openid.test.test_pape

1 2 from openid.extensions.draft import pape5 as pape 3 from openid.message import * 4 from openid.server import server 5 6 import warnings 7 warnings.filterwarnings('ignore', module=__name__, 8 message='"none" used as a policy URI') 9 10 import unittest 11

12 -class PapeRequestTestCase(unittest.TestCase):

13 - def setUp(self):

14 self.req = pape.Request()

15

16 - def test_construct(self):

17 self.failUnlessEqual([], self.req.preferred_auth_policies) 18 self.failUnlessEqual(None, self.req.max_auth_age) 19 self.failUnlessEqual('pape', self.req.ns_alias) 20 self.failIf(self.req.preferred_auth_level_types) 21 22 bogus_levels = ['http://janrain.com/our_levels'] 23 req2 = pape.Request( 24 [pape.AUTH_MULTI_FACTOR], 1000, bogus_levels) 25 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], 26 req2.preferred_auth_policies) 27 self.failUnlessEqual(1000, req2.max_auth_age) 28 self.failUnlessEqual(bogus_levels, req2.preferred_auth_level_types)

29

30 - def test_addAuthLevel(self):

31 self.req.addAuthLevel('http://example.com/', 'example') 32 self.failUnlessEqual(['http://example.com/'], 33 self.req.preferred_auth_level_types) 34 self.failUnlessEqual('http://example.com/', 35 self.req.auth_level_aliases['example']) 36 37 self.req.addAuthLevel('http://example.com/1', 'example1') 38 self.failUnlessEqual(['http://example.com/', 'http://example.com/1'], 39 self.req.preferred_auth_level_types) 40 41 self.req.addAuthLevel('http://example.com/', 'exmpl') 42 self.failUnlessEqual(['http://example.com/', 'http://example.com/1'], 43 self.req.preferred_auth_level_types) 44 45 self.req.addAuthLevel('http://example.com/', 'example') 46 self.failUnlessEqual(['http://example.com/', 'http://example.com/1'], 47 self.req.preferred_auth_level_types) 48 49 self.failUnlessRaises(KeyError, 50 self.req.addAuthLevel, 51 'http://example.com/2', 'example') 52 53 # alias is None; we expect a new one to be generated. 54 uri = 'http://another.example.com/' 55 self.req.addAuthLevel(uri) 56 self.assert_(uri in self.req.auth_level_aliases.values()) 57 58 # We don't expect a new alias to be generated if one already 59 # exists. 60 before_aliases = self.req.auth_level_aliases.keys() 61 self.req.addAuthLevel(uri) 62 after_aliases = self.req.auth_level_aliases.keys() 63 self.assertEqual(before_aliases, after_aliases)

64

65 - def test_add_policy_uri(self):

66 self.failUnlessEqual([], self.req.preferred_auth_policies) 67 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 68 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], 69 self.req.preferred_auth_policies) 70 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 71 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], 72 self.req.preferred_auth_policies) 73 self.req.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 74 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, 75 pape.AUTH_PHISHING_RESISTANT], 76 self.req.preferred_auth_policies) 77 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 78 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, 79 pape.AUTH_PHISHING_RESISTANT], 80 self.req.preferred_auth_policies)

81

82 - def test_getExtensionArgs(self):

83 self.failUnlessEqual({'preferred_auth_policies': ''}, 84 self.req.getExtensionArgs()) 85 self.req.addPolicyURI('http://uri') 86 self.failUnlessEqual( 87 {'preferred_auth_policies': 'http://uri'}, 88 self.req.getExtensionArgs()) 89 self.req.addPolicyURI('http://zig') 90 self.failUnlessEqual( 91 {'preferred_auth_policies': 'http://uri http://zig'}, 92 self.req.getExtensionArgs()) 93 self.req.max_auth_age = 789 94 self.failUnlessEqual( 95 {'preferred_auth_policies': 'http://uri http://zig', 96 'max_auth_age': '789'}, 97 self.req.getExtensionArgs())

98

99 - def test_getExtensionArgsWithAuthLevels(self):

100 uri = 'http://example.com/auth_level' 101 alias = 'my_level' 102 self.req.addAuthLevel(uri, alias) 103 104 uri2 = 'http://example.com/auth_level_2' 105 alias2 = 'my_level_2' 106 self.req.addAuthLevel(uri2, alias2) 107 108 expected_args = { 109 ('auth_level.ns.%s' % alias): uri, 110 ('auth_level.ns.%s' % alias2): uri2, 111 'preferred_auth_level_types': ' '.join([alias, alias2]), 112 'preferred_auth_policies': '', 113 } 114 115 self.failUnlessEqual(expected_args, self.req.getExtensionArgs())

116

117 - def test_parseExtensionArgsWithAuthLevels(self):

118 uri = 'http://example.com/auth_level' 119 alias = 'my_level' 120 121 uri2 = 'http://example.com/auth_level_2' 122 alias2 = 'my_level_2' 123 124 request_args = { 125 ('auth_level.ns.%s' % alias): uri, 126 ('auth_level.ns.%s' % alias2): uri2, 127 'preferred_auth_level_types': ' '.join([alias, alias2]), 128 'preferred_auth_policies': '', 129 } 130 131 # Check request object state 132 self.req.parseExtensionArgs(request_args, is_openid1=False, strict=False) 133 134 expected_auth_levels = [uri, uri2] 135 136 self.assertEqual(expected_auth_levels, 137 self.req.preferred_auth_level_types) 138 self.assertEqual(uri, self.req.auth_level_aliases[alias]) 139 self.assertEqual(uri2, self.req.auth_level_aliases[alias2])

140

141 - def test_parseExtensionArgsWithAuthLevels_openID1(self):

142 request_args = { 143 'preferred_auth_level_types':'nist jisa', 144 } 145 expected_auth_levels = [pape.LEVELS_NIST, pape.LEVELS_JISA] 146 self.req.parseExtensionArgs(request_args, is_openid1=True) 147 self.assertEqual(expected_auth_levels, 148 self.req.preferred_auth_level_types) 149 150 self.req = pape.Request() 151 self.req.parseExtensionArgs(request_args, is_openid1=False) 152 self.assertEqual([], 153 self.req.preferred_auth_level_types) 154 155 self.req = pape.Request() 156 self.failUnlessRaises(ValueError, 157 self.req.parseExtensionArgs, 158 request_args, is_openid1=False, strict=True)

159

160 - def test_parseExtensionArgs_ignoreBadAuthLevels(self):

161 request_args = {'preferred_auth_level_types':'monkeys'} 162 self.req.parseExtensionArgs(request_args, False) 163 self.assertEqual([], self.req.preferred_auth_level_types)

164

165 - def test_parseExtensionArgs_strictBadAuthLevels(self):

166 request_args = {'preferred_auth_level_types':'monkeys'} 167 self.failUnlessRaises(ValueError, self.req.parseExtensionArgs, 168 request_args, is_openid1=False, strict=True)

169

170 - def test_parseExtensionArgs(self):

171 args = {'preferred_auth_policies': 'http://foo http://bar', 172 'max_auth_age': '9'} 173 self.req.parseExtensionArgs(args, False) 174 self.failUnlessEqual(9, self.req.max_auth_age) 175 self.failUnlessEqual(['http://foo','http://bar'], 176 self.req.preferred_auth_policies) 177 self.failUnlessEqual([], self.req.preferred_auth_level_types)

178

179 - def test_parseExtensionArgs_strict_bad_auth_age(self):

180 args = {'max_auth_age': 'not an int'} 181 self.assertRaises(ValueError, self.req.parseExtensionArgs, args, 182 is_openid1=False, strict=True)

183

184 - def test_parseExtensionArgs_empty(self):

185 self.req.parseExtensionArgs({}, False) 186 self.failUnlessEqual(None, self.req.max_auth_age) 187 self.failUnlessEqual([], self.req.preferred_auth_policies) 188 self.failUnlessEqual([], self.req.preferred_auth_level_types)

189

190 - def test_fromOpenIDRequest(self):

191 policy_uris = [pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT] 192 openid_req_msg = Message.fromOpenIDArgs({ 193 'mode': 'checkid_setup', 194 'ns': OPENID2_NS, 195 'ns.pape': pape.ns_uri, 196 'pape.preferred_auth_policies': ' '.join(policy_uris), 197 'pape.max_auth_age': '5476' 198 }) 199 oid_req = server.OpenIDRequest() 200 oid_req.message = openid_req_msg 201 req = pape.Request.fromOpenIDRequest(oid_req) 202 self.failUnlessEqual(policy_uris, req.preferred_auth_policies) 203 self.failUnlessEqual(5476, req.max_auth_age)

204

205 - def test_fromOpenIDRequest_no_pape(self):

206 message = Message() 207 openid_req = server.OpenIDRequest() 208 openid_req.message = message 209 pape_req = pape.Request.fromOpenIDRequest(openid_req) 210 assert(pape_req is None)

211

212 - def test_preferred_types(self):

213 self.req.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 214 self.req.addPolicyURI(pape.AUTH_MULTI_FACTOR) 215 pt = self.req.preferredTypes([pape.AUTH_MULTI_FACTOR, 216 pape.AUTH_MULTI_FACTOR_PHYSICAL]) 217 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], pt)

218

219 -class DummySuccessResponse:

220 - def __init__(self, message, signed_stuff):

221 self.message = message 222 self.signed_stuff = signed_stuff

223

224 - def isOpenID1(self):

225 return False

226

227 - def getSignedNS(self, ns_uri):

228 return self.signed_stuff

229

230 -class PapeResponseTestCase(unittest.TestCase):

231 - def setUp(self):

232 self.resp = pape.Response()

233

234 - def test_construct(self):

235 self.failUnlessEqual([], self.resp.auth_policies) 236 self.failUnlessEqual(None, self.resp.auth_time) 237 self.failUnlessEqual('pape', self.resp.ns_alias) 238 self.failUnlessEqual(None, self.resp.nist_auth_level) 239 240 req2 = pape.Response([pape.AUTH_MULTI_FACTOR], 241 "2004-12-11T10:30:44Z", {pape.LEVELS_NIST: 3}) 242 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], req2.auth_policies) 243 self.failUnlessEqual("2004-12-11T10:30:44Z", req2.auth_time) 244 self.failUnlessEqual(3, req2.nist_auth_level)

245

246 - def test_add_policy_uri(self):

247 self.failUnlessEqual([], self.resp.auth_policies) 248 self.resp.addPolicyURI(pape.AUTH_MULTI_FACTOR) 249 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.resp.auth_policies) 250 self.resp.addPolicyURI(pape.AUTH_MULTI_FACTOR) 251 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR], self.resp.auth_policies) 252 self.resp.addPolicyURI(pape.AUTH_PHISHING_RESISTANT) 253 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, 254 pape.AUTH_PHISHING_RESISTANT], 255 self.resp.auth_policies) 256 self.resp.addPolicyURI(pape.AUTH_MULTI_FACTOR) 257 self.failUnlessEqual([pape.AUTH_MULTI_FACTOR, 258 pape.AUTH_PHISHING_RESISTANT], 259 self.resp.auth_policies) 260 261 self.failUnlessRaises(RuntimeError, self.resp.addPolicyURI, 262 pape.AUTH_NONE)

263

264 - def test_getExtensionArgs(self):

265 self.failUnlessEqual({'auth_policies': pape.AUTH_NONE}, 266 self.resp.getExtensionArgs()) 267 self.resp.addPolicyURI('http://uri') 268 self.failUnlessEqual({'auth_policies': 'http://uri'}, 269 self.resp.getExtensionArgs()) 270 self.resp.addPolicyURI('http://zig') 271 self.failUnlessEqual({'auth_policies': 'http://uri http://zig'}, 272 self.resp.getExtensionArgs()) 273 self.resp.auth_time = "1776-07-04T14:43:12Z" 274 self.failUnlessEqual( 275 {'auth_policies': 'http://uri http://zig', 276 'auth_time': "1776-07-04T14:43:12Z"}, 277 self.resp.getExtensionArgs()) 278 self.resp.setAuthLevel(pape.LEVELS_NIST, '3') 279 self.failUnlessEqual( 280 {'auth_policies': 'http://uri http://zig', 281 'auth_time': "1776-07-04T14:43:12Z", 282 'auth_level.nist': '3', 283 'auth_level.ns.nist': pape.LEVELS_NIST}, 284 self.resp.getExtensionArgs())

285

286 - def test_getExtensionArgs_error_auth_age(self):

287 self.resp.auth_time = "long ago" 288 self.failUnlessRaises(ValueError, self.resp.getExtensionArgs)

289

290 - def test_parseExtensionArgs(self):

291 args = {'auth_policies': 'http://foo http://bar', 292 'auth_time': '1970-01-01T00:00:00Z'} 293 self.resp.parseExtensionArgs(args, is_openid1=False) 294 self.failUnlessEqual('1970-01-01T00:00:00Z', self.resp.auth_time) 295 self.failUnlessEqual(['http://foo','http://bar'], 296 self.resp.auth_policies)

297

298 - def test_parseExtensionArgs_valid_none(self):

299 args = {'auth_policies': pape.AUTH_NONE} 300 self.resp.parseExtensionArgs(args, is_openid1=False) 301 self.failUnlessEqual([], self.resp.auth_policies)

302

303 - def test_parseExtensionArgs_old_none(self):

304 args = {'auth_policies': 'none'} 305 self.resp.parseExtensionArgs(args, is_openid1=False) 306 self.failUnlessEqual([], self.resp.auth_policies)

307

308 - def test_parseExtensionArgs_old_none_strict(self):

309 args = {'auth_policies': 'none'} 310 self.failUnlessRaises( 311 ValueError, 312 self.resp.parseExtensionArgs, args, is_openid1=False, strict=True)

313

314 - def test_parseExtensionArgs_empty(self):

315 self.resp.parseExtensionArgs({}, is_openid1=False) 316 self.failUnlessEqual(None, self.resp.auth_time) 317 self.failUnlessEqual([], self.resp.auth_policies)

318

319 - def test_parseExtensionArgs_empty_strict(self):

320 self.failUnlessRaises( 321 ValueError, 322 self.resp.parseExtensionArgs, {}, is_openid1=False, strict=True)

323

324 - def test_parseExtensionArgs_ignore_superfluous_none(self):

325 policies = [pape.AUTH_NONE, pape.AUTH_MULTI_FACTOR_PHYSICAL] 326 327 args = { 328 'auth_policies': ' '.join(policies), 329 } 330 331 self.resp.parseExtensionArgs(args, is_openid1=False, strict=False) 332 333 self.assertEqual([pape.AUTH_MULTI_FACTOR_PHYSICAL], 334 self.resp.auth_policies)

335

336 - def test_parseExtensionArgs_none_strict(self):

337 policies = [pape.AUTH_NONE, pape.AUTH_MULTI_FACTOR_PHYSICAL] 338 339 args = { 340 'auth_policies': ' '.join(policies), 341 } 342 343 self.failUnlessRaises(ValueError, self.resp.parseExtensionArgs, 344 args, is_openid1=False, strict=True)

345

346 - def test_parseExtensionArgs_strict_bogus1(self):

347 args = {'auth_policies': 'http://foo http://bar', 348 'auth_time': 'yesterday'} 349 self.failUnlessRaises(ValueError, self.resp.parseExtensionArgs, 350 args, is_openid1=False, strict=True)

351

352 - def test_parseExtensionArgs_openid1_strict(self):

353 args = {'auth_level.nist': '0', 354 'auth_policies': pape.AUTH_NONE, 355 } 356 self.resp.parseExtensionArgs(args, strict=True, is_openid1=True) 357 self.failUnlessEqual('0', self.resp.getAuthLevel(pape.LEVELS_NIST)) 358 self.failUnlessEqual([], self.resp.auth_policies)

359

360 - def test_parseExtensionArgs_strict_no_namespace_decl_openid2(self):

361 # Test the case where the namespace is not declared for an 362 # auth level. 363 args = {'auth_policies': pape.AUTH_NONE, 364 'auth_level.nist': '0', 365 } 366 self.failUnlessRaises(ValueError, self.resp.parseExtensionArgs, 367 args, is_openid1=False, strict=True)

368

369 - def test_parseExtensionArgs_nostrict_no_namespace_decl_openid2(self):

370 # Test the case where the namespace is not declared for an 371 # auth level. 372 args = {'auth_policies': pape.AUTH_NONE, 373 'auth_level.nist': '0', 374 } 375 self.resp.parseExtensionArgs(args, is_openid1=False, strict=False) 376 377 # There is no namespace declaration for this auth level. 378 self.failUnlessRaises(KeyError, self.resp.getAuthLevel, 379 pape.LEVELS_NIST)

380

381 - def test_parseExtensionArgs_strict_good(self):

382 args = {'auth_policies': 'http://foo http://bar', 383 'auth_time': '1970-01-01T00:00:00Z', 384 'auth_level.nist': '0', 385 'auth_level.ns.nist': pape.LEVELS_NIST} 386 self.resp.parseExtensionArgs(args, is_openid1=False, strict=True) 387 self.failUnlessEqual(['http://foo','http://bar'], 388 self.resp.auth_policies) 389 self.failUnlessEqual('1970-01-01T00:00:00Z', self.resp.auth_time) 390 self.failUnlessEqual(0, self.resp.nist_auth_level)

391

392 - def test_parseExtensionArgs_nostrict_bogus(self):

393 args = {'auth_policies': 'http://foo http://bar', 394 'auth_time': 'when the cows come home', 395 'nist_auth_level': 'some'} 396 self.resp.parseExtensionArgs(args, is_openid1=False) 397 self.failUnlessEqual(['http://foo','http://bar'], 398 self.resp.auth_policies) 399 self.failUnlessEqual(None, self.resp.auth_time) 400 self.failUnlessEqual(None, self.resp.nist_auth_level)

401

402 - def test_fromSuccessResponse(self):

403 policy_uris = [pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT] 404 openid_req_msg = Message.fromOpenIDArgs({ 405 'mode': 'id_res', 406 'ns': OPENID2_NS, 407 'ns.pape': pape.ns_uri, 408 'pape.auth_policies': ' '.join(policy_uris), 409 'pape.auth_time': '1970-01-01T00:00:00Z' 410 }) 411 signed_stuff = { 412 'auth_policies': ' '.join(policy_uris), 413 'auth_time': '1970-01-01T00:00:00Z' 414 } 415 oid_req = DummySuccessResponse(openid_req_msg, signed_stuff) 416 req = pape.Response.fromSuccessResponse(oid_req) 417 self.failUnlessEqual(policy_uris, req.auth_policies) 418 self.failUnlessEqual('1970-01-01T00:00:00Z', req.auth_time)

419

420 - def test_fromSuccessResponseNoSignedArgs(self):

421 policy_uris = [pape.AUTH_MULTI_FACTOR, pape.AUTH_PHISHING_RESISTANT] 422 openid_req_msg = Message.fromOpenIDArgs({ 423 'mode': 'id_res', 424 'ns': OPENID2_NS, 425 'ns.pape': pape.ns_uri, 426 'pape.auth_policies': ' '.join(policy_uris), 427 'pape.auth_time': '1970-01-01T00:00:00Z' 428 }) 429 430 signed_stuff = {} 431 432 class NoSigningDummyResponse(DummySuccessResponse): 433 def getSignedNS(self, ns_uri): 434 return None

435 436 oid_req = NoSigningDummyResponse(openid_req_msg, signed_stuff) 437 resp = pape.Response.fromSuccessResponse(oid_req) 438 self.failUnless(resp is None) 439 440 if __name__ == '__main__': 441 unittest.main() 442

Source Code for Module openid.test.test_pape_draft5