|
danielebarchiesi@0
|
1 <?php
|
|
danielebarchiesi@0
|
2
|
|
danielebarchiesi@0
|
3 /**
|
|
danielebarchiesi@0
|
4 * @file
|
|
danielebarchiesi@0
|
5 * Tests for openid.module.
|
|
danielebarchiesi@0
|
6 */
|
|
danielebarchiesi@0
|
7
|
|
danielebarchiesi@0
|
8 /**
|
|
danielebarchiesi@0
|
9 * Base class for OpenID tests.
|
|
danielebarchiesi@0
|
10 */
|
|
danielebarchiesi@0
|
11 abstract class OpenIDWebTestCase extends DrupalWebTestCase {
|
|
danielebarchiesi@0
|
12
|
|
danielebarchiesi@0
|
13 /**
|
|
danielebarchiesi@0
|
14 * Initiates the login procedure using the specified User-supplied Identity.
|
|
danielebarchiesi@0
|
15 */
|
|
danielebarchiesi@0
|
16 function submitLoginForm($identity) {
|
|
danielebarchiesi@0
|
17 // Fill out and submit the login form.
|
|
danielebarchiesi@0
|
18 $edit = array('openid_identifier' => $identity);
|
|
danielebarchiesi@0
|
19 $this->drupalPost('', $edit, t('Log in'));
|
|
danielebarchiesi@0
|
20
|
|
danielebarchiesi@0
|
21 // Check we are on the OpenID redirect form.
|
|
danielebarchiesi@0
|
22 $this->assertTitle(t('OpenID redirect'), 'OpenID redirect page was displayed.');
|
|
danielebarchiesi@0
|
23
|
|
danielebarchiesi@0
|
24 // Submit form to the OpenID Provider Endpoint.
|
|
danielebarchiesi@0
|
25 $this->drupalPost(NULL, array(), t('Send'));
|
|
danielebarchiesi@0
|
26 }
|
|
danielebarchiesi@0
|
27
|
|
danielebarchiesi@0
|
28 /**
|
|
danielebarchiesi@0
|
29 * Parses the last sent e-mail and returns the one-time login link URL.
|
|
danielebarchiesi@0
|
30 */
|
|
danielebarchiesi@0
|
31 function getPasswordResetURLFromMail() {
|
|
danielebarchiesi@0
|
32 $mails = $this->drupalGetMails();
|
|
danielebarchiesi@0
|
33 $mail = end($mails);
|
|
danielebarchiesi@0
|
34 preg_match('@.+user/reset/.+@', $mail['body'], $matches);
|
|
danielebarchiesi@0
|
35 return $matches[0];
|
|
danielebarchiesi@0
|
36 }
|
|
danielebarchiesi@0
|
37 }
|
|
danielebarchiesi@0
|
38
|
|
danielebarchiesi@0
|
39 /**
|
|
danielebarchiesi@0
|
40 * Test discovery and login using OpenID
|
|
danielebarchiesi@0
|
41 */
|
|
danielebarchiesi@0
|
42 class OpenIDFunctionalTestCase extends OpenIDWebTestCase {
|
|
danielebarchiesi@0
|
43 protected $web_user;
|
|
danielebarchiesi@0
|
44
|
|
danielebarchiesi@0
|
45 public static function getInfo() {
|
|
danielebarchiesi@0
|
46 return array(
|
|
danielebarchiesi@0
|
47 'name' => 'OpenID discovery and login',
|
|
danielebarchiesi@0
|
48 'description' => "Adds an identity to a user's profile and uses it to log in.",
|
|
danielebarchiesi@0
|
49 'group' => 'OpenID'
|
|
danielebarchiesi@0
|
50 );
|
|
danielebarchiesi@0
|
51 }
|
|
danielebarchiesi@0
|
52
|
|
danielebarchiesi@0
|
53 function setUp() {
|
|
danielebarchiesi@0
|
54 parent::setUp('openid', 'openid_test');
|
|
danielebarchiesi@0
|
55
|
|
danielebarchiesi@0
|
56 // User doesn't need special permissions; only the ability to log in.
|
|
danielebarchiesi@0
|
57 $this->web_user = $this->drupalCreateUser(array());
|
|
danielebarchiesi@0
|
58 }
|
|
danielebarchiesi@0
|
59
|
|
danielebarchiesi@0
|
60 /**
|
|
danielebarchiesi@0
|
61 * Test discovery of OpenID Provider Endpoint via Yadis and HTML.
|
|
danielebarchiesi@0
|
62 */
|
|
danielebarchiesi@0
|
63 function testDiscovery() {
|
|
danielebarchiesi@0
|
64 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
65
|
|
danielebarchiesi@0
|
66 // The User-supplied Identifier entered by the user may indicate the URL of
|
|
danielebarchiesi@0
|
67 // the OpenID Provider Endpoint in various ways, as described in OpenID
|
|
danielebarchiesi@0
|
68 // Authentication 2.0 and Yadis Specification 1.0.
|
|
danielebarchiesi@0
|
69 // Note that all of the tested identifiers refer to the same endpoint, so
|
|
danielebarchiesi@0
|
70 // only the first will trigger an associate request in openid_association()
|
|
danielebarchiesi@0
|
71 // (association is only done the first time Drupal encounters a given
|
|
danielebarchiesi@0
|
72 // endpoint).
|
|
danielebarchiesi@0
|
73
|
|
danielebarchiesi@0
|
74
|
|
danielebarchiesi@0
|
75 // Yadis discovery (see Yadis Specification 1.0, section 6.2.5):
|
|
danielebarchiesi@0
|
76 // If the User-supplied Identifier is a URL, it may be a direct or indirect
|
|
danielebarchiesi@0
|
77 // reference to an XRDS document (a Yadis Resource Descriptor) that contains
|
|
danielebarchiesi@0
|
78 // the URL of the OpenID Provider Endpoint.
|
|
danielebarchiesi@0
|
79
|
|
danielebarchiesi@0
|
80 // Identifier is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
81 // On HTTP test environments, the URL scheme is stripped in order to test
|
|
danielebarchiesi@0
|
82 // that the supplied identifier is normalized in openid_begin().
|
|
danielebarchiesi@0
|
83 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
84 $this->addIdentity(preg_replace('@^http://@', '', $identity), 2, 'http://example.com/xrds', $identity);
|
|
danielebarchiesi@0
|
85
|
|
danielebarchiesi@0
|
86 $identity = url('openid-test/yadis/xrds/delegate', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
87 $this->addIdentity(preg_replace('@^http://@', '', $identity), 2, 'http://example.com/xrds-delegate', $identity);
|
|
danielebarchiesi@0
|
88
|
|
danielebarchiesi@0
|
89 // Identifier is the URL of an XRDS document containing an OP Identifier
|
|
danielebarchiesi@0
|
90 // Element. The Relying Party sends the special value
|
|
danielebarchiesi@0
|
91 // "http://specs.openid.net/auth/2.0/identifier_select" as Claimed
|
|
danielebarchiesi@0
|
92 // Identifier. The OpenID Provider responds with the actual identifier
|
|
danielebarchiesi@0
|
93 // including the fragment.
|
|
danielebarchiesi@0
|
94 $identity = url('openid-test/yadis/xrds/dummy-user', array('absolute' => TRUE, 'fragment' => $this->randomName()));
|
|
danielebarchiesi@0
|
95 // Tell openid_test.module to respond with this identifier. If the fragment
|
|
danielebarchiesi@0
|
96 // part is present in the identifier, it should be retained.
|
|
danielebarchiesi@0
|
97 variable_set('openid_test_response', array('openid.claimed_id' => $identity));
|
|
danielebarchiesi@0
|
98 $this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity);
|
|
danielebarchiesi@0
|
99 variable_set('openid_test_response', array());
|
|
danielebarchiesi@0
|
100
|
|
danielebarchiesi@0
|
101 // Identifier is the URL of an HTML page that is sent with an HTTP header
|
|
danielebarchiesi@0
|
102 // that contains the URL of an XRDS document.
|
|
danielebarchiesi@0
|
103 $this->addIdentity(url('openid-test/yadis/x-xrds-location', array('absolute' => TRUE)), 2);
|
|
danielebarchiesi@0
|
104
|
|
danielebarchiesi@0
|
105 // Identifier is the URL of an HTML page containing a <meta http-equiv=...>
|
|
danielebarchiesi@0
|
106 // element that contains the URL of an XRDS document.
|
|
danielebarchiesi@0
|
107 $this->addIdentity(url('openid-test/yadis/http-equiv', array('absolute' => TRUE)), 2);
|
|
danielebarchiesi@0
|
108
|
|
danielebarchiesi@0
|
109 // Identifier is an XRI. Resolve using our own dummy proxy resolver.
|
|
danielebarchiesi@0
|
110 variable_set('xri_proxy_resolver', url('openid-test/yadis/xrds/xri', array('absolute' => TRUE)) . '/');
|
|
danielebarchiesi@0
|
111 $this->addIdentity('@example*résumé;%25', 2, 'http://example.com/xrds', 'http://example.com/user');
|
|
danielebarchiesi@0
|
112
|
|
danielebarchiesi@0
|
113 // Make sure that unverified CanonicalID are not trusted.
|
|
danielebarchiesi@0
|
114 variable_set('openid_test_canonical_id_status', 'bad value');
|
|
danielebarchiesi@0
|
115 $this->addIdentity('@example*résumé;%25', 2, FALSE, FALSE);
|
|
danielebarchiesi@0
|
116
|
|
danielebarchiesi@0
|
117 // HTML-based discovery:
|
|
danielebarchiesi@0
|
118 // If the User-supplied Identifier is a URL of an HTML page, the page may
|
|
danielebarchiesi@0
|
119 // contain a <link rel=...> element containing the URL of the OpenID
|
|
danielebarchiesi@0
|
120 // Provider Endpoint. OpenID 1 and 2 describe slightly different formats.
|
|
danielebarchiesi@0
|
121
|
|
danielebarchiesi@0
|
122 // OpenID Authentication 1.1, section 3.1:
|
|
danielebarchiesi@0
|
123 $this->addIdentity(url('openid-test/html/openid1', array('absolute' => TRUE)), 1, 'http://example.com/html-openid1');
|
|
danielebarchiesi@0
|
124
|
|
danielebarchiesi@0
|
125 // OpenID Authentication 2.0, section 7.3.3:
|
|
danielebarchiesi@0
|
126 $this->addIdentity(url('openid-test/html/openid2', array('absolute' => TRUE)), 2, 'http://example.com/html-openid2');
|
|
danielebarchiesi@0
|
127
|
|
danielebarchiesi@0
|
128 // OpenID Authentication 2.0, section 7.2.4:
|
|
danielebarchiesi@0
|
129 // URL Identifiers MUST then be further normalized by both (1) following
|
|
danielebarchiesi@0
|
130 // redirects when retrieving their content and finally (2) applying the
|
|
danielebarchiesi@0
|
131 // rules in Section 6 of RFC3986 to the final destination URL. This final
|
|
danielebarchiesi@0
|
132 // URL MUST be noted by the Relying Party as the Claimed Identifier and be
|
|
danielebarchiesi@0
|
133 // used when requesting authentication.
|
|
danielebarchiesi@0
|
134
|
|
danielebarchiesi@0
|
135 // Single redirect.
|
|
danielebarchiesi@0
|
136 $identity = $expected_claimed_id = url('openid-test/redirected/yadis/xrds/1', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
137 $this->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 0);
|
|
danielebarchiesi@0
|
138
|
|
danielebarchiesi@0
|
139 // Exact 3 redirects (default value for the 'max_redirects' option in
|
|
danielebarchiesi@0
|
140 // drupal_http_request()).
|
|
danielebarchiesi@0
|
141 $identity = $expected_claimed_id = url('openid-test/redirected/yadis/xrds/2', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
142 $this->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 2);
|
|
danielebarchiesi@0
|
143
|
|
danielebarchiesi@0
|
144 // Fails because there are more than 3 redirects (default value for the
|
|
danielebarchiesi@0
|
145 // 'max_redirects' option in drupal_http_request()).
|
|
danielebarchiesi@0
|
146 $identity = url('openid-test/redirected/yadis/xrds/3', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
147 $expected_claimed_id = FALSE;
|
|
danielebarchiesi@0
|
148 $this->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 3);
|
|
danielebarchiesi@0
|
149 }
|
|
danielebarchiesi@0
|
150
|
|
danielebarchiesi@0
|
151 /**
|
|
danielebarchiesi@0
|
152 * Test login using OpenID.
|
|
danielebarchiesi@0
|
153 */
|
|
danielebarchiesi@0
|
154 function testLogin() {
|
|
danielebarchiesi@0
|
155 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
156
|
|
danielebarchiesi@0
|
157 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
158 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
159 $this->addIdentity($identity);
|
|
danielebarchiesi@0
|
160
|
|
danielebarchiesi@0
|
161 $this->drupalLogout();
|
|
danielebarchiesi@0
|
162
|
|
danielebarchiesi@0
|
163 // Test logging in via the login block on the front page.
|
|
danielebarchiesi@0
|
164 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
165 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
166
|
|
danielebarchiesi@0
|
167 $this->drupalLogout();
|
|
danielebarchiesi@0
|
168
|
|
danielebarchiesi@0
|
169 // Test logging in via the user/login page.
|
|
danielebarchiesi@0
|
170 $edit = array('openid_identifier' => $identity);
|
|
danielebarchiesi@0
|
171 $this->drupalPost('user/login', $edit, t('Log in'));
|
|
danielebarchiesi@0
|
172
|
|
danielebarchiesi@0
|
173 // Check we are on the OpenID redirect form.
|
|
danielebarchiesi@0
|
174 $this->assertTitle(t('OpenID redirect'), 'OpenID redirect page was displayed.');
|
|
danielebarchiesi@0
|
175
|
|
danielebarchiesi@0
|
176 // Submit form to the OpenID Provider Endpoint.
|
|
danielebarchiesi@0
|
177 $this->drupalPost(NULL, array(), t('Send'));
|
|
danielebarchiesi@0
|
178
|
|
danielebarchiesi@0
|
179 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
180
|
|
danielebarchiesi@0
|
181 // Verify user was redirected away from user/login to an accessible page.
|
|
danielebarchiesi@0
|
182 $this->assertResponse(200);
|
|
danielebarchiesi@0
|
183
|
|
danielebarchiesi@0
|
184 $this->drupalLogout();
|
|
danielebarchiesi@0
|
185 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
186 // Tell the test module to add a doctype. This should fail.
|
|
danielebarchiesi@0
|
187 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE, 'query' => array('doctype' => 1)));
|
|
danielebarchiesi@0
|
188 // Test logging in via the login block on the front page.
|
|
danielebarchiesi@0
|
189 $edit = array('openid_identifier' => $identity);
|
|
danielebarchiesi@0
|
190 $this->drupalPost('', $edit, t('Log in'));
|
|
danielebarchiesi@0
|
191 $this->assertRaw(t('Sorry, that is not a valid OpenID. Ensure you have spelled your ID correctly.'), 'XML with DOCTYPE was rejected.');
|
|
danielebarchiesi@0
|
192 }
|
|
danielebarchiesi@0
|
193
|
|
danielebarchiesi@0
|
194 /**
|
|
danielebarchiesi@0
|
195 * Test login using OpenID during maintenance mode.
|
|
danielebarchiesi@0
|
196 */
|
|
danielebarchiesi@0
|
197 function testLoginMaintenanceMode() {
|
|
danielebarchiesi@0
|
198 $this->web_user = $this->drupalCreateUser(array('access site in maintenance mode'));
|
|
danielebarchiesi@0
|
199 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
200
|
|
danielebarchiesi@0
|
201 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
202 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
203 $this->addIdentity($identity);
|
|
danielebarchiesi@0
|
204 $this->drupalLogout();
|
|
danielebarchiesi@0
|
205
|
|
danielebarchiesi@0
|
206 // Enable maintenance mode.
|
|
danielebarchiesi@0
|
207 variable_set('maintenance_mode', 1);
|
|
danielebarchiesi@0
|
208
|
|
danielebarchiesi@0
|
209 // Test logging in via the user/login page while the site is offline.
|
|
danielebarchiesi@0
|
210 $edit = array('openid_identifier' => $identity);
|
|
danielebarchiesi@0
|
211 $this->drupalPost('user/login', $edit, t('Log in'));
|
|
danielebarchiesi@0
|
212
|
|
danielebarchiesi@0
|
213 // Check we are on the OpenID redirect form.
|
|
danielebarchiesi@0
|
214 $this->assertTitle(t('OpenID redirect'), 'OpenID redirect page was displayed.');
|
|
danielebarchiesi@0
|
215
|
|
danielebarchiesi@0
|
216 // Submit form to the OpenID Provider Endpoint.
|
|
danielebarchiesi@0
|
217 $this->drupalPost(NULL, array(), t('Send'));
|
|
danielebarchiesi@0
|
218
|
|
danielebarchiesi@0
|
219 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
220
|
|
danielebarchiesi@0
|
221 // Verify user was redirected away from user/login to an accessible page.
|
|
danielebarchiesi@0
|
222 $this->assertText(t('Operating in maintenance mode.'));
|
|
danielebarchiesi@0
|
223 $this->assertResponse(200);
|
|
danielebarchiesi@0
|
224 }
|
|
danielebarchiesi@0
|
225
|
|
danielebarchiesi@0
|
226 /**
|
|
danielebarchiesi@0
|
227 * Test deleting an OpenID identity from a user's profile.
|
|
danielebarchiesi@0
|
228 */
|
|
danielebarchiesi@0
|
229 function testDelete() {
|
|
danielebarchiesi@0
|
230 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
231
|
|
danielebarchiesi@0
|
232 // Add identity to user's profile.
|
|
danielebarchiesi@0
|
233 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
234 $this->addIdentity($identity);
|
|
danielebarchiesi@0
|
235 $this->assertText($identity, 'Identity appears in list.');
|
|
danielebarchiesi@0
|
236
|
|
danielebarchiesi@0
|
237 // Delete the newly added identity.
|
|
danielebarchiesi@0
|
238 $this->clickLink(t('Delete'));
|
|
danielebarchiesi@0
|
239 $this->drupalPost(NULL, array(), t('Confirm'));
|
|
danielebarchiesi@0
|
240
|
|
danielebarchiesi@0
|
241 $this->assertText(t('OpenID deleted.'), 'Identity deleted');
|
|
danielebarchiesi@0
|
242 $this->assertNoText($identity, 'Identity no longer appears in list.');
|
|
danielebarchiesi@0
|
243 }
|
|
danielebarchiesi@0
|
244
|
|
danielebarchiesi@0
|
245 /**
|
|
danielebarchiesi@0
|
246 * Test that a blocked user cannot log in.
|
|
danielebarchiesi@0
|
247 */
|
|
danielebarchiesi@0
|
248 function testBlockedUserLogin() {
|
|
danielebarchiesi@0
|
249 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
250 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
251
|
|
danielebarchiesi@0
|
252 // Log in and add an OpenID Identity to the account.
|
|
danielebarchiesi@0
|
253 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
254 $this->addIdentity($identity);
|
|
danielebarchiesi@0
|
255 $this->drupalLogout();
|
|
danielebarchiesi@0
|
256
|
|
danielebarchiesi@0
|
257 // Log in as an admin user and block the account.
|
|
danielebarchiesi@0
|
258 $admin_user = $this->drupalCreateUser(array('administer users'));
|
|
danielebarchiesi@0
|
259 $this->drupalLogin($admin_user);
|
|
danielebarchiesi@0
|
260 $this->drupalGet('admin/people');
|
|
danielebarchiesi@0
|
261 $edit = array(
|
|
danielebarchiesi@0
|
262 'operation' => 'block',
|
|
danielebarchiesi@0
|
263 'accounts[' . $this->web_user->uid . ']' => TRUE,
|
|
danielebarchiesi@0
|
264 );
|
|
danielebarchiesi@0
|
265 $this->drupalPost('admin/people', $edit, t('Update'));
|
|
danielebarchiesi@0
|
266 $this->assertRaw('The update has been performed.', 'Account was blocked.');
|
|
danielebarchiesi@0
|
267 $this->drupalLogout();
|
|
danielebarchiesi@0
|
268
|
|
danielebarchiesi@0
|
269 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
270 $this->assertRaw(t('The username %name has not been activated or is blocked.', array('%name' => $this->web_user->name)), 'User login was blocked.');
|
|
danielebarchiesi@0
|
271 }
|
|
danielebarchiesi@0
|
272
|
|
danielebarchiesi@0
|
273 /**
|
|
danielebarchiesi@0
|
274 * Add OpenID identity to user's profile.
|
|
danielebarchiesi@0
|
275 *
|
|
danielebarchiesi@0
|
276 * @param $identity
|
|
danielebarchiesi@0
|
277 * The User-supplied Identifier.
|
|
danielebarchiesi@0
|
278 * @param $version
|
|
danielebarchiesi@0
|
279 * The protocol version used by the service.
|
|
danielebarchiesi@0
|
280 * @param $local_id
|
|
danielebarchiesi@0
|
281 * The expected OP-Local Identifier found during discovery.
|
|
danielebarchiesi@0
|
282 * @param $claimed_id
|
|
danielebarchiesi@0
|
283 * The expected Claimed Identifier returned by the OpenID Provider, or FALSE
|
|
danielebarchiesi@0
|
284 * if the discovery is expected to fail.
|
|
danielebarchiesi@0
|
285 */
|
|
danielebarchiesi@0
|
286 function addIdentity($identity, $version = 2, $local_id = 'http://example.com/xrds', $claimed_id = NULL) {
|
|
danielebarchiesi@0
|
287 // Tell openid_test.module to only accept this OP-Local Identifier.
|
|
danielebarchiesi@0
|
288 variable_set('openid_test_identity', $local_id);
|
|
danielebarchiesi@0
|
289
|
|
danielebarchiesi@0
|
290 $edit = array('openid_identifier' => $identity);
|
|
danielebarchiesi@0
|
291 $this->drupalPost('user/' . $this->web_user->uid . '/openid', $edit, t('Add an OpenID'));
|
|
danielebarchiesi@0
|
292
|
|
danielebarchiesi@0
|
293 if ($claimed_id === FALSE) {
|
|
danielebarchiesi@0
|
294 $this->assertRaw(t('Sorry, that is not a valid OpenID. Ensure you have spelled your ID correctly.'), 'Invalid identity was rejected.');
|
|
danielebarchiesi@0
|
295 return;
|
|
danielebarchiesi@0
|
296 }
|
|
danielebarchiesi@0
|
297
|
|
danielebarchiesi@0
|
298 // OpenID 1 used a HTTP redirect, OpenID 2 uses a HTML form that is submitted automatically using JavaScript.
|
|
danielebarchiesi@0
|
299 if ($version == 2) {
|
|
danielebarchiesi@0
|
300 // Check we are on the OpenID redirect form.
|
|
danielebarchiesi@0
|
301 $this->assertTitle(t('OpenID redirect'), 'OpenID redirect page was displayed.');
|
|
danielebarchiesi@0
|
302
|
|
danielebarchiesi@0
|
303 // Submit form to the OpenID Provider Endpoint.
|
|
danielebarchiesi@0
|
304 $this->drupalPost(NULL, array(), t('Send'));
|
|
danielebarchiesi@0
|
305 }
|
|
danielebarchiesi@0
|
306
|
|
danielebarchiesi@0
|
307 if (!isset($claimed_id)) {
|
|
danielebarchiesi@0
|
308 $claimed_id = $identity;
|
|
danielebarchiesi@0
|
309 }
|
|
danielebarchiesi@0
|
310 $this->assertRaw(t('Successfully added %identity', array('%identity' => $claimed_id)), format_string('Identity %identity was added.', array('%identity' => $identity)));
|
|
danielebarchiesi@0
|
311 }
|
|
danielebarchiesi@0
|
312
|
|
danielebarchiesi@0
|
313 /**
|
|
danielebarchiesi@0
|
314 * Add OpenID identity, changed by the following redirects, to user's profile.
|
|
danielebarchiesi@0
|
315 *
|
|
danielebarchiesi@0
|
316 * According to OpenID Authentication 2.0, section 7.2.4, URL Identifiers MUST
|
|
danielebarchiesi@0
|
317 * be further normalized by following redirects when retrieving their content
|
|
danielebarchiesi@0
|
318 * and this final URL MUST be noted by the Relying Party as the Claimed
|
|
danielebarchiesi@0
|
319 * Identifier and be used when requesting authentication.
|
|
danielebarchiesi@0
|
320 *
|
|
danielebarchiesi@0
|
321 * @param $identity
|
|
danielebarchiesi@0
|
322 * The User-supplied Identifier.
|
|
danielebarchiesi@0
|
323 * @param $version
|
|
danielebarchiesi@0
|
324 * The protocol version used by the service.
|
|
danielebarchiesi@0
|
325 * @param $local_id
|
|
danielebarchiesi@0
|
326 * The expected OP-Local Identifier found during discovery.
|
|
danielebarchiesi@0
|
327 * @param $claimed_id
|
|
danielebarchiesi@0
|
328 * The expected Claimed Identifier returned by the OpenID Provider, or FALSE
|
|
danielebarchiesi@0
|
329 * if the discovery is expected to fail.
|
|
danielebarchiesi@0
|
330 * @param $redirects
|
|
danielebarchiesi@0
|
331 * The number of redirects.
|
|
danielebarchiesi@0
|
332 */
|
|
danielebarchiesi@0
|
333 function addRedirectedIdentity($identity, $version = 2, $local_id = 'http://example.com/xrds', $claimed_id = NULL, $redirects = 0) {
|
|
danielebarchiesi@0
|
334 // Set the final destination URL which is the same as the Claimed
|
|
danielebarchiesi@0
|
335 // Identifier, we insert the same identifier also to the provider response,
|
|
danielebarchiesi@0
|
336 // but provider could further change the Claimed ID actually (e.g. it could
|
|
danielebarchiesi@0
|
337 // add unique fragment).
|
|
danielebarchiesi@0
|
338 variable_set('openid_test_redirect_url', $identity);
|
|
danielebarchiesi@0
|
339 variable_set('openid_test_response', array('openid.claimed_id' => $identity));
|
|
danielebarchiesi@0
|
340
|
|
danielebarchiesi@0
|
341 $this->addIdentity(url('openid-test/redirect/' . $redirects, array('absolute' => TRUE)), $version, $local_id, $claimed_id);
|
|
danielebarchiesi@0
|
342
|
|
danielebarchiesi@0
|
343 // Clean up.
|
|
danielebarchiesi@0
|
344 variable_del('openid_test_redirect_url');
|
|
danielebarchiesi@0
|
345 variable_del('openid_test_response');
|
|
danielebarchiesi@0
|
346 }
|
|
danielebarchiesi@0
|
347
|
|
danielebarchiesi@0
|
348 /**
|
|
danielebarchiesi@0
|
349 * Tests that openid.signed is verified.
|
|
danielebarchiesi@0
|
350 */
|
|
danielebarchiesi@0
|
351 function testSignatureValidation() {
|
|
danielebarchiesi@0
|
352 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
353 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
354
|
|
danielebarchiesi@0
|
355 // Respond with an invalid signature.
|
|
danielebarchiesi@0
|
356 variable_set('openid_test_response', array('openid.sig' => 'this-is-an-invalid-signature'));
|
|
danielebarchiesi@0
|
357 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
358 $this->assertRaw('OpenID login failed.');
|
|
danielebarchiesi@0
|
359
|
|
danielebarchiesi@0
|
360 // Do not sign the mandatory field openid.assoc_handle.
|
|
danielebarchiesi@0
|
361 variable_set('openid_test_response', array('openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce'));
|
|
danielebarchiesi@0
|
362 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
363 $this->assertRaw('OpenID login failed.');
|
|
danielebarchiesi@0
|
364
|
|
danielebarchiesi@0
|
365 // Sign all mandatory fields and a custom field.
|
|
danielebarchiesi@0
|
366 $keys_to_sign = array('op_endpoint', 'claimed_id', 'identity', 'return_to', 'response_nonce', 'assoc_handle', 'foo');
|
|
danielebarchiesi@0
|
367 $association = new stdClass();
|
|
danielebarchiesi@0
|
368 $association->mac_key = variable_get('mac_key');
|
|
danielebarchiesi@0
|
369 $response = array(
|
|
danielebarchiesi@0
|
370 'openid.op_endpoint' => url('openid-test/endpoint', array('absolute' => TRUE)),
|
|
danielebarchiesi@0
|
371 'openid.claimed_id' => $identity,
|
|
danielebarchiesi@0
|
372 'openid.identity' => $identity,
|
|
danielebarchiesi@0
|
373 'openid.return_to' => url('openid/authenticate', array('absolute' => TRUE)),
|
|
danielebarchiesi@0
|
374 'openid.response_nonce' => _openid_nonce(),
|
|
danielebarchiesi@0
|
375 'openid.assoc_handle' => 'openid-test',
|
|
danielebarchiesi@0
|
376 'openid.foo' => 123,
|
|
danielebarchiesi@0
|
377 'openid.signed' => implode(',', $keys_to_sign),
|
|
danielebarchiesi@0
|
378 );
|
|
danielebarchiesi@0
|
379 $response['openid.sig'] = _openid_signature($association, $response, $keys_to_sign);
|
|
danielebarchiesi@0
|
380 variable_set('openid_test_response', $response);
|
|
danielebarchiesi@0
|
381 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
382 $this->assertNoRaw('OpenID login failed.');
|
|
danielebarchiesi@0
|
383 $this->assertFieldByName('name', '', 'No username was supplied by provider.');
|
|
danielebarchiesi@0
|
384 $this->assertFieldByName('mail', '', 'No e-mail address was supplied by provider.');
|
|
danielebarchiesi@0
|
385
|
|
danielebarchiesi@0
|
386 // Check that unsigned SREG fields are ignored.
|
|
danielebarchiesi@0
|
387 $response = array(
|
|
danielebarchiesi@0
|
388 'openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle,sreg.nickname',
|
|
danielebarchiesi@0
|
389 'openid.sreg.nickname' => 'john',
|
|
danielebarchiesi@0
|
390 'openid.sreg.email' => 'john@example.com',
|
|
danielebarchiesi@0
|
391 );
|
|
danielebarchiesi@0
|
392 variable_set('openid_test_response', $response);
|
|
danielebarchiesi@0
|
393 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
394 $this->assertNoRaw('OpenID login failed.');
|
|
danielebarchiesi@0
|
395 $this->assertFieldByName('name', 'john', 'Username was supplied by provider.');
|
|
danielebarchiesi@0
|
396 $this->assertFieldByName('mail', '', 'E-mail address supplied by provider was ignored.');
|
|
danielebarchiesi@0
|
397 }
|
|
danielebarchiesi@0
|
398 }
|
|
danielebarchiesi@0
|
399
|
|
danielebarchiesi@0
|
400 /**
|
|
danielebarchiesi@0
|
401 * Test account registration using Simple Registration and Attribute Exchange.
|
|
danielebarchiesi@0
|
402 */
|
|
danielebarchiesi@0
|
403 class OpenIDRegistrationTestCase extends OpenIDWebTestCase {
|
|
danielebarchiesi@0
|
404 public static function getInfo() {
|
|
danielebarchiesi@0
|
405 return array(
|
|
danielebarchiesi@0
|
406 'name' => 'OpenID account registration',
|
|
danielebarchiesi@0
|
407 'description' => 'Creates a user account using auto-registration.',
|
|
danielebarchiesi@0
|
408 'group' => 'OpenID'
|
|
danielebarchiesi@0
|
409 );
|
|
danielebarchiesi@0
|
410 }
|
|
danielebarchiesi@0
|
411
|
|
danielebarchiesi@0
|
412 function setUp() {
|
|
danielebarchiesi@0
|
413 parent::setUp('openid', 'openid_test');
|
|
danielebarchiesi@0
|
414 variable_set('user_register', USER_REGISTER_VISITORS);
|
|
danielebarchiesi@0
|
415 }
|
|
danielebarchiesi@0
|
416
|
|
danielebarchiesi@0
|
417 /**
|
|
danielebarchiesi@0
|
418 * Test OpenID auto-registration with e-mail verification enabled.
|
|
danielebarchiesi@0
|
419 */
|
|
danielebarchiesi@0
|
420 function testRegisterUserWithEmailVerification() {
|
|
danielebarchiesi@0
|
421 variable_set('user_email_verification', TRUE);
|
|
danielebarchiesi@0
|
422
|
|
danielebarchiesi@0
|
423 // Tell openid_test.module to respond with these SREG fields.
|
|
danielebarchiesi@0
|
424 variable_set('openid_test_response', array('openid.sreg.nickname' => 'john', 'openid.sreg.email' => 'john@example.com'));
|
|
danielebarchiesi@0
|
425
|
|
danielebarchiesi@0
|
426 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
427 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
428 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
429 $this->assertRaw(t('Once you have verified your e-mail address, you may log in via OpenID.'), 'User was asked to verify e-mail address.');
|
|
danielebarchiesi@0
|
430 $this->assertRaw(t('A welcome message with further instructions has been sent to your e-mail address.'), 'A welcome message was sent to the user.');
|
|
danielebarchiesi@0
|
431 $reset_url = $this->getPasswordResetURLFromMail();
|
|
danielebarchiesi@0
|
432
|
|
danielebarchiesi@0
|
433 $user = user_load_by_name('john');
|
|
danielebarchiesi@0
|
434 $this->assertTrue($user, 'User was registered with right username.');
|
|
danielebarchiesi@0
|
435 $this->assertEqual($user->mail, 'john@example.com', 'User was registered with right email address.');
|
|
danielebarchiesi@0
|
436 $this->assertFalse($user->data, 'No additional user info was saved.');
|
|
danielebarchiesi@0
|
437
|
|
danielebarchiesi@0
|
438 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
439 $this->assertRaw(t('You must validate your email address for this account before logging in via OpenID.'));
|
|
danielebarchiesi@0
|
440
|
|
danielebarchiesi@0
|
441 // Follow the one-time login that was sent in the welcome e-mail.
|
|
danielebarchiesi@0
|
442 $this->drupalGet($reset_url);
|
|
danielebarchiesi@0
|
443 $this->drupalPost(NULL, array(), t('Log in'));
|
|
danielebarchiesi@0
|
444
|
|
danielebarchiesi@0
|
445 $this->drupalLogout();
|
|
danielebarchiesi@0
|
446
|
|
danielebarchiesi@0
|
447 // Verify that the account was activated.
|
|
danielebarchiesi@0
|
448 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
449 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
450 }
|
|
danielebarchiesi@0
|
451
|
|
danielebarchiesi@0
|
452 /**
|
|
danielebarchiesi@0
|
453 * Test OpenID auto-registration with e-mail verification disabled.
|
|
danielebarchiesi@0
|
454 */
|
|
danielebarchiesi@0
|
455 function testRegisterUserWithoutEmailVerification() {
|
|
danielebarchiesi@0
|
456 variable_set('user_email_verification', FALSE);
|
|
danielebarchiesi@0
|
457
|
|
danielebarchiesi@0
|
458 // Tell openid_test.module to respond with these SREG fields.
|
|
danielebarchiesi@0
|
459 variable_set('openid_test_response', array('openid.sreg.nickname' => 'john', 'openid.sreg.email' => 'john@example.com'));
|
|
danielebarchiesi@0
|
460
|
|
danielebarchiesi@0
|
461 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
462 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
463 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
464 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
465
|
|
danielebarchiesi@0
|
466 $user = user_load_by_name('john');
|
|
danielebarchiesi@0
|
467 $this->assertTrue($user, 'User was registered with right username.');
|
|
danielebarchiesi@0
|
468 $this->assertEqual($user->mail, 'john@example.com', 'User was registered with right email address.');
|
|
danielebarchiesi@0
|
469 $this->assertFalse($user->data, 'No additional user info was saved.');
|
|
danielebarchiesi@0
|
470
|
|
danielebarchiesi@0
|
471 $this->drupalLogout();
|
|
danielebarchiesi@0
|
472
|
|
danielebarchiesi@0
|
473 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
474 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
475 }
|
|
danielebarchiesi@0
|
476
|
|
danielebarchiesi@0
|
477 /**
|
|
danielebarchiesi@0
|
478 * Test OpenID auto-registration with a provider that supplies invalid SREG
|
|
danielebarchiesi@0
|
479 * information (a username that is already taken, and no e-mail address).
|
|
danielebarchiesi@0
|
480 */
|
|
danielebarchiesi@0
|
481 function testRegisterUserWithInvalidSreg() {
|
|
danielebarchiesi@0
|
482 // Tell openid_test.module to respond with these SREG fields.
|
|
danielebarchiesi@0
|
483 $web_user = $this->drupalCreateUser(array());
|
|
danielebarchiesi@0
|
484 variable_set('openid_test_response', array('openid.sreg.nickname' => $web_user->name, 'openid.sreg.email' => 'mail@invalid#'));
|
|
danielebarchiesi@0
|
485
|
|
danielebarchiesi@0
|
486 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
487 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
488 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
489
|
|
danielebarchiesi@0
|
490 $this->assertRaw(t('Account registration using the information provided by your OpenID provider failed due to the reasons listed below. Complete the registration by filling out the form below. If you already have an account, you can <a href="@login">log in</a> now and add your OpenID under "My account".', array('@login' => url('user/login'))), 'User was asked to complete the registration process manually.');
|
|
danielebarchiesi@0
|
491 $this->assertRaw(t('The name %name is already taken.', array('%name' => $web_user->name)), 'Form validation error for username was displayed.');
|
|
danielebarchiesi@0
|
492 $this->assertRaw(t('The e-mail address %mail is not valid.', array('%mail' => 'mail@invalid#')), 'Form validation error for e-mail address was displayed.');
|
|
danielebarchiesi@0
|
493
|
|
danielebarchiesi@0
|
494 // Enter username and e-mail address manually.
|
|
danielebarchiesi@0
|
495 $edit = array('name' => 'john', 'mail' => 'john@example.com');
|
|
danielebarchiesi@0
|
496 $this->drupalPost(NULL, $edit, t('Create new account'));
|
|
danielebarchiesi@0
|
497 $this->assertRaw(t('Once you have verified your e-mail address, you may log in via OpenID.'), 'User was asked to verify e-mail address.');
|
|
danielebarchiesi@0
|
498 $reset_url = $this->getPasswordResetURLFromMail();
|
|
danielebarchiesi@0
|
499
|
|
danielebarchiesi@0
|
500 $user = user_load_by_name('john');
|
|
danielebarchiesi@0
|
501 $this->assertTrue($user, 'User was registered with right username.');
|
|
danielebarchiesi@0
|
502 $this->assertFalse($user->data, 'No additional user info was saved.');
|
|
danielebarchiesi@0
|
503
|
|
danielebarchiesi@0
|
504 // Follow the one-time login that was sent in the welcome e-mail.
|
|
danielebarchiesi@0
|
505 $this->drupalGet($reset_url);
|
|
danielebarchiesi@0
|
506 $this->drupalPost(NULL, array(), t('Log in'));
|
|
danielebarchiesi@0
|
507
|
|
danielebarchiesi@0
|
508 // The user is taken to user/%uid/edit.
|
|
danielebarchiesi@0
|
509 $this->assertFieldByName('mail', 'john@example.com', 'User was registered with right e-mail address.');
|
|
danielebarchiesi@0
|
510
|
|
danielebarchiesi@0
|
511 $this->clickLink(t('OpenID identities'));
|
|
danielebarchiesi@0
|
512 $this->assertRaw($identity, 'OpenID identity was registered.');
|
|
danielebarchiesi@0
|
513 }
|
|
danielebarchiesi@0
|
514
|
|
danielebarchiesi@0
|
515 /**
|
|
danielebarchiesi@0
|
516 * Test OpenID auto-registration with a provider that does not supply SREG
|
|
danielebarchiesi@0
|
517 * information (i.e. no username or e-mail address).
|
|
danielebarchiesi@0
|
518 */
|
|
danielebarchiesi@0
|
519 function testRegisterUserWithoutSreg() {
|
|
danielebarchiesi@0
|
520 // Load the front page to get the user login block.
|
|
danielebarchiesi@0
|
521 $this->drupalGet('');
|
|
danielebarchiesi@0
|
522
|
|
danielebarchiesi@0
|
523 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
524 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
525 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
526 $this->assertRaw(t('Complete the registration by filling out the form below. If you already have an account, you can <a href="@login">log in</a> now and add your OpenID under "My account".', array('@login' => url('user/login'))), 'User was asked to complete the registration process manually.');
|
|
danielebarchiesi@0
|
527 $this->assertNoRaw(t('You must enter a username.'), 'Form validation error for username was not displayed.');
|
|
danielebarchiesi@0
|
528 $this->assertNoRaw(t('You must enter an e-mail address.'), 'Form validation error for e-mail address was not displayed.');
|
|
danielebarchiesi@0
|
529
|
|
danielebarchiesi@0
|
530 // Enter username and e-mail address manually.
|
|
danielebarchiesi@0
|
531 $edit = array('name' => 'john', 'mail' => 'john@example.com');
|
|
danielebarchiesi@0
|
532 $this->drupalPost(NULL, $edit, t('Create new account'));
|
|
danielebarchiesi@0
|
533 $this->assertRaw(t('Once you have verified your e-mail address, you may log in via OpenID.'), 'User was asked to verify e-mail address.');
|
|
danielebarchiesi@0
|
534 $reset_url = $this->getPasswordResetURLFromMail();
|
|
danielebarchiesi@0
|
535
|
|
danielebarchiesi@0
|
536 $user = user_load_by_name('john');
|
|
danielebarchiesi@0
|
537 $this->assertTrue($user, 'User was registered with right username.');
|
|
danielebarchiesi@0
|
538 $this->assertFalse($user->data, 'No additional user info was saved.');
|
|
danielebarchiesi@0
|
539
|
|
danielebarchiesi@0
|
540 // Follow the one-time login that was sent in the welcome e-mail.
|
|
danielebarchiesi@0
|
541 $this->drupalGet($reset_url);
|
|
danielebarchiesi@0
|
542 $this->drupalPost(NULL, array(), t('Log in'));
|
|
danielebarchiesi@0
|
543
|
|
danielebarchiesi@0
|
544 // The user is taken to user/%uid/edit.
|
|
danielebarchiesi@0
|
545 $this->assertFieldByName('mail', 'john@example.com', 'User was registered with right e-mail address.');
|
|
danielebarchiesi@0
|
546
|
|
danielebarchiesi@0
|
547 $this->clickLink(t('OpenID identities'));
|
|
danielebarchiesi@0
|
548 $this->assertRaw($identity, 'OpenID identity was registered.');
|
|
danielebarchiesi@0
|
549 }
|
|
danielebarchiesi@0
|
550
|
|
danielebarchiesi@0
|
551 /**
|
|
danielebarchiesi@0
|
552 * Test OpenID auto-registration with a provider that supplies AX information,
|
|
danielebarchiesi@0
|
553 * but no SREG.
|
|
danielebarchiesi@0
|
554 */
|
|
danielebarchiesi@0
|
555 function testRegisterUserWithAXButNoSREG() {
|
|
danielebarchiesi@0
|
556 variable_set('user_email_verification', FALSE);
|
|
danielebarchiesi@0
|
557
|
|
danielebarchiesi@0
|
558 // Tell openid_test.module to respond with these AX fields.
|
|
danielebarchiesi@0
|
559 variable_set('openid_test_response', array(
|
|
danielebarchiesi@0
|
560 'openid.ns.ext123' => 'http://openid.net/srv/ax/1.0',
|
|
danielebarchiesi@0
|
561 'openid.ext123.type.mail456' => 'http://axschema.org/contact/email',
|
|
danielebarchiesi@0
|
562 'openid.ext123.value.mail456' => 'john@example.com',
|
|
danielebarchiesi@0
|
563 'openid.ext123.type.name789' => 'http://schema.openid.net/namePerson/friendly',
|
|
danielebarchiesi@0
|
564 'openid.ext123.count.name789' => '1',
|
|
danielebarchiesi@0
|
565 'openid.ext123.value.name789.1' => 'john',
|
|
danielebarchiesi@0
|
566 ));
|
|
danielebarchiesi@0
|
567
|
|
danielebarchiesi@0
|
568 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
569 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
|
|
danielebarchiesi@0
|
570 $this->submitLoginForm($identity);
|
|
danielebarchiesi@0
|
571 $this->assertLink(t('Log out'), 0, 'User was logged in.');
|
|
danielebarchiesi@0
|
572
|
|
danielebarchiesi@0
|
573 $user = user_load_by_name('john');
|
|
danielebarchiesi@0
|
574 $this->assertTrue($user, 'User was registered with right username.');
|
|
danielebarchiesi@0
|
575 $this->assertEqual($user->mail, 'john@example.com', 'User was registered with right email address.');
|
|
danielebarchiesi@0
|
576 }
|
|
danielebarchiesi@0
|
577 }
|
|
danielebarchiesi@0
|
578
|
|
danielebarchiesi@0
|
579 /**
|
|
danielebarchiesi@0
|
580 * Test account registration using Simple Registration and Attribute Exchange.
|
|
danielebarchiesi@0
|
581 */
|
|
danielebarchiesi@0
|
582 class OpenIDInvalidIdentifierTransitionTestCase extends OpenIDFunctionalTestCase {
|
|
danielebarchiesi@0
|
583
|
|
danielebarchiesi@0
|
584 public static function getInfo() {
|
|
danielebarchiesi@0
|
585 return array(
|
|
danielebarchiesi@0
|
586 'name' => 'OpenID account update',
|
|
danielebarchiesi@0
|
587 'description' => 'Tries to correct OpenID identifiers attached to accounts if their identifiers were stripped.',
|
|
danielebarchiesi@0
|
588 'group' => 'OpenID',
|
|
danielebarchiesi@0
|
589 );
|
|
danielebarchiesi@0
|
590 }
|
|
danielebarchiesi@0
|
591
|
|
danielebarchiesi@0
|
592 function setUp() {
|
|
danielebarchiesi@0
|
593 parent::setUp('openid', 'openid_test');
|
|
danielebarchiesi@0
|
594 variable_set('user_register', USER_REGISTER_VISITORS);
|
|
danielebarchiesi@0
|
595 variable_set('openid_less_obtrusive_transition', TRUE);
|
|
danielebarchiesi@0
|
596 }
|
|
danielebarchiesi@0
|
597
|
|
danielebarchiesi@0
|
598 /**
|
|
danielebarchiesi@0
|
599 * Test OpenID transition with e-mail mismatch.
|
|
danielebarchiesi@0
|
600 */
|
|
danielebarchiesi@0
|
601 function testStrippedFragmentAccountEmailMismatch() {
|
|
danielebarchiesi@0
|
602 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
603
|
|
danielebarchiesi@0
|
604 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
605 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE, 'fragment' => $this->randomName()));
|
|
danielebarchiesi@0
|
606 $identity_stripped = preg_replace('/#.*/', '', $identity);
|
|
danielebarchiesi@0
|
607
|
|
danielebarchiesi@0
|
608 // Add invalid identifier to the authmap (identifier has stripped fragment).
|
|
danielebarchiesi@0
|
609 $this->addIdentity($identity_stripped);
|
|
danielebarchiesi@0
|
610 $this->drupalLogout();
|
|
danielebarchiesi@0
|
611
|
|
danielebarchiesi@0
|
612 // Test logging in via the login form, provider will respond with full
|
|
danielebarchiesi@0
|
613 // identifier (including fragment) but with different email, so we can't
|
|
danielebarchiesi@0
|
614 // provide auto-update.
|
|
danielebarchiesi@0
|
615 variable_set('openid_test_response', array(
|
|
danielebarchiesi@0
|
616 'openid.claimed_id' => $identity,
|
|
danielebarchiesi@0
|
617 'openid.sreg.nickname' => $this->web_user->name,
|
|
danielebarchiesi@0
|
618 'openid.sreg.email' => 'invalid-' . $this->web_user->mail));
|
|
danielebarchiesi@0
|
619
|
|
danielebarchiesi@0
|
620 $edit = array('openid_identifier' => $identity_stripped);
|
|
danielebarchiesi@0
|
621 $this->submitLoginForm($identity_stripped);
|
|
danielebarchiesi@0
|
622
|
|
danielebarchiesi@0
|
623 // Verify user was redirected away from user login to an accessible page.
|
|
danielebarchiesi@0
|
624 $this->assertResponse(200);
|
|
danielebarchiesi@0
|
625
|
|
danielebarchiesi@0
|
626 // Verify the message.
|
|
danielebarchiesi@0
|
627 $this->assertRaw(t('There is already an existing account associated with the OpenID identifier that you have provided.'), 'Message that OpenID identifier must be updated manually was displayed.');
|
|
danielebarchiesi@0
|
628 }
|
|
danielebarchiesi@0
|
629
|
|
danielebarchiesi@0
|
630 /**
|
|
danielebarchiesi@0
|
631 * Test OpenID auto transition with e-mail.
|
|
danielebarchiesi@0
|
632 */
|
|
danielebarchiesi@0
|
633 function testStrippedFragmentAccountAutoUpdateSreg() {
|
|
danielebarchiesi@0
|
634 $this->drupalLogin($this->web_user);
|
|
danielebarchiesi@0
|
635
|
|
danielebarchiesi@0
|
636 // Use a User-supplied Identity that is the URL of an XRDS document.
|
|
danielebarchiesi@0
|
637 $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE, 'fragment' => $this->randomName()));
|
|
danielebarchiesi@0
|
638 $identity_stripped = preg_replace('/#.*/', '', $identity);
|
|
danielebarchiesi@0
|
639
|
|
danielebarchiesi@0
|
640 // Add invalid identifier to the authmap (identifier has stripped fragment).
|
|
danielebarchiesi@0
|
641 $this->addIdentity($identity_stripped);
|
|
danielebarchiesi@0
|
642 $this->drupalLogout();
|
|
danielebarchiesi@0
|
643
|
|
danielebarchiesi@0
|
644 // Test logging in via the login form, provider will respond with full
|
|
danielebarchiesi@0
|
645 // identifier (including fragment) but with different email, so we can't
|
|
danielebarchiesi@0
|
646 // provide auto-update.
|
|
danielebarchiesi@0
|
647 variable_set('openid_test_response', array(
|
|
danielebarchiesi@0
|
648 'openid.claimed_id' => $identity,
|
|
danielebarchiesi@0
|
649 'openid.sreg.nickname' => $this->web_user->name,
|
|
danielebarchiesi@0
|
650 'openid.sreg.email' => $this->web_user->mail));
|
|
danielebarchiesi@0
|
651
|
|
danielebarchiesi@0
|
652 $this->submitLoginForm($identity_stripped);
|
|
danielebarchiesi@0
|
653
|
|
danielebarchiesi@0
|
654 // Verify user was redirected away from user login to an accessible page.
|
|
danielebarchiesi@0
|
655 $this->assertResponse(200);
|
|
danielebarchiesi@0
|
656
|
|
danielebarchiesi@0
|
657 // Verify the message.
|
|
danielebarchiesi@0
|
658 $this->assertRaw(t('New OpenID identifier %identity was added as a replacement for invalid identifier %invalid_identity.', array('%invalid_identity' => $identity_stripped, '%identity' => $identity)), 'Message that OpenID identifier was added automatically was displayed.');
|
|
danielebarchiesi@0
|
659 }
|
|
danielebarchiesi@0
|
660 }
|
|
danielebarchiesi@0
|
661
|
|
danielebarchiesi@0
|
662 /**
|
|
danielebarchiesi@0
|
663 * Test internal helper functions.
|
|
danielebarchiesi@0
|
664 */
|
|
danielebarchiesi@0
|
665 class OpenIDTestCase extends DrupalWebTestCase {
|
|
danielebarchiesi@0
|
666 public static function getInfo() {
|
|
danielebarchiesi@0
|
667 return array(
|
|
danielebarchiesi@0
|
668 'name' => 'OpenID helper functions',
|
|
danielebarchiesi@0
|
669 'description' => 'Test OpenID helper functions.',
|
|
danielebarchiesi@0
|
670 'group' => 'OpenID'
|
|
danielebarchiesi@0
|
671 );
|
|
danielebarchiesi@0
|
672 }
|
|
danielebarchiesi@0
|
673
|
|
danielebarchiesi@0
|
674 function setUp() {
|
|
danielebarchiesi@0
|
675 parent::setUp('openid');
|
|
danielebarchiesi@0
|
676 module_load_include('inc', 'openid');
|
|
danielebarchiesi@0
|
677 }
|
|
danielebarchiesi@0
|
678
|
|
danielebarchiesi@0
|
679 /**
|
|
danielebarchiesi@0
|
680 * Test _openid_dh_XXX_to_XXX() functions.
|
|
danielebarchiesi@0
|
681 */
|
|
danielebarchiesi@0
|
682 function testConversion() {
|
|
danielebarchiesi@0
|
683 $this->assertEqual(_openid_dh_long_to_base64('12345678901234567890123456789012345678901234567890'), 'CHJ/Y2mq+DyhUCZ0evjH8ZbOPwrS', '_openid_dh_long_to_base64() returned expected result.');
|
|
danielebarchiesi@0
|
684 $this->assertEqual(_openid_dh_base64_to_long('BsH/g8Nrpn2dtBSdu/sr1y8hxwyx'), '09876543210987654321098765432109876543210987654321', '_openid_dh_base64_to_long() returned expected result.');
|
|
danielebarchiesi@0
|
685
|
|
danielebarchiesi@0
|
686 $this->assertEqual(_openid_dh_long_to_binary('12345678901234567890123456789012345678901234567890'), "\x08r\x7fci\xaa\xf8<\xa1P&tz\xf8\xc7\xf1\x96\xce?\x0a\xd2", '_openid_dh_long_to_binary() returned expected result.');
|
|
danielebarchiesi@0
|
687 $this->assertEqual(_openid_dh_binary_to_long("\x06\xc1\xff\x83\xc3k\xa6}\x9d\xb4\x14\x9d\xbb\xfb+\xd7/!\xc7\x0c\xb1"), '09876543210987654321098765432109876543210987654321', '_openid_dh_binary_to_long() returned expected result.');
|
|
danielebarchiesi@0
|
688 }
|
|
danielebarchiesi@0
|
689
|
|
danielebarchiesi@0
|
690 /**
|
|
danielebarchiesi@0
|
691 * Test _openid_dh_xorsecret().
|
|
danielebarchiesi@0
|
692 */
|
|
danielebarchiesi@0
|
693 function testOpenidDhXorsecret() {
|
|
danielebarchiesi@0
|
694 $this->assertEqual(_openid_dh_xorsecret('123456790123456790123456790', "abc123ABC\x00\xFF"), "\xa4'\x06\xbe\xf1.\x00y\xff\xc2\xc1", '_openid_dh_xorsecret() returned expected result.');
|
|
danielebarchiesi@0
|
695 }
|
|
danielebarchiesi@0
|
696
|
|
danielebarchiesi@0
|
697 /**
|
|
danielebarchiesi@0
|
698 * Test _openid_get_bytes().
|
|
danielebarchiesi@0
|
699 */
|
|
danielebarchiesi@0
|
700 function testOpenidGetBytes() {
|
|
danielebarchiesi@0
|
701 $this->assertEqual(strlen(_openid_get_bytes(20)), 20, '_openid_get_bytes() returned expected result.');
|
|
danielebarchiesi@0
|
702 }
|
|
danielebarchiesi@0
|
703
|
|
danielebarchiesi@0
|
704 /**
|
|
danielebarchiesi@0
|
705 * Test _openid_signature().
|
|
danielebarchiesi@0
|
706 */
|
|
danielebarchiesi@0
|
707 function testOpenidSignature() {
|
|
danielebarchiesi@0
|
708 // Test that signature is calculated according to OpenID Authentication 2.0,
|
|
danielebarchiesi@0
|
709 // section 6.1. In the following array, only the two first entries should be
|
|
danielebarchiesi@0
|
710 // included in the calculation, because the substring following the period
|
|
danielebarchiesi@0
|
711 // is mentioned in the third argument for _openid_signature(). The last
|
|
danielebarchiesi@0
|
712 // entry should not be included, because it does not start with "openid.".
|
|
danielebarchiesi@0
|
713 $response = array(
|
|
danielebarchiesi@0
|
714 'openid.foo' => 'abc1',
|
|
danielebarchiesi@0
|
715 'openid.bar' => 'abc2',
|
|
danielebarchiesi@0
|
716 'openid.baz' => 'abc3',
|
|
danielebarchiesi@0
|
717 'foobar.foo' => 'abc4',
|
|
danielebarchiesi@0
|
718 );
|
|
danielebarchiesi@0
|
719 $association = new stdClass();
|
|
danielebarchiesi@0
|
720 $association->mac_key = "1234567890abcdefghij\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8\xF9";
|
|
danielebarchiesi@0
|
721 $this->assertEqual(_openid_signature($association, $response, array('foo', 'bar')), 'QnKZQzSFstT+GNiJDFOptdcZjrc=', 'Expected signature calculated.');
|
|
danielebarchiesi@0
|
722 }
|
|
danielebarchiesi@0
|
723
|
|
danielebarchiesi@0
|
724 /**
|
|
danielebarchiesi@0
|
725 * Test _openid_is_xri().
|
|
danielebarchiesi@0
|
726 */
|
|
danielebarchiesi@0
|
727 function testOpenidXRITest() {
|
|
danielebarchiesi@0
|
728 // Test that the XRI test is according to OpenID Authentication 2.0,
|
|
danielebarchiesi@0
|
729 // section 7.2. If the user-supplied string starts with xri:// it should be
|
|
danielebarchiesi@0
|
730 // stripped and the resulting string should be treated as an XRI when it
|
|
danielebarchiesi@0
|
731 // starts with "=", "@", "+", "$", "!" or "(".
|
|
danielebarchiesi@0
|
732 $this->assertTrue(_openid_is_xri('xri://=foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme.');
|
|
danielebarchiesi@0
|
733 $this->assertTrue(_openid_is_xri('xri://@foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme.');
|
|
danielebarchiesi@0
|
734 $this->assertTrue(_openid_is_xri('xri://+foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme.');
|
|
danielebarchiesi@0
|
735 $this->assertTrue(_openid_is_xri('xri://$foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme.');
|
|
danielebarchiesi@0
|
736 $this->assertTrue(_openid_is_xri('xri://!foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme..');
|
|
danielebarchiesi@0
|
737 $this->assertTrue(_openid_is_xri('xri://(foo'), '_openid_is_xri() returned expected result for an xri identifier with xri scheme..');
|
|
danielebarchiesi@0
|
738
|
|
danielebarchiesi@0
|
739 $this->assertTrue(_openid_is_xri('=foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
740 $this->assertTrue(_openid_is_xri('@foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
741 $this->assertTrue(_openid_is_xri('+foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
742 $this->assertTrue(_openid_is_xri('$foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
743 $this->assertTrue(_openid_is_xri('!foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
744 $this->assertTrue(_openid_is_xri('(foo'), '_openid_is_xri() returned expected result for an xri identifier.');
|
|
danielebarchiesi@0
|
745
|
|
danielebarchiesi@0
|
746 $this->assertFalse(_openid_is_xri('foo'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
747 $this->assertFalse(_openid_is_xri('xri://foo'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
748 $this->assertFalse(_openid_is_xri('http://foo/'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
749 $this->assertFalse(_openid_is_xri('http://example.com/'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
750 $this->assertFalse(_openid_is_xri('user@example.com/'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
751 $this->assertFalse(_openid_is_xri('http://user@example.com/'), '_openid_is_xri() returned expected result for an http URL.');
|
|
danielebarchiesi@0
|
752 }
|
|
danielebarchiesi@0
|
753
|
|
danielebarchiesi@0
|
754 /**
|
|
danielebarchiesi@0
|
755 * Test openid_normalize().
|
|
danielebarchiesi@0
|
756 */
|
|
danielebarchiesi@0
|
757 function testOpenidNormalize() {
|
|
danielebarchiesi@0
|
758 // Test that the normalization is according to OpenID Authentication 2.0,
|
|
danielebarchiesi@0
|
759 // section 7.2 and 11.5.2.
|
|
danielebarchiesi@0
|
760
|
|
danielebarchiesi@0
|
761 $this->assertEqual(openid_normalize('$foo'), '$foo', 'openid_normalize() correctly normalized an XRI.');
|
|
danielebarchiesi@0
|
762 $this->assertEqual(openid_normalize('xri://$foo'), '$foo', 'openid_normalize() correctly normalized an XRI with an xri:// scheme.');
|
|
danielebarchiesi@0
|
763
|
|
danielebarchiesi@0
|
764 $this->assertEqual(openid_normalize('example.com/'), 'http://example.com/', 'openid_normalize() correctly normalized a URL with a missing scheme.');
|
|
danielebarchiesi@0
|
765 $this->assertEqual(openid_normalize('example.com'), 'http://example.com/', 'openid_normalize() correctly normalized a URL with a missing scheme and empty path.');
|
|
danielebarchiesi@0
|
766 $this->assertEqual(openid_normalize('http://example.com'), 'http://example.com/', 'openid_normalize() correctly normalized a URL with an empty path.');
|
|
danielebarchiesi@0
|
767
|
|
danielebarchiesi@0
|
768 $this->assertEqual(openid_normalize('http://example.com/path'), 'http://example.com/path', 'openid_normalize() correctly normalized a URL with a path.');
|
|
danielebarchiesi@0
|
769
|
|
danielebarchiesi@0
|
770 $this->assertEqual(openid_normalize('http://example.com/path#fragment'), 'http://example.com/path', 'openid_normalize() correctly normalized a URL with a fragment.');
|
|
danielebarchiesi@0
|
771 }
|
|
danielebarchiesi@0
|
772
|
|
danielebarchiesi@0
|
773 /**
|
|
danielebarchiesi@0
|
774 * Test openid_extract_namespace().
|
|
danielebarchiesi@0
|
775 */
|
|
danielebarchiesi@0
|
776 function testOpenidExtractNamespace() {
|
|
danielebarchiesi@0
|
777 $response = array(
|
|
danielebarchiesi@0
|
778 'openid.sreg.nickname' => 'john',
|
|
danielebarchiesi@0
|
779 'openid.ns.ext1' => OPENID_NS_SREG,
|
|
danielebarchiesi@0
|
780 'openid.ext1.nickname' => 'george',
|
|
danielebarchiesi@0
|
781 'openid.ext1.email' => 'george@example.com',
|
|
danielebarchiesi@0
|
782 'openid.ns.ext2' => 'http://example.com/ns/ext2',
|
|
danielebarchiesi@0
|
783 'openid.ext2.foo' => '123',
|
|
danielebarchiesi@0
|
784 'openid.ext2.bar' => '456',
|
|
danielebarchiesi@0
|
785 'openid.signed' => 'sreg.nickname,ns.ext1,ext1.email,ext2.foo',
|
|
danielebarchiesi@0
|
786 );
|
|
danielebarchiesi@0
|
787
|
|
danielebarchiesi@0
|
788 $values = openid_extract_namespace($response, 'http://example.com/ns/dummy', NULL, FALSE);
|
|
danielebarchiesi@0
|
789 $this->assertEqual($values, array(), 'Nothing found for unused namespace.');
|
|
danielebarchiesi@0
|
790
|
|
danielebarchiesi@0
|
791 $values = openid_extract_namespace($response, 'http://example.com/ns/dummy', 'sreg', FALSE);
|
|
danielebarchiesi@0
|
792 $this->assertEqual($values, array('nickname' => 'john'), 'Value found for fallback prefix.');
|
|
danielebarchiesi@0
|
793
|
|
danielebarchiesi@0
|
794 $values = openid_extract_namespace($response, OPENID_NS_SREG, 'sreg', FALSE);
|
|
danielebarchiesi@0
|
795 $this->assertEqual($values, array('nickname' => 'george', 'email' => 'george@example.com'), 'Namespace takes precedence over fallback prefix.');
|
|
danielebarchiesi@0
|
796
|
|
danielebarchiesi@0
|
797 // ext1.email is signed, but ext1.nickname is not.
|
|
danielebarchiesi@0
|
798 $values = openid_extract_namespace($response, OPENID_NS_SREG, 'sreg', TRUE);
|
|
danielebarchiesi@0
|
799 $this->assertEqual($values, array('email' => 'george@example.com'), 'Unsigned namespaced fields ignored.');
|
|
danielebarchiesi@0
|
800
|
|
danielebarchiesi@0
|
801 $values = openid_extract_namespace($response, 'http://example.com/ns/ext2', 'sreg', FALSE);
|
|
danielebarchiesi@0
|
802 $this->assertEqual($values, array('foo' => '123', 'bar' => '456'), 'Unsigned fields found.');
|
|
danielebarchiesi@0
|
803
|
|
danielebarchiesi@0
|
804 // ext2.foo and ext2.bar are ignored, because ns.ext2 is not signed. The
|
|
danielebarchiesi@0
|
805 // fallback prefix is not used, because the namespace is specified.
|
|
danielebarchiesi@0
|
806 $values = openid_extract_namespace($response, 'http://example.com/ns/ext2', 'sreg', TRUE);
|
|
danielebarchiesi@0
|
807 $this->assertEqual($values, array(), 'Unsigned fields ignored.');
|
|
danielebarchiesi@0
|
808 }
|
|
danielebarchiesi@0
|
809 }
|
