 111 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.req.auth_policies) 112 self.req.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 113 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], self.req.auth_policies) 114 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 115 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], self.req.auth_policies)

116

117 - def test_getExtensionArgs(self):

118 self.failUnlessEqual({'auth_policies': 'none'}, self.req.getExtensionArgs()) 119 self.req.addPolicyURI('http://uri') 120 self.failUnlessEqual({'auth_policies': 'http://uri'}, self.req.getExtensionArgs()) 121 self.req.addPolicyURI('http://zig') 122 self.failUnlessEqual({'auth_policies': 'http://uri http://zig'}, self.req.getExtensionArgs()) 123 self.req.auth_time = "1776-07-04T14:43:12Z" 124 self.failUnlessEqual({'auth_policies': 'http://uri http://zig', 'auth_time': "1776-07-04T14:43:12Z"}, self.req.getExtensionArgs()) 125 self.req.nist_auth_level = 3 126 self.failUnlessEqual({'auth_policies': 'http://uri http://zig', 'auth_time': "1776-07-04T14:43:12Z", 'nist_auth_level': '3'}, self.req.getExtensionArgs())

127

128 - def test_getExtensionArgs_error_auth_age(self):

129 self.req.auth_time = "long ago" 130 self.failUnlessRaises(ValueError, self.req.getExtensionArgs)

131

132 - def test_getExtensionArgs_error_nist_auth_level(self):

133 self.req.nist_auth_level = "high as a kite" 134 self.failUnlessRaises(ValueError, self.req.getExtensionArgs) 135 self.req.nist_auth_level = 5 136 self.failUnlessRaises(ValueError, self.req.getExtensionArgs) 137 self.req.nist_auth_level = -1 138 self.failUnlessRaises(ValueError, self.req.getExtensionArgs)

139

140 - def test_parseExtensionArgs(self):

141 args = {'auth_policies': 'http://foo http://bar', 142 'auth_time': '1970-01-01T00:00:00Z'} 143 self.req.parseExtensionArgs(args) 144 self.failUnlessEqual('1970-01-01T00:00:00Z', self.req.auth_time) 145 self.failUnlessEqual(['http://foo','http://bar'], self.req.auth_policies)

146

147 - def test_parseExtensionArgs_empty(self):

148 self.req.parseExtensionArgs({}) 149 self.failUnlessEqual(None, self.req.auth_time) 150 self.failUnlessEqual([], self.req.auth_policies)

151

152 - def test_parseExtensionArgs_strict_bogus1(self):

153 args = {'auth_policies': 'http://foo http://bar', 154 'auth_time': 'yesterday'} 155 self.failUnlessRaises(ValueError, self.req.parseExtensionArgs, 156 args, True)

157

158 - def test_parseExtensionArgs_strict_bogus2(self):

159 args = {'auth_policies': 'http://foo http://bar', 160 'auth_time': '1970-01-01T00:00:00Z', 161 'nist_auth_level': 'some'} 162 self.failUnlessRaises(ValueError, self.req.parseExtensionArgs, 163 args, True)

164

165 - def test_parseExtensionArgs_strict_good(self):

166 args = {'auth_policies': 'http://foo http://bar', 167 'auth_time': '1970-01-01T00:00:00Z', 168 'nist_auth_level': '0'} 169 self.req.parseExtensionArgs(args, True) 170 self.failUnlessEqual(['http://foo','http://bar'], self.req.auth_policies) 171 self.failUnlessEqual('1970-01-01T00:00:00Z', self.req.auth_time) 172 self.failUnlessEqual(0, self.req.nist_auth_level)

173

174 - def test_parseExtensionArgs_nostrict_bogus(self):

175 args = {'auth_policies': 'http://foo http://bar', 176 'auth_time': 'when the cows come home', 177 'nist_auth_level': 'some'} 178 self.req.parseExtensionArgs(args) 179 self.failUnlessEqual(['http://foo','http://bar'], self.req.auth_policies) 180 self.failUnlessEqual(None, self.req.auth_time) 181 self.failUnlessEqual(None, self.req.nist_auth_level)

182

183 - def test_fromSuccessResponse(self):

184 openid_req_msg = Message.fromOpenIDArgs({ 185 'mode': 'id_res', 186 'ns': OPENID2_NS, 187 'ns.pape': pape.ns_uri, 188 'pape.auth_policies': ' '.join([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT]), 189 'pape.auth_time': '1970-01-01T00:00:00Z' 190 }) 191 signed_stuff = { 192 'auth_policies': ' '.join([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT]), 193 'auth_time': '1970-01-01T00:00:00Z' 194 } 195 oid_req = DummySuccessResponse(openid_req_msg, signed_stuff) 196 req = pape.Response.fromSuccessResponse(oid_req) 197 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT], req.auth_policies) 198 self.failUnlessEqual('1970-01-01T00:00:00Z', req.auth_time)

199

200 - def test_fromSuccessResponseNoSignedArgs(self):

201 openid_req_msg = Message.fromOpenIDArgs({ 202 'mode': 'id_res', 203 'ns': OPENID2_NS, 204 'ns.pape': pape.ns_uri, 205 'pape.auth_policies': ' '.join([pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT]), 206 'pape.auth_time': '1970-01-01T00:00:00Z' 207 }) 208 209 signed_stuff = {} 210 211 class NoSigningDummyResponse(DummySuccessResponse): 212 def getSignedNS(self, ns_uri): 213 return None

214 215 oid_req = NoSigningDummyResponse(openid_req_msg, signed_stuff) 216 resp = pape.Response.fromSuccessResponse(oid_req) 217 self.failUnless(resp is None) 218

Source Code for Module openid.test.test_pape_draft2