diff options
Diffstat (limited to 'modules/openid/openid.test')
-rw-r--r-- | modules/openid/openid.test | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/modules/openid/openid.test b/modules/openid/openid.test index 68313ae7e..8937576c7 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -264,6 +264,25 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { } $this->assertRaw(t('Successfully added %identity', array('%identity' => $claimed_id)), t('Identity %identity was added.', array('%identity' => $identity))); } + + /** + * Tests that openid.signed is verified. + */ + function testSignatureValidation() { + // Use a User-supplied Identity that is the URL of an XRDS document. + $identity = url('openid-test/yadis/xrds', array('absolute' => TRUE)); + + // Do not sign all mandatory fields (e.g. assoc_handle). + variable_set('openid_test_response', array('openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce')); + $this->submitLoginForm($identity); + $this->assertRaw('OpenID login failed.'); + + // Sign all mandatory fields and some custom fields. + variable_set('openid_test_response', array('openid.foo' => 'bar', 'openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle,foo')); + $this->submitLoginForm($identity); + $this->assertNoRaw('OpenID login failed.'); + } + } /** |