diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-06-25 18:31:37 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-06-25 18:31:37 +0000 |
commit | 38220bad9e0f0b4bc84523d44ed1052161851380 (patch) | |
tree | c17753794d6d2d95c3d6564a583e8bdf77f2ff88 /modules/openid | |
parent | cd5457024d56dedfc0609116223c8608aaaca527 (diff) | |
download | brdo-38220bad9e0f0b4bc84523d44ed1052161851380.tar.gz brdo-38220bad9e0f0b4bc84523d44ed1052161851380.tar.bz2 |
- Patch #225535 by flobruit, c960657: OpenID login fails for delegated OpenIDs.
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.inc | 11 | ||||
-rw-r--r-- | modules/openid/openid.test | 22 | ||||
-rw-r--r-- | modules/openid/tests/openid_test.module | 26 |
3 files changed, 48 insertions, 11 deletions
diff --git a/modules/openid/openid.inc b/modules/openid/openid.inc index 40ccaa3f9..74cd7c494 100644 --- a/modules/openid/openid.inc +++ b/modules/openid/openid.inc @@ -51,6 +51,11 @@ define('OPENID_NS_1_1', 'http://openid.net/signon/1.1'); define('OPENID_NS_1_0', 'http://openid.net/signon/1.0'); /** + * OpenID namespace used in Yadis documents. + */ +define('OPENID_NS_OPENID', 'http://openid.net/xmlns/1.0'); + +/** * OpenID Simple Registration extension. */ define('OPENID_NS_SREG', 'http://openid.net/extensions/sreg/1.1'); @@ -148,12 +153,12 @@ function _openid_xrds_parse($raw_xml) { foreach ($service_element->Type as $type) { $service['types'][] = (string)$type; } - if ($service_element->children(OPENID_NS_XRD)->Delegate) { - $service['identity'] = (string)$service_element->children(OPENID_NS_XRD)->Delegate; - } if ($service_element->children(OPENID_NS_XRD)->LocalID) { $service['identity'] = (string)$service_element->children(OPENID_NS_XRD)->LocalID; } + elseif ($service_element->children(OPENID_NS_OPENID)->Delegate) { + $service['identity'] = (string)$service_element->children(OPENID_NS_OPENID)->Delegate; + } else { $service['identity'] = FALSE; } diff --git a/modules/openid/openid.test b/modules/openid/openid.test index 3e58c1f6d..49f390b12 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -67,7 +67,10 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { // The URL scheme is stripped in order to test that the supplied identifier // is normalized in openid_begin(). $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE)); - $this->addIdentity(preg_replace('@^https?://@', '', $identity), 2, $identity); + $this->addIdentity(preg_replace('@^https?://@', '', $identity), 2, 'http://example.com/xrds', $identity); + + $identity = url('openid-test/yadis/xrds/delegate', array('absolute' => TRUE)); + $this->addIdentity(preg_replace('@^https?://@', '', $identity), 2, 'http://example.com/xrds-delegate', $identity); // Identifier is the URL of an XRDS document containing an OP Identifier // Element. The Relying Party sends the special value @@ -78,7 +81,7 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { // is stripped in order to test that the returned identifier is normalized in // openid_complete(). variable_set('openid_test_response', array('openid.claimed_id' => preg_replace('@^https?://@', '', $identity))); - $this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, $identity); + $this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity); variable_set('openid_test_response', array()); // Identifier is the URL of an HTML page that is sent with an HTTP header @@ -91,11 +94,11 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { // Identifier is an XRI. Resolve using our own dummy proxy resolver. variable_set('xri_proxy_resolver', url('openid-test/yadis/xrds/xri', array('absolute' => TRUE)) . '/'); - $this->addIdentity('@example*résumé;%25', 2, 'http://example.com/user'); + $this->addIdentity('@example*résumé;%25', 2, 'http://example.com/xrds', 'http://example.com/user'); // Make sure that unverified CanonicalID are not trusted. variable_set('openid_test_canonical_id_status', 'bad value'); - $this->addIdentity('@example*résumé;%25', 2, FALSE); + $this->addIdentity('@example*résumé;%25', 2, FALSE, FALSE); // HTML-based discovery: // If the User-supplied Identifier is a URL of an HTML page, the page may @@ -103,10 +106,10 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { // Provider Endpoint. OpenID 1 and 2 describe slightly different formats. // OpenID Authentication 1.1, section 3.1: - $this->addIdentity(url('openid-test/html/openid1', array('absolute' => TRUE)), 1); + $this->addIdentity(url('openid-test/html/openid1', array('absolute' => TRUE)), 1, 'http://example.com/html-openid1'); // OpenID Authentication 2.0, section 7.3.3: - $this->addIdentity(url('openid-test/html/openid2', array('absolute' => TRUE)), 2); + $this->addIdentity(url('openid-test/html/openid2', array('absolute' => TRUE)), 2, 'http://example.com/html-openid2'); } /** @@ -197,11 +200,16 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { * The User-supplied Identifier. * @param $version * The protocol version used by the service. + * @param $local_id + * The expected OP-Local Identifier found during discovery. * @param $claimed_id * The expected Claimed Identifier returned by the OpenID Provider, or FALSE * if the discovery is expected to fail. */ - function addIdentity($identity, $version = 2, $claimed_id = NULL) { + function addIdentity($identity, $version = 2, $local_id = 'http://example.com/xrds', $claimed_id = NULL) { + // Tell openid_test.module to only accept this OP-Local Identifier. + variable_set('openid_test_identity', $local_id); + $edit = array('openid_identifier' => $identity); $this->drupalPost('user/' . $this->web_user->uid . '/openid', $edit, t('Add an OpenID')); diff --git a/modules/openid/tests/openid_test.module b/modules/openid/tests/openid_test.module index f6e1a9f6e..261a1aa1e 100644 --- a/modules/openid/tests/openid_test.module +++ b/modules/openid/tests/openid_test.module @@ -88,7 +88,7 @@ function openid_test_yadis_xrds() { } drupal_add_http_header('Content-Type', 'application/xrds+xml'); print '<?xml version="1.0" encoding="UTF-8"?> - <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> + <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)" xmlns:openid="http://openid.net/xmlns/1.0"> <XRD> <Status cid="' . check_plain(variable_get('openid_test_canonical_id_status', 'verified')) . '"/> <ProviderID>xri://@</ProviderID> @@ -100,6 +100,7 @@ function openid_test_yadis_xrds() { <Type>http://specs.openid.net/auth/2.0/signon</Type> <Type>http://openid.net/srv/ax/1.0</Type> <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> + <LocalID>http://example.com/xrds</LocalID> </Service> <Service priority="15"> <Type>http://specs.openid.net/auth/2.0/signon</Type> @@ -121,6 +122,15 @@ function openid_test_yadis_xrds() { <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> </Service>'; } + elseif (arg(3) == 'delegate') { + print ' + <Service priority="5"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <Type>http://openid.net/srv/ax/1.0</Type> + <URI>' . url('openid-test/endpoint', array('absolute' => TRUE)) . '</URI> + <openid:Delegate>http://example.com/xrds-delegate</openid:Delegate> + </Service>'; + } print ' </XRD> </xrds:XRDS>'; @@ -158,6 +168,7 @@ function openid_test_yadis_http_equiv() { */ function openid_test_html_openid1() { drupal_add_html_head_link(array('rel' => 'openid.server', 'href' => url('openid-test/endpoint', array('absolute' => TRUE)))); + drupal_add_html_head_link(array('rel' => 'openid.delegate', 'href' => 'http://example.com/html-openid1')); return t('This page includes a <link rel=...> element containing the URL of an OpenID Provider Endpoint.'); } @@ -166,6 +177,7 @@ function openid_test_html_openid1() { */ function openid_test_html_openid2() { drupal_add_html_head_link(array('rel' => 'openid2.provider', 'href' => url('openid-test/endpoint', array('absolute' => TRUE)))); + drupal_add_html_head_link(array('rel' => 'openid2.local_id', 'href' => 'http://example.com/html-openid2')); return t('This page includes a <link rel=...> element containing the URL of an OpenID Provider Endpoint.'); } @@ -249,6 +261,18 @@ function _openid_test_endpoint_associate() { function _openid_test_endpoint_authenticate() { module_load_include('inc', 'openid'); + $expected_identity = variable_get('openid_test_identity'); + if ($expected_identity && $_REQUEST['openid_identity'] != $expected_identity) { + $response = variable_get('openid_test_response', array()) + array( + 'openid.ns' => OPENID_NS_2_0, + 'openid.mode' => 'error', + 'openid.error' => 'Unexpted identity', + ); + drupal_add_http_header('Content-Type', 'text/plain'); + header('Location: ' . url($_REQUEST['openid_return_to'], array('query' => $response, 'external' => TRUE))); + return; + } + // Generate unique identifier for this authentication. $nonce = _openid_nonce(); |