diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-09-15 19:46:04 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-09-15 19:46:04 +0000 |
commit | 175bb6d19af0c8f1369f9fe0569210abde8bc71c (patch) | |
tree | e28142bdf1d9da14d2e4881b5a8064f77cd98ebb /modules/openid | |
parent | 6c0f8eba1c55b01e8dc3122f67cda34308ba94a2 (diff) | |
download | brdo-175bb6d19af0c8f1369f9fe0569210abde8bc71c.tar.gz brdo-175bb6d19af0c8f1369f9fe0569210abde8bc71c.tar.bz2 |
#575796 by Heine: Fixed OpenID XRI test violates the spec.
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.inc | 12 | ||||
-rw-r--r-- | modules/openid/openid.test | 30 |
2 files changed, 38 insertions, 4 deletions
diff --git a/modules/openid/openid.inc b/modules/openid/openid.inc index 8115f1282..d833830c6 100644 --- a/modules/openid/openid.inc +++ b/modules/openid/openid.inc @@ -109,11 +109,15 @@ function openid_redirect_form(&$form_state, $url, $message) { * Determine if the given identifier is an XRI ID. */ function _openid_is_xri($identifier) { - $firstchar = substr($identifier, 0, 1); - if ($firstchar == "@" || $firstchar == "=") - return TRUE; + // Strip the xri:// scheme from the identifier if present. + if (stripos($identifier, 'xri://') !== FALSE) { + $identifier = substr($identifier, 6); + } - if (stristr($identifier, 'xri://') !== FALSE) { + + // Test whether the identifier starts with an XRI global context symbol or (. + $firstchar = substr($identifier, 0, 1); + if (strpos("=@+$!(", $firstchar) !== FALSE) { return TRUE; } diff --git a/modules/openid/openid.test b/modules/openid/openid.test index ac6defb54..58e065e9a 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -219,4 +219,34 @@ class OpenIDUnitTest extends DrupalWebTestCase { $association->mac_key = "1234567890abcdefghij\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8\xF9"; $this->assertEqual(_openid_signature($association, $response, array('foo', 'bar')), 'QnKZQzSFstT+GNiJDFOptdcZjrc=', t('Expected signature calculated.')); } + + /** + * Test _openid_is_xri(). + */ + function testOpenidXRITest() { + // Test that the XRI test is according to OpenID Authentication 2.0, + // section 7.2. If the user-supplied string starts with xri:// it should be + // stripped and the resulting string should be treated as an XRI when it + // starts with "=", "@", "+", "$", "!" or "(". + $this->assertTrue(_openid_is_xri('xri://=foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://@foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://+foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://$foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://!foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme..')); + $this->assertTrue(_openid_is_xri('xri://(foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme..')); + + $this->assertTrue(_openid_is_xri('=foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('@foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('+foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('$foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('!foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('(foo'), t('_openid_is_xri returned expected result for an xri identifier.')); + + $this->assertFalse(_openid_is_xri('foo'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('xri://foo'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://foo/'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://example.com/'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('user@example.com/'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://user@example.com/'), t('_openid_is_xri returned expected result for an http URL.')); + } } |