Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #251245 by c960657: added tests for the OpenID module. The test module implements a dummy OpenID provider/server. Most impressive patch of the month.

merge-requests/26/head
Dries Buytaert 2009-04-29 07:29:59 +00:00
parent 2e709fe3cd
commit 1ed25923a3
5 changed files with 479 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/openid/openid.module
View File

@ -125,7 +125,7 @@ function _openid_user_login_form_alter(&$form, &$form_state) {
* Implementation of hook_form_alter(). Adds OpenID login to the login forms.
*/
function openid_form_user_register_alter(&$form, &$form_state) {
if (isset($_SESSION['openid'])) {
if (isset($_SESSION['openid']['values'])) {
// We were unable to auto-register a new user. Prefill the registration
// form with the values we have.
$form['name']['#default_value'] = $_SESSION['openid']['values']['name'];
@ -420,6 +420,7 @@ function openid_authentication($response) {
}
elseif (variable_get('user_register', 1)) {
// Register new user
$form_state['args'] = array();
$form_state['redirect'] = NULL;
$form_state['values']['name'] = (empty($response['openid.sreg.nickname'])) ? $identity : $response['openid.sreg.nickname'];
$form_state['values']['mail'] = (empty($response['openid.sreg.email'])) ? '' : $response['openid.sreg.email'];

222
modules/openid/openid.test Normal file
View File

@ -0,0 +1,222 @@
<?php
// $Id$
/**
* Test login and account registration using OpenID.
*/
class OpenIDFunctionalTest extends DrupalWebTestCase {
protected $web_user;
function getInfo() {
return array(
'name' => t('OpenID login and account registration'),
'description' => t("Adds an identity to a user's profile and uses it to log in, creates a user account using auto-registration."),
'group' => t('OpenID')
);
}
function setUp() {
parent::setUp('openid', 'openid_test');
// User doesn't need special permissions; only the ability to log in.
$this->web_user = $this->drupalCreateUser(array());
}
/**
* Test discovery of OpenID Provider Endpoint via Yadis and HTML.
*/
function testDiscovery() {
$this->drupalLogin($this->web_user);
// The User-supplied Identifier entered by the user may indicate the URL of
// the OpenID Provider Endpoint in various ways, as described in OpenID
// Authentication 2.0 and Yadis Specification 1.0.
// Note that all of the tested identifiers refer to the same endpoint, so
// only the first will trigger an associate request in openid_association()
// (association is only done the first time Drupal encounters a given
// endpoint).
// Yadis discovery (see Yadis Specification 1.0, section 6.2.5):
// If the User-supplied Identifier is a URL, it may be a direct or indirect
// reference to an XRDS document (a Yadis Resource Descriptor) that contains
// the URL of the OpenID Provider Endpoint.
// Identifier is the URL of an XRDS document.
$this->addIdentity(url('openid-test/yadis/xrds', array('absolute' => TRUE)), 2);
// Identifier is the URL of an HTML page that is sent with an HTTP header
// that contains the URL of an XRDS document.
$this->addIdentity(url('openid-test/yadis/x-xrds-location', array('absolute' => TRUE)), 2);
// Identifier is the URL of an HTML page containing a <meta http-equiv=...>
// element that contains the URL of an XRDS document.
$this->addIdentity(url('openid-test/yadis/http-equiv', array('absolute' => TRUE)), 2);
// HTML-based discovery:
// If the User-supplied Identifier is a URL of an HTML page, the page may
// contain a <link rel=...> element containing the URL of the OpenID
// Provider Endpoint. OpenID 1 and 2 describe slightly different formats.
// OpenID Authentication 1.1, section 3.1:
$this->addIdentity(url('openid-test/html/openid1', array('absolute' => TRUE)), 1);
// OpenID Authentication 2.0, section 7.3.3:
$this->addIdentity(url('openid-test/html/openid2', array('absolute' => TRUE)), 2);
}
/**
* Test login using OpenID.
*/
function testLogin() {
$this->drupalLogin($this->web_user);
// Use a User-supplied Identity that is the URL of an XRDS document.
$identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
$this->addIdentity($identity);
$this->drupalLogout();
// Fill out and submit the login form.
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Log in'));
// Check we are on the OpenID redirect form.
$this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
// Submit form to the OpenID Provider Endpoint.
$this->drupalPost(NULL, array(), t('Send'));
$this->assertText(t('My account'), t('User was logged in.'));
}
/**
* Test deleting an OpenID identity from a user's profile.
*/
function testDelete() {
$this->drupalLogin($this->web_user);
// Add identity to user's profile.
$identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
$this->addIdentity($identity);
$this->assertText($identity, t('Identity appears in list.'));
// Delete the newly added identity.
$this->clickLink(t('Delete'));
$this->drupalPost(NULL, array(), t('Confirm'));
$this->assertText(t('OpenID deleted.'), t('Identity deleted'));
$this->assertNoText($identity, t('Identity no longer appears in list.'));
}
/**
* Add OpenID identity to user's profile.
*/
function addIdentity($identity, $version = 2) {
$this->drupalGet('user/' . $this->web_user->uid . '/openid');
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Add an OpenID'));
// OpenID 1 used a HTTP redirect, OpenID 2 uses a HTML form that is submitted automatically using JavaScript.
if ($version == 2) {
// Manually submit form because SimpleTest is not able to execute JavaScript.
$this->assertRaw('<script type="text/javascript">document.getElementById("openid-redirect-form").submit();</script>', t('JavaScript form submission found.'));
$this->drupalPost(NULL, array(), t('Send'));
}
$this->assertRaw(t('Successfully added %identity', array('%identity' => $identity)), t('Identity %identity was added.', array('%identity' => $identity)));
}
/**
* Test openID auto-registration with e-mail verification disabled.
*/
function testRegisterUserWithoutEmailVerification() {
variable_set('user_email_verification', FALSE);
// Load the front page to get the user login block.
$this->drupalGet('');
// Use a User-supplied Identity that is the URL of an XRDS document.
$identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
// Fill out and submit the login form.
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Log in'));
// The OpenID module responds with an HTML form that is to be submitted
// to the OpenID Provider Endpoint. This is usually done automatically
// using JavaScript, but the SimpleTest browser does not support JavaScript,
// so the form is submitted manually instead.
$this->assertRaw('<script type="text/javascript">document.getElementById("openid-redirect-form").submit();</script>', t('JavaScript form submission found.'));
$this->drupalPost(NULL, array(), t('Send'));
$this->assertText(t('My account'), t('User was logged in.'));
$user = user_load_by_name('johndoe');
$this->assertTrue($user, t('User was found.'));
$this->assertEqual($user->mail, 'johndoe@example.com', t('User was registered with right email address.'));
}
}
/**
* Test internal helper functions.
*/
class OpenIDUnitTest extends DrupalWebTestCase {
function getInfo() {
return array(
'name' => t('OpenID helper functions'),
'description' => t('Test OpenID helper functions.'),
'group' => t('OpenID')
);
}
function setUp() {
parent::setUp('openid');
module_load_include('inc', 'openid');
}
/**
* Test _openid_dh_XXX_to_XXX() functions.
*/
function testConversion() {
$this->assertEqual(_openid_dh_long_to_base64('12345678901234567890123456789012345678901234567890'), 'CHJ/Y2mq+DyhUCZ0evjH8ZbOPwrS', t('_openid_dh_long_to_base64() returned expected result.'));
$this->assertEqual(_openid_dh_base64_to_long('BsH/g8Nrpn2dtBSdu/sr1y8hxwyx'), '09876543210987654321098765432109876543210987654321', t('_openid_dh_base64_to_long() returned expected result.'));
$this->assertEqual(_openid_dh_long_to_binary('12345678901234567890123456789012345678901234567890'), "\x08r\x7fci\xaa\xf8<\xa1P&tz\xf8\xc7\xf1\x96\xce?\x0a\xd2", t('_openid_dh_long_to_binary() returned expected result.'));
$this->assertEqual(_openid_dh_binary_to_long("\x06\xc1\xff\x83\xc3k\xa6}\x9d\xb4\x14\x9d\xbb\xfb+\xd7/!\xc7\x0c\xb1"), '09876543210987654321098765432109876543210987654321', t('_openid_dh_binary_to_long() returned expected result.'));
}
/**
* Test _openid_dh_xorsecret().
*/
function testOpenidDhXorsecret() {
$this->assertEqual(_openid_dh_xorsecret('123456790123456790123456790', "abc123ABC\x00\xFF"), "\xa4'\x06\xbe\xf1.\x00y\xff\xc2\xc1", t('_openid_dh_xorsecret() returned expected result.'));
}
/**
* Test _openid_get_bytes().
*/
function testOpenidGetBytes() {
$this->assertEqual(strlen(_openid_get_bytes(20)), 20, t('_openid_get_bytes() returned expected result.'));
}
/**
* Test _openid_signature().
*/
function testOpenidSignature() {
// Test that signature is calculated according to OpenID Authentication 2.0,
// section 6.1. In the following array, only the two first entries should be
// included in the calculation, because the substring following the period
// is mentioned in the third argument for _openid_signature(). The last
// entry should not be included, because it does not start with "openid.".
$response = array(
'openid.foo' => 'abc1',
'openid.bar' => 'abc2',
'openid.baz' => 'abc3',
'foobar.foo' => 'abc4',
);
$association = new stdClass;
$association->mac_key = "1234567890abcdefghij\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8\xF9";
$this->assertEqual(_openid_signature($association, $response, array('foo', 'bar')), 'QnKZQzSFstT+GNiJDFOptdcZjrc=', t('Expected signature calculated.'));
}
}

10
modules/openid/openid_test.info Normal file
View File

@ -0,0 +1,10 @@
; $Id$
name = OpenID dummy provider
description = "OpenID provider used for testing."
package = Testing
version = VERSION
core = 7.x
files[] = openid_test.install
files[] = openid_test.module
dependencies[] = openid
hidden = TRUE

13
modules/openid/openid_test.install Normal file
View File

@ -0,0 +1,13 @@
<?php
// $Id$
/**
* Implementation of hook_install().
*/
function openid_test_install() {
module_load_include('inc', 'openid');
// Generate a MAC key (Message Authentication Code) used for signing messages.
// The variable is base64-encoded, because variables cannot contain non-UTF-8
// data.
variable_set('openid_test_mac_key', base64_encode(_openid_get_bytes(20)));
}

232
modules/openid/openid_test.module Normal file
View File

@ -0,0 +1,232 @@
<?php
// $Id$
/**
* @file
* Dummy OpenID Provider used with SimpleTest.
*
* The provider simply responds positively to all authentication requests. In
* addition to a Provider Endpoint (a URL used for Drupal to communicate with
* the provider using the OpenID Authentication protocol) the module provides
* URLs used by the various discovery mechanisms.
*
* When a user enters an OpenID identity, the Relying Party (in the testing
* scenario, this is the OpenID module) looks up the URL of the Provider
* Endpoint using one of several discovery mechanisms. The Relying Party then
* redirects the user to Provider Endpoint. The provider verifies the user's
* identity and redirects the user back to the Relying Party accompanied by a
* signed message confirming the identity. Before redirecting to a provider for
* the first time, the Relying Party fetches a secret MAC key from the provider
* by doing a direct "associate" HTTP request to the Provider Endpoint. This
* key is used for verifying the signed messages from the provider.
*/
/**
* Implementation of hook_menu().
*/
function openid_test_menu() {
$items['openid-test/yadis/xrds'] = array(
'title' => 'XRDS service document',
'page callback' => 'openid_test_yadis_xrds',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
$items['openid-test/yadis/x-xrds-location'] = array(
'title' => 'Yadis discovery using X-XRDS-Location header',
'page callback' => 'openid_test_yadis_x_xrds_location',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
$items['openid-test/yadis/http-equiv'] = array(
'title' => 'Yadis discovery using <meta http-equiv="X-XRDS-Location" ...>',
'page callback' => 'openid_test_yadis_http_equiv',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
$items['openid-test/html/openid1'] = array(
'title' => 'HTML-based discovery using <link rel="openid.server" ...>',
'page callback' => 'openid_test_html_openid1',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
$items['openid-test/html/openid2'] = array(
'title' => 'HTML-based discovery using <link rel="openid2.provider" ...>',
'page callback' => 'openid_test_html_openid2',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
$items['openid-test/endpoint'] = array(
'title' => 'OpenID Provider Endpoint',
'page callback' => 'openid_test_endpoint',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
return $items;
}
/**
* Menu callback; XRDS document that references the OP Endpoint URL.
*/
function openid_test_yadis_xrds() {
if ($_SERVER['HTTP_ACCEPT'] == 'application/xrds+xml') {
drupal_set_header('Content-Type', 'application/xrds+xml');
print '<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service>
<Type>http://specs.openid.net/auth/2.0/signon</Type>
<URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI>
</Service>
<XRD>
</xrds:XRDS>';
}
else {
return t('This is a regular HTML page. If the client sends an Accept: application/xrds+xml header when requesting this URL, an XRDS document is returned.');
}
}
/**
* Menu callback; regular HTML page with an X-XRDS-Location HTTP header.
*/
function openid_test_yadis_x_xrds_location() {
drupal_set_header('X-XRDS-Location', url('openid-test/yadis/xrds', array('absolute' => TRUE)));
return t('This page includes an X-RDS-Location HTTP header containing the URL of an XRDS document.');
}
/**
* Menu callback; regular HTML page with <meta> element.
*/
function openid_test_yadis_http_equiv() {
drupal_add_html_head('<meta http-equiv="X-XRDS-Location" content="' . url('openid-test/yadis/xrds', array('absolute' => TRUE)) . '" />');
return t('This page includes a &lt;meta equiv=...&gt; element containing the URL of an XRDS document.');
}
/**
* Menu callback; regular HTML page with OpenID 1.0 <link> element.
*/
function openid_test_html_openid1() {
drupal_add_html_head('<link rel="openid.server" href="' . url('openid-test/endpoint', array('absolute' => TRUE)) . '" />');
return t('This page includes a &lt;link rel=...&gt; element containing the URL of an OpenID Provider Endpoint.');
}
/**
* Menu callback; regular HTML page with OpenID 2.0 <link> element.
*/
function openid_test_html_openid2() {
drupal_add_html_head('<link rel="openid2.provider" href="' . url('openid-test/endpoint', array('absolute' => TRUE)) . '" />');
return t('This page includes a &lt;link rel=...&gt; element containing the URL of an OpenID Provider Endpoint.');
}
/**
* Menu callback; OpenID Provider Endpoint.
*
* It accepts "associate" requests directly from the Relying Party, and
* "checkid_setup" requests made by the user's browser based on HTTP redirects
* (in OpenID 1) or HTML forms (in OpenID 2) generated by the Relying Party.
*/
function openid_test_endpoint() {
switch ($_REQUEST['openid_mode']) {
case 'associate';
_openid_test_endpoint_associate();
break;
case 'checkid_setup';
_openid_test_endpoint_authenticate();
break;
}
}
/**
* OpenID endpoint; handle "associate" requests (see OpenID Authentication 2.0,
* section 8).
*
* The purpose of association is to send the secret MAC key to the Relying Party
* using Diffie-Hellman key exchange. The MAC key is used in subsequent
* "authenticate" requests. The "associate" request is made by the Relying Party
* (in the testing scenario, this is the OpenID module that communicates with
* the endpoint using drupal_http_request()).
*/
function _openid_test_endpoint_associate() {
module_load_include('inc', 'openid');
// Use default parameters for Diffie-Helmann key exchange.
$mod = OPENID_DH_DEFAULT_MOD;
$gen = OPENID_DH_DEFAULT_GEN;
// Generate private Diffie-Helmann key.
$r = _openid_dh_rand($mod);
$private = bcadd($r, 1);
// Calculate public Diffie-Helmann key.
$public = bcpowmod($gen, $private, $mod);
// Calculate shared secret based on Relying Party's public key.
$cpub = _openid_dh_base64_to_long($_REQUEST['openid_dh_consumer_public']);
$shared = bcpowmod($cpub, $private, $mod);
// Encrypt the MAC key using the shared secret.
$enc_mac_key = base64_encode(_openid_dh_xorsecret($shared, base64_decode(variable_get('mac_key'))));
// Generate response including our public key and the MAC key. Using our
// public key and its own private key, the Relying Party can calculate the
// shared secret, and with this it can decrypt the encrypted MAC key.
$response = array(
'ns' => 'http://specs.openid.net/auth/2.0',
'assoc_handle' => 'openid-test',
'session_type' => $_REQUEST['openid_session_type'],
'assoc_type' => $_REQUEST['openid_assoc_type'],
'expires_in' => '3600',
'dh_server_public' => _openid_dh_long_to_base64($public),
'enc_mac_key' => $enc_mac_key,
);
// Respond to Relying Party in the special Key-Value Form Encoding (see OpenID
// Authentication 1.0, section 4.1.1).
drupal_set_header('Content-Type', 'text/plain');
print _openid_create_message($response);
}
/**
* OpenID endpoint; handle "authenticate" requests.
*
* All requests result in a successful response. The request is a GET or POST
* made by the user's browser based on an HTML form or HTTP redirect generated
* by the Relying Party. The user is redirected back to the Relying Party using
* a URL containing a signed message in the query string confirming the user's
* identity.
*/
function _openid_test_endpoint_authenticate() {
global $base_url;
module_load_include('inc', 'openid');
// Generate unique identifier for this authentication.
$nonce = _openid_nonce();
// Generate response containing the user's identity. The openid.sreg.xxx
// entries contain profile data stored by the OpenID Provider (see OpenID
// Simple Registration Extension 1.0).
$response = array(
'openid.ns' => 'http://specs.openid.net/auth/2.0',
'openid.mode' => 'id_res',
'openid.op_endpoint' => $base_url . url('openid/provider'),
'openid.claimed_id' => $_REQUEST['openid_claimed_id'],
'openid.identity' => $_REQUEST['openid_identity'],
'openid.return_to' => $_REQUEST['openid_return_to'],
'openid.response_nonce' => $nonce,
'openid.assoc_handle' => 'openid-test',
'openid.sreg.email' => 'johndoe@example.com',
'openid.sreg.nickname' => 'johndoe',
'openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle',
);
// Sign the message using the MAC key that was exchanged during association.
$association = new stdClass;
$association->mac_key = variable_get('mac_key');
$keys_to_sign = explode(',', $response['openid.signed']);
$response['openid.sig'] = _openid_signature($association, $response, $keys_to_sign);
// Put the signed message into the query string of a URL supplied by the
// Relying Party, and redirect the user.
drupal_set_header('Content-Type', 'text/plain');
header('Location: ' . url($_REQUEST['openid_return_to'], array('query' => http_build_query($response, '', '&'), 'external' => TRUE)));
}