obsolete.ChilliProject/vendor/gems/ruby-openid-2.1.4/test/test_pape.rb

require 'openid/extensions/pape'
require 'openid/message'
require 'openid/server'
require 'openid/consumer/responses'

module OpenID
  module PAPETest
    class PapeRequestTestCase < Test::Unit::TestCase
      def setup
        @req = PAPE::Request.new
      end

      def test_construct
        assert_equal([], @req.preferred_auth_policies)
        assert_equal(nil, @req.max_auth_age)
        assert_equal('pape', @req.ns_alias)

        req2 = PAPE::Request.new([PAPE::AUTH_MULTI_FACTOR], 1000)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.preferred_auth_policies)
        assert_equal(1000, req2.max_auth_age)
      end

      def test_add_policy_uri
        assert_equal([], @req.preferred_auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.preferred_auth_policies)
        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.preferred_auth_policies)
      end

      def test_get_extension_args
        assert_equal({'preferred_auth_policies' => ''}, @req.get_extension_args)
        @req.add_policy_uri('http://uri')
        assert_equal({'preferred_auth_policies' => 'http://uri'}, @req.get_extension_args)
        @req.add_policy_uri('http://zig')
        assert_equal({'preferred_auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
        @req.max_auth_age = 789
        assert_equal({'preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'}, @req.get_extension_args)
      end

      def test_parse_extension_args
        args = {'preferred_auth_policies' => 'http://foo http://bar',
                'max_auth_age' => '9'}
        @req.parse_extension_args(args)
        assert_equal(9, @req.max_auth_age)
        assert_equal(['http://foo','http://bar'], @req.preferred_auth_policies)
      end

      def test_parse_extension_args_empty
        @req.parse_extension_args({})
        assert_equal(nil, @req.max_auth_age)
        assert_equal([], @req.preferred_auth_policies)
      end

      def test_from_openid_request
        openid_req_msg = Message.from_openid_args({
          'mode' => 'checkid_setup',
          'ns' => OPENID2_NS,
          'ns.pape' => PAPE::NS_URI,
          'pape.preferred_auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
          'pape.max_auth_age' => '5476'
          })
        oid_req = Server::OpenIDRequest.new
        oid_req.message = openid_req_msg
        req = PAPE::Request.from_openid_request(oid_req)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.preferred_auth_policies)
        assert_equal(5476, req.max_auth_age)
      end

      def test_from_openid_request_no_pape
        message = Message.new
        openid_req = Server::OpenIDRequest.new
        openid_req.message = message
        pape_req = PAPE::Request.from_openid_request(openid_req)
        assert(pape_req.nil?)
      end

      def test_preferred_types
        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        pt = @req.preferred_types([PAPE::AUTH_MULTI_FACTOR,
                                   PAPE::AUTH_MULTI_FACTOR_PHYSICAL])
        assert_equal([PAPE::AUTH_MULTI_FACTOR], pt)
      end
    end

    class DummySuccessResponse
      attr_accessor :message

      def initialize(message, signed_stuff)
        @message = message
        @signed_stuff = signed_stuff
      end

      def get_signed_ns(ns_uri)
        return @signed_stuff
      end

    end

    class PapeResponseTestCase < Test::Unit::TestCase
      def setup
        @req = PAPE::Response.new
      end

      def test_construct
        assert_equal([], @req.auth_policies)
        assert_equal(nil, @req.auth_time)
        assert_equal('pape', @req.ns_alias)
        assert_equal(nil, @req.nist_auth_level)

        req2 = PAPE::Response.new([PAPE::AUTH_MULTI_FACTOR], "1983-11-05T12:30:24Z", 3)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], req2.auth_policies)
        assert_equal("1983-11-05T12:30:24Z", req2.auth_time)
        assert_equal(3, req2.nist_auth_level)
      end

      def test_add_policy_uri
        assert_equal([], @req.auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR], @req.auth_policies)
        @req.add_policy_uri(PAPE::AUTH_PHISHING_RESISTANT)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
        @req.add_policy_uri(PAPE::AUTH_MULTI_FACTOR)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], @req.auth_policies)
      end

      def test_get_extension_args
        assert_equal({'auth_policies' => 'none'}, @req.get_extension_args)
        @req.add_policy_uri('http://uri')
        assert_equal({'auth_policies' => 'http://uri'}, @req.get_extension_args)
        @req.add_policy_uri('http://zig')
        assert_equal({'auth_policies' => 'http://uri http://zig'}, @req.get_extension_args)
        @req.auth_time =  "1983-11-05T12:30:24Z"
        assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z"}, @req.get_extension_args)
        @req.nist_auth_level = 3
        assert_equal({'auth_policies' => 'http://uri http://zig', 'auth_time' => "1983-11-05T12:30:24Z", 'nist_auth_level' => '3'}, @req.get_extension_args)
      end

      def test_get_extension_args_error_auth_age
        @req.auth_time = "the beginning of time"
        assert_raises(ArgumentError) { @req.get_extension_args }
      end

      def test_get_extension_args_error_nist_auth_level
        @req.nist_auth_level = "high as a kite"
        assert_raises(ArgumentError) { @req.get_extension_args }
        @req.nist_auth_level = 5
        assert_raises(ArgumentError) { @req.get_extension_args }
        @req.nist_auth_level = -1
        assert_raises(ArgumentError) { @req.get_extension_args }
      end

      def test_parse_extension_args
        args = {'auth_policies' => 'http://foo http://bar',
                'auth_time' => '1983-11-05T12:30:24Z'}
        @req.parse_extension_args(args)
        assert_equal('1983-11-05T12:30:24Z', @req.auth_time)
        assert_equal(['http://foo','http://bar'], @req.auth_policies)
      end

      def test_parse_extension_args_empty
        @req.parse_extension_args({})
        assert_equal(nil, @req.auth_time)
        assert_equal([], @req.auth_policies)
      end
      
      def test_parse_extension_args_strict_bogus1
        args = {'auth_policies' => 'http://foo http://bar',
                'auth_time' => 'this one time'}
        assert_raises(ArgumentError) { 
          @req.parse_extension_args(args, true)
        }
      end

      def test_parse_extension_args_strict_bogus2
        args = {'auth_policies' => 'http://foo http://bar',
                'auth_time' => '1983-11-05T12:30:24Z',
                'nist_auth_level' => 'some'}
        assert_raises(ArgumentError) { 
          @req.parse_extension_args(args, true)
        }
      end
      
      def test_parse_extension_args_strict_good
        args = {'auth_policies' => 'http://foo http://bar',
                'auth_time' => '2007-10-11T05:25:18Z',
                'nist_auth_level' => '0'}
        @req.parse_extension_args(args, true)
        assert_equal(['http://foo','http://bar'], @req.auth_policies)
        assert_equal('2007-10-11T05:25:18Z', @req.auth_time)
        assert_equal(0, @req.nist_auth_level)
      end

      def test_parse_extension_args_nostrict_bogus
        args = {'auth_policies' => 'http://foo http://bar',
                'auth_time' => 'some time ago',
                'nist_auth_level' => 'some'}
        @req.parse_extension_args(args)
        assert_equal(['http://foo','http://bar'], @req.auth_policies)
        assert_equal(nil, @req.auth_time)
        assert_equal(nil, @req.nist_auth_level)
      end

      
      def test_from_success_response
        
        openid_req_msg = Message.from_openid_args({
          'mode' => 'id_res',
          'ns' => OPENID2_NS,
          'ns.pape' => PAPE::NS_URI,
          'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
          'pape.auth_time' => '1983-11-05T12:30:24Z'
          })
        signed_stuff = {
          'auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
          'auth_time' => '1983-11-05T12:30:24Z'
        }
        oid_req = DummySuccessResponse.new(openid_req_msg, signed_stuff)
        req = PAPE::Response.from_success_response(oid_req)
        assert_equal([PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT], req.auth_policies)
        assert_equal('1983-11-05T12:30:24Z', req.auth_time)
      end

      def test_from_success_response_unsigned
        openid_req_msg = Message.from_openid_args({
          'mode' => 'id_res',
          'ns' => OPENID2_NS,
          'ns.pape' => PAPE::NS_URI,
          'pape.auth_policies' => [PAPE::AUTH_MULTI_FACTOR, PAPE::AUTH_PHISHING_RESISTANT].join(' '),
          'pape.auth_time' => '1983-11-05T12:30:24Z'
          })
        signed_stuff = {}
        endpoint = OpenIDServiceEndpoint.new
        oid_req = Consumer::SuccessResponse.new(endpoint, openid_req_msg, signed_stuff)
        req = PAPE::Response.from_success_response(oid_req)
        assert(req.nil?, req.inspect)
      end
    end
  end
end