openid.test.test

1 """Unit tests for verification of return_to URLs for a realm 2 """ 3 4 __all__ = ['TestBuildDiscoveryURL'] 5 6 from openid.yadis.discover import DiscoveryResult, DiscoveryFailure 7 from openid.yadis import services 8 from openid.server import trustroot 9 from openid.test.support import CatchLogs 10 import unittest 11 12 # Too many methods does not apply to unit test objects 13 #pylint:disable-msg=R0904

14 -class TestBuildDiscoveryURL(unittest.TestCase):

15 """Tests for building the discovery URL from a realm and a 16 return_to URL 17 """ 18

19 - def failUnlessDiscoURL(self, realm, expected_discovery_url):

20 """Build a discovery URL out of the realm and a return_to and 21 make sure that it matches the expected discovery URL 22 """ 23 realm_obj = trustroot.TrustRoot.parse(realm) 24 actual_discovery_url = realm_obj.buildDiscoveryURL() 25 self.failUnlessEqual(expected_discovery_url, actual_discovery_url)

26

27 - def test_trivial(self):

28 """There is no wildcard and the realm is the same as the return_to URL 29 """ 30 self.failUnlessDiscoURL('http://example.com/foo', 31 'http://example.com/foo')

32

33 - def test_wildcard(self):

34 """There is a wildcard 35 """ 36 self.failUnlessDiscoURL('http://*.example.com/foo', 37 'http://www.example.com/foo')

38

39 -class TestExtractReturnToURLs(unittest.TestCase):

40 disco_url = 'http://example.com/' 41

42 - def setUp(self):

43 self.original_discover = services.discover 44 services.discover = self.mockDiscover 45 self.data = None

46

47 - def tearDown(self):

48 services.discover = self.original_discover

49

50 - def mockDiscover(self, uri):

51 result = DiscoveryResult(uri) 52 result.response_text = self.data 53 result.normalized_uri = uri 54 return result

55

56 - def failUnlessFileHasReturnURLs(self, filename, expected_return_urls):

57 self.failUnlessXRDSHasReturnURLs(file(filename).read(), 58 expected_return_urls)

59

60 - def failUnlessXRDSHasReturnURLs(self, data, expected_return_urls):

61 self.data = data 62 actual_return_urls = list(trustroot.getAllowedReturnURLs( 63 self.disco_url)) 64 65 self.failUnlessEqual(expected_return_urls, actual_return_urls)

66

67 - def failUnlessDiscoveryFailure(self, text):

68 self.data = text 69 self.failUnlessRaises( 70 DiscoveryFailure, trustroot.getAllowedReturnURLs, self.disco_url)

71

72 - def test_empty(self):

73 self.failUnlessDiscoveryFailure('')

74

75 - def test_badXML(self):

76 self.failUnlessDiscoveryFailure('>')

77

78 - def test_noEntries(self):

79 self.failUnlessXRDSHasReturnURLs('''\ 80 <?xml version="1.0" encoding="UTF-8"?> 81 <xrds:XRDS xmlns:xrds="xri://$xrds" 82 xmlns="xri://$xrd*($v*2.0)" 83 > 84 <XRD> 85 </XRD> 86 </xrds:XRDS> 87 ''', [])

88

89 - def test_noReturnToEntries(self):

90 self.failUnlessXRDSHasReturnURLs('''\ 91 <?xml version="1.0" encoding="UTF-8"?> 92 <xrds:XRDS xmlns:xrds="xri://$xrds" 93 xmlns="xri://$xrd*($v*2.0)" 94 > 95 <XRD> 96 <Service priority="10"> 97 <Type>http://specs.openid.net/auth/2.0/server</Type> 98 <URI>http://www.myopenid.com/server</URI> 99 </Service> 100 </XRD> 101 </xrds:XRDS> 102 ''', [])

103

104 - def test_oneEntry(self):

105 self.failUnlessXRDSHasReturnURLs('''\ 106 <?xml version="1.0" encoding="UTF-8"?> 107 <xrds:XRDS xmlns:xrds="xri://$xrds" 108 xmlns="xri://$xrd*($v*2.0)" 109 > 110 <XRD> 111 <Service> 112 <Type>http://specs.openid.net/auth/2.0/return_to</Type> 113 <URI>http://rp.example.com/return</URI> 114 </Service> 115 </XRD> 116 </xrds:XRDS> 117 ''', ['http://rp.example.com/return'])

118

119 - def test_twoEntries(self):

120 self.failUnlessXRDSHasReturnURLs('''\ 121 <?xml version="1.0" encoding="UTF-8"?> 122 <xrds:XRDS xmlns:xrds="xri://$xrds" 123 xmlns="xri://$xrd*($v*2.0)" 124 > 125 <XRD> 126 <Service priority="0"> 127 <Type>http://specs.openid.net/auth/2.0/return_to</Type> 128 <URI>http://rp.example.com/return</URI> 129 </Service> 130 <Service priority="1"> 131 <Type>http://specs.openid.net/auth/2.0/return_to</Type> 132 <URI>http://other.rp.example.com/return</URI> 133 </Service> 134 </XRD> 135 </xrds:XRDS> 136 ''', ['http://rp.example.com/return', 137 'http://other.rp.example.com/return'])

138

139 - def test_twoEntries_withOther(self):

140 self.failUnlessXRDSHasReturnURLs('''\ 141 <?xml version="1.0" encoding="UTF-8"?> 142 <xrds:XRDS xmlns:xrds="xri://$xrds" 143 xmlns="xri://$xrd*($v*2.0)" 144 > 145 <XRD> 146 <Service priority="0"> 147 <Type>http://specs.openid.net/auth/2.0/return_to</Type> 148 <URI>http://rp.example.com/return</URI> 149 </Service> 150 <Service priority="1"> 151 <Type>http://specs.openid.net/auth/2.0/return_to</Type> 152 <URI>http://other.rp.example.com/return</URI> 153 </Service> 154 <Service priority="0"> 155 <Type>http://example.com/LOLCATS</Type> 156 <URI>http://example.com/invisible+uri</URI> 157 </Service> 158 </XRD> 159 </xrds:XRDS> 160 ''', ['http://rp.example.com/return', 161 'http://other.rp.example.com/return'])

162 163 164

165 -class TestReturnToMatches(unittest.TestCase):

166 - def test_noEntries(self):

167 self.failIf(trustroot.returnToMatches([], 'anything'))

168

169 - def test_exactMatch(self):

170 r = 'http://example.com/return.to' 171 self.failUnless(trustroot.returnToMatches([r], r))

172

173 - def test_garbageMatch(self):

174 r = 'http://example.com/return.to' 175 self.failUnless(trustroot.returnToMatches( 176 ['This is not a URL at all. In fact, it has characters, ' 177 'like "<" that are not allowed in URLs', 178 r], 179 r))

180

181 - def test_descendant(self):

182 r = 'http://example.com/return.to' 183 self.failUnless(trustroot.returnToMatches( 184 [r], 185 'http://example.com/return.to/user:joe'))

186

187 - def test_wildcard(self):

188 self.failIf(trustroot.returnToMatches( 189 ['http://*.example.com/return.to'], 190 'http://example.com/return.to'))

191

192 - def test_noMatch(self):

193 r = 'http://example.com/return.to' 194 self.failIf(trustroot.returnToMatches( 195 [r], 196 'http://example.com/xss_exploit'))

197

198 -class TestVerifyReturnTo(unittest.TestCase, CatchLogs):

199

200 - def setUp(self):

201 CatchLogs.setUp(self)

202

203 - def tearDown(self):

204 CatchLogs.tearDown(self)

205

206 - def test_bogusRealm(self):

207 self.failIf(trustroot.verifyReturnTo('', 'http://example.com/'))

208

209 - def test_verifyWithDiscoveryCalled(self):

210 realm = 'http://*.example.com/' 211 return_to = 'http://www.example.com/foo' 212 213 def vrfy(disco_url): 214 self.failUnlessEqual('http://www.example.com/', disco_url) 215 return [return_to]

216 217 self.failUnless( 218 trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy)) 219 self.failUnlessLogEmpty()

220

221 - def test_verifyFailWithDiscoveryCalled(self):

222 realm = 'http://*.example.com/' 223 return_to = 'http://www.example.com/foo' 224 225 def vrfy(disco_url): 226 self.failUnlessEqual('http://www.example.com/', disco_url) 227 return ['http://something-else.invalid/']

228 229 self.failIf( 230 trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy)) 231 self.failUnlessLogMatches("Failed to validate return_to") 232

233 - def test_verifyFailIfDiscoveryRedirects(self):

234 realm = 'http://*.example.com/' 235 return_to = 'http://www.example.com/foo' 236 237 def vrfy(disco_url): 238 raise trustroot.RealmVerificationRedirected( 239 disco_url, "http://redirected.invalid")

240 241 self.failIf( 242 trustroot.verifyReturnTo(realm, return_to, _vrfy=vrfy)) 243 self.failUnlessLogMatches("Attempting to verify") 244 245 if __name__ == '__main__': 246 unittest.main() 247

Source Code for Module openid.test.test_rpverify