You are here

function OpenIDFunctionalTestCase::testDiscovery in Drupal 7

Test discovery of OpenID Provider Endpoint via Yadis and HTML.

File

modules/openid/openid.test, line 63
Tests for openid.module.

Class

OpenIDFunctionalTestCase
Test discovery and login using OpenID

Code

function testDiscovery() {
  $this
    ->drupalLogin($this->web_user);

  // The User-supplied Identifier entered by the user may indicate the URL of
  // the OpenID Provider Endpoint in various ways, as described in OpenID
  // Authentication 2.0 and Yadis Specification 1.0.
  // Note that all of the tested identifiers refer to the same endpoint, so
  // only the first will trigger an associate request in openid_association()
  // (association is only done the first time Drupal encounters a given
  // endpoint).
  // Yadis discovery (see Yadis Specification 1.0, section 6.2.5):
  // If the User-supplied Identifier is a URL, it may be a direct or indirect
  // reference to an XRDS document (a Yadis Resource Descriptor) that contains
  // the URL of the OpenID Provider Endpoint.
  // Identifier is the URL of an XRDS document.
  // On HTTP test environments, the URL scheme is stripped in order to test
  // that the supplied identifier is normalized in openid_begin().
  $identity = url('openid-test/yadis/xrds', array(
    'absolute' => TRUE,
  ));
  $this
    ->addIdentity(preg_replace('@^http://@', '', $identity), 2, 'http://example.com/xrds', $identity);
  $identity = url('openid-test/yadis/xrds/delegate', array(
    'absolute' => TRUE,
  ));
  $this
    ->addIdentity(preg_replace('@^http://@', '', $identity), 2, 'http://example.com/xrds-delegate', $identity);

  // Identifier is the URL of an XRDS document containing an OP Identifier
  // Element. The Relying Party sends the special value
  // "http://specs.openid.net/auth/2.0/identifier_select" as Claimed
  // Identifier. The OpenID Provider responds with the actual identifier
  // including the fragment.
  $identity = url('openid-test/yadis/xrds/dummy-user', array(
    'absolute' => TRUE,
    'fragment' => $this
      ->randomName(),
  ));

  // Tell openid_test.module to respond with this identifier. If the fragment
  // part is present in the identifier, it should be retained.
  variable_set('openid_test_response', array(
    'openid.claimed_id' => $identity,
    'openid.identity' => openid_normalize($identity),
  ));
  $this
    ->addIdentity(url('openid-test/yadis/xrds/server', array(
    'absolute' => TRUE,
  )), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity);
  variable_set('openid_test_response', array());

  // Identifier is the URL of an HTML page that is sent with an HTTP header
  // that contains the URL of an XRDS document.
  $this
    ->addIdentity(url('openid-test/yadis/x-xrds-location', array(
    'absolute' => TRUE,
  )), 2);

  // Identifier is the URL of an HTML page containing a <meta http-equiv=...>
  // element that contains the URL of an XRDS document.
  $this
    ->addIdentity(url('openid-test/yadis/http-equiv', array(
    'absolute' => TRUE,
  )), 2);

  // Identifier is an XRI. Resolve using our own dummy proxy resolver.
  variable_set('xri_proxy_resolver', url('openid-test/yadis/xrds/xri', array(
    'absolute' => TRUE,
  )) . '/');
  $this
    ->addIdentity('@example*résumé;%25', 2, 'http://example.com/xrds', 'http://example.com/user');

  // Make sure that unverified CanonicalID are not trusted.
  variable_set('openid_test_canonical_id_status', 'bad value');
  $this
    ->addIdentity('@example*résumé;%25', 2, FALSE, FALSE);

  // HTML-based discovery:
  // If the User-supplied Identifier is a URL of an HTML page, the page may
  // contain a <link rel=...> element containing the URL of the OpenID
  // Provider Endpoint. OpenID 1 and 2 describe slightly different formats.
  // OpenID Authentication 1.1, section 3.1:
  $this
    ->addIdentity(url('openid-test/html/openid1', array(
    'absolute' => TRUE,
  )), 1, 'http://example.com/html-openid1');

  // OpenID Authentication 2.0, section 7.3.3:
  $this
    ->addIdentity(url('openid-test/html/openid2', array(
    'absolute' => TRUE,
  )), 2, 'http://example.com/html-openid2');

  // OpenID Authentication 2.0, section 7.2.4:
  // URL Identifiers MUST then be further normalized by both (1) following
  // redirects when retrieving their content and finally (2) applying the
  // rules in Section 6 of RFC3986 to the final destination URL. This final
  // URL MUST be noted by the Relying Party as the Claimed Identifier and be
  // used when requesting authentication.
  // Single redirect.
  $identity = $expected_claimed_id = url('openid-test/redirected/yadis/xrds/1', array(
    'absolute' => TRUE,
  ));
  $this
    ->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 0);

  // Exact 3 redirects (default value for the 'max_redirects' option in
  // drupal_http_request()).
  $identity = $expected_claimed_id = url('openid-test/redirected/yadis/xrds/2', array(
    'absolute' => TRUE,
  ));
  $this
    ->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 2);

  // Fails because there are more than 3 redirects (default value for the
  // 'max_redirects' option in drupal_http_request()).
  $identity = url('openid-test/redirected/yadis/xrds/3', array(
    'absolute' => TRUE,
  ));
  $expected_claimed_id = FALSE;
  $this
    ->addRedirectedIdentity($identity, 2, 'http://example.com/xrds', $expected_claimed_id, 3);
}