incubator-heraldry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ket...@apache.org
Subject svn commit: r493318 - in /incubator/heraldry/libraries/python/openid/trunk/openid: consumer/consumer.py test/test_consumer.py
Date Sat, 06 Jan 2007 05:19:45 GMT
Author: keturn
Date: Fri Jan  5 21:19:44 2007
New Revision: 493318

URL: http://svn.apache.org/viewvc?view=rev&rev=493318
Log:
[python-to-heraldry @ test.test_consumer.TestReturnToArgs: added. [#1579]]

Original author: Kevin Turner <kevin@janrain.com>
Date: 2006-12-15 23:45:37+00:00

Modified:
    incubator/heraldry/libraries/python/openid/trunk/openid/consumer/consumer.py
    incubator/heraldry/libraries/python/openid/trunk/openid/test/test_consumer.py

Modified: incubator/heraldry/libraries/python/openid/trunk/openid/consumer/consumer.py
URL: http://svn.apache.org/viewvc/incubator/heraldry/libraries/python/openid/trunk/openid/consumer/consumer.py?view=diff&rev=493318&r1=493317&r2=493318
==============================================================================
--- incubator/heraldry/libraries/python/openid/trunk/openid/consumer/consumer.py (original)
+++ incubator/heraldry/libraries/python/openid/trunk/openid/consumer/consumer.py Fri Jan 
5 21:19:44 2007
@@ -603,6 +603,30 @@
                 raise ValueError('"%s" not signed' % (field,))
 
 
+    def _verifyReturnToArgs(query):
+        """Verify that the arguments in the return_to URL are present in this
+        response.
+        """
+        message = Message.fromPostArgs(query)
+        return_to = message.getArg(OPENID_NS, 'return_to')
+        if not return_to:
+            raise ValueError("no openid.return_to in query %r" % (query,))
+        parsed_url = urlparse(return_to)
+        rt_query = parsed_url[4]
+        for rt_key, rt_value in cgi.parse_qsl(rt_query):
+            try:
+                value = query[rt_key]
+                if rt_value != value:
+                    raise ValueError("parameter %s value %r does not match "
+                                     "return_to's value %r" % (rt_key, value,
+                                                               rt_value))
+            except KeyError:
+                raise ValueError("return_to parameter %s absent from query %r"
+                                 % (rt_key, query))
+
+    _verifyReturnToArgs = staticmethod(_verifyReturnToArgs)
+            
+            
     def _verifyDiscoveryResults(self, identifier, server_url):
         """
 

Modified: incubator/heraldry/libraries/python/openid/trunk/openid/test/test_consumer.py
URL: http://svn.apache.org/viewvc/incubator/heraldry/libraries/python/openid/trunk/openid/test/test_consumer.py?view=diff&rev=493318&r1=493317&r2=493318
==============================================================================
--- incubator/heraldry/libraries/python/openid/trunk/openid/test/test_consumer.py (original)
+++ incubator/heraldry/libraries/python/openid/trunk/openid/test/test_consumer.py Fri Jan
 5 21:19:44 2007
@@ -740,6 +740,61 @@
         self.failUnlessEqual(self.consumer_id, info.identity_url)
 
 
+
+class TestReturnToArgs(unittest.TestCase):
+    """Verifying the Return URL paramaters.
+    From the specification "Verifying the Return URL"::
+
+        To verify that the "openid.return_to" URL matches the URL that is
+        processing this assertion:
+
+         - The URL scheme, authority, and path MUST be the same between the
+           two URLs.
+
+         - Any query parameters that are present in the "openid.return_to"
+           URL MUST also be present with the same values in the
+           accepting URL.
+
+    XXX: So far we have only tested the second item on the list above.
+    XXX: _checkReturnToArgs is not invoked anywhere.
+    """
+
+    def setUp(self):
+        store = object()
+        self.consumer = GenericConsumer(store)
+        
+    def test_returnToArgsOkay(self):
+        query = {
+            'openid.mode': 'id_res',
+            'openid.return_to': 'http://example.com/?foo=bar',
+            'foo': 'bar',
+            }
+        # no return value, success is assumed if there are no exceptions.
+        self.consumer._verifyReturnToArgs(query)
+
+
+    def test_returnToMismatch(self):
+        query = {
+            'openid.mode': 'id_res',
+            'openid.return_to': 'http://example.com/?foo=bar',
+            }
+        # fail, query has no key 'foo'.
+        self.failUnlessRaises(ValueError,
+                              self.consumer._verifyReturnToArgs, query)
+
+        query['foo'] = 'baz'
+        # fail, values for 'foo' do not match.
+        self.failUnlessRaises(ValueError,
+                              self.consumer._verifyReturnToArgs, query)
+
+
+    def test_noReturnTo(self):
+        query = {'openid.mode': 'id_res'}
+        self.failUnlessRaises(ValueError,
+                              self.consumer._verifyReturnToArgs, query)
+        
+
+
 class MockFetcher(object):
     def __init__(self, response=None):
         self.response = response or HTTPResponse()



Mime
View raw message