search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixes null key handling in incoming query strings.
[dotnetoauth.git] / src / DotNetOpenAuth.Test / OpenId / RealmTests.cs
blobe062e1213de72cdb6809a5c23dc99a0fd322414f
1 //-----------------------------------------------------------------------
2 // <copyright file="RealmTests.cs" company="Andrew Arnott">
3 // Copyright (c) Andrew Arnott. All rights reserved.
4 // </copyright>
5 //-----------------------------------------------------------------------
6
7 namespace DotNetOpenAuth.Test {
8 using System;
9 using DotNetOpenAuth.OpenId;
10 using Microsoft.VisualStudio.TestTools.UnitTesting;
11
12 [TestClass]
13 public class RealmTests {
14 [TestMethod]
15 public void ValidRealmsTest() {
16 // Just create these. If any are determined to be invalid,
17 // an exception should be thrown that would fail this test.
18 new Realm("http://www.myopenid.com");
19 new Realm("http://www.myopenid.com/");
20 new Realm("http://www.myopenid.com:5221/");
21 new Realm("https://www.myopenid.com");
22 new Realm("http://www.myopenid.com/abc");
23 new Realm("http://www.myopenid.com/abc/");
24 new Realm("http://*.myopenid.com/");
25 new Realm("http://*.com/");
26 new Realm("http://*.guest.myopenid.com/");
27 }
28
29 [TestMethod]
30 [ExpectedException(typeof(ArgumentNullException))]
31 public void InvalidRealmNullString() {
32 new Realm((string)null);
33 }
34
35 [TestMethod]
36 [ExpectedException(typeof(ArgumentNullException))]
37 public void InvalidRealmNullUri() {
38 new Realm((Uri)null);
39 }
40
41 [TestMethod]
42 [ExpectedException(typeof(UriFormatException))]
43 public void InvalidRealmEmpty() {
44 new Realm(string.Empty);
45 }
46
47 [TestMethod]
48 [ExpectedException(typeof(UriFormatException))]
49 public void InvalidRealmBadProtocol() {
50 new Realm("asdf://www.microsoft.com/");
51 }
52
53 [TestMethod]
54 [ExpectedException(typeof(UriFormatException))]
55 public void InvalidRealmNoScheme() {
56 new Realm("www.guy.com");
57 }
58
59 [TestMethod]
60 [ExpectedException(typeof(UriFormatException))]
61 public void InvalidRealmBadWildcard1() {
62 new Realm("http://*www.my.com");
63 }
64
65 [TestMethod]
66 [ExpectedException(typeof(UriFormatException))]
67 public void InvalidRealmBadWildcard2() {
68 new Realm("http://www.*.com");
69 }
70
71 [TestMethod]
72 [ExpectedException(typeof(UriFormatException))]
73 public void InvalidRealmBadWildcard3() {
74 new Realm("http://www.my.*/");
75 }
76
77 [TestMethod]
78 [ExpectedException(typeof(UriFormatException))]
79 public void InvalidRealmTwoWildcards1() {
80 new Realm("http://**.my.com");
81 }
82
83 [TestMethod]
84 [ExpectedException(typeof(UriFormatException))]
85 public void InvalidRealmTwoWildcards2() {
86 new Realm("http://*.*.my.com");
87 }
88
89 [TestMethod]
90 public void IsSaneTest() {
91 Assert.IsTrue(new Realm("http://www.myopenid.com").IsSane);
92 Assert.IsTrue(new Realm("http://myopenid.com").IsSane);
93 Assert.IsTrue(new Realm("http://localhost").IsSane);
94 Assert.IsTrue(new Realm("http://localhost:33532/dab").IsSane);
95 Assert.IsTrue(new Realm("http://www.myopenid.com").IsSane);
96
97 Assert.IsFalse(new Realm("http://*.com").IsSane);
98 Assert.IsFalse(new Realm("http://*.co.uk").IsSane);
99 }
100
101 [TestMethod]
102 public void IsUrlWithinRealmTests() {
103 /*
104 * The openid.return_to URL MUST descend from the openid.trust_root, or the
105 * Identity Provider SHOULD return an error. Namely, the URL scheme and port
106 * MUST match. The path, if present, MUST be equal to or below the value of
107 * openid.trust_root, and the domains on both MUST match, or, the
108 * openid.trust_root value contain a wildcard like http://*.example.com.
109 * The wildcard SHALL only be at the beginning. It is RECOMMENDED Identity
110 * Provider's protect their End Users from requests for things like
111 * http://*.com/ or http://*.co.uk/.
112 */
113
114 // Schemes must match
115 Assert.IsFalse(new Realm("https://www.my.com/").Contains("http://www.my.com/"));
116 Assert.IsFalse(new Realm("http://www.my.com/").Contains("https://www.my.com/"));
117
118 // Ports must match
119 Assert.IsTrue(new Realm("http://www.my.com/").Contains("http://www.my.com:80/boo"));
120 Assert.IsTrue(new Realm("http://www.my.com:80/").Contains("http://www.my.com/boo"));
121 Assert.IsFalse(new Realm("http://www.my.com:79/").Contains("http://www.my.com/boo"));
122 Assert.IsFalse(new Realm("https://www.my.com/").Contains("http://www.my.com:79/boo"));
123
124 // Path must be (at or) below trust root
125 Assert.IsTrue(new Realm("http://www.my.com/").Contains("http://www.my.com/"));
126 Assert.IsTrue(new Realm("http://www.my.com/").Contains("http://www.my.com/boo"));
127 Assert.IsTrue(new Realm("http://www.my.com/p/").Contains("http://www.my.com/p/l"));
128 Assert.IsTrue(new Realm("http://www.my.com/bah").Contains("http://www.my.com/bah/bah"));
129 Assert.IsTrue(new Realm("http://www.my.com/bah").Contains("http://www.my.com/bah/bah"));
130 Assert.IsTrue(new Realm("http://www.my.com/bah.html").Contains("http://www.my.com/bah.html/bah"));
131 Assert.IsFalse(new Realm("http://www.my.com/bah").Contains("http://www.my.com/bahbah"));
132 Assert.IsTrue(new Realm("http://www.my.com/bah").Contains("http://www.my.com/bah?q=a"));
133 Assert.IsTrue(new Realm("http://www.my.com/bah?q=a").Contains("http://www.my.com/bah?q=a"));
134 Assert.IsTrue(new Realm("http://www.my.com/bah?a=b&c=d").Contains("http://www.my.com/bah?a=b&c=d&e=f"));
135 Assert.IsFalse(new Realm("http://www.my.com/bah?a=b&c=d").Contains("http://www.my.com/bah?a=b"));
136
137 // Domains MUST match
138 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://yours.com/"));
139 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://www.yours.com/"));
140 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://q.www.my.com/"));
141 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://wwww.my.com/"));
142 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://www.my.com.uk/"));
143 Assert.IsFalse(new Realm("http://www.my.com/").Contains("http://www.my.comm/"));
144
145 // Allow for wildcards
146 Assert.IsTrue(new Realm("http://*.www.my.com/").Contains("http://bah.www.my.com/"));
147 Assert.IsTrue(new Realm("http://*.www.my.com/").Contains("http://bah.WWW.MY.COM/"));
148 Assert.IsTrue(new Realm("http://*.www.my.com/").Contains("http://bah.www.my.com/boo"));
149 Assert.IsTrue(new Realm("http://*.my.com/").Contains("http://bah.www.my.com/boo"));
150 Assert.IsTrue(new Realm("http://*.my.com/").Contains("http://my.com/boo"));
151 Assert.IsFalse(new Realm("http://*.my.com/").Contains("http://ohmeohmy.com/"));
152 Assert.IsFalse(new Realm("http://*.my.com/").Contains("http://me.com/"));
153 Assert.IsFalse(new Realm("http://*.my.com/").Contains("http://my.co/"));
154 Assert.IsFalse(new Realm("http://*.my.com/").Contains("http://com/"));
155 Assert.IsFalse(new Realm("http://*.www.my.com/").Contains("http://my.com/"));
156 Assert.IsFalse(new Realm("http://*.www.my.com/").Contains("http://zzz.my.com/"));
157 // These are tested against by the constructor test, as these are invalid wildcard positions.
158 ////Assert.IsFalse(new Realm("http://*www.my.com/").ValidateUrl("http://bah.www.my.com/"));
159 ////Assert.IsFalse(new Realm("http://*www.my.com/").ValidateUrl("http://wwww.my.com/"));
160
161 // Among those that should return true, mix up character casing to test for case sensitivity.
162 // Host names should be case INSENSITIVE, but paths should probably be case SENSITIVE,
163 // because in some systems they are case sensitive and to ignore this would open
164 // security holes.
165 Assert.IsTrue(new Realm("http://www.my.com/").Contains("http://WWW.MY.COM/"));
166 Assert.IsFalse(new Realm("http://www.my.com/abc").Contains("http://www.my.com/ABC"));
167 }
168
169 [TestMethod]
170 public void ImplicitConversionFromStringTests() {
171 Realm realm = "http://host";
172 Assert.AreEqual("host", realm.Host);
173 realm = (string)null;
174 Assert.IsNull(realm);
175 }
176
177 [TestMethod]
178 public void ImplicitConversionToStringTests() {
179 Realm realm = new Realm("http://host/");
180 string realmString = realm;
181 Assert.AreEqual("http://host/", realmString);
182 realm = null;
183 realmString = realm;
184 Assert.IsNull(realmString);
185 }
186
187 [TestMethod]
188 public void ImplicitConverstionFromUriTests() {
189 Uri uri = new Uri("http://host");
190 Realm realm = uri;
191 Assert.AreEqual(uri.Host, realm.Host);
192 uri = null;
193 realm = uri;
194 Assert.IsNull(realm);
195 }
196
197 [TestMethod]
198 public void EqualsTest() {
199 Realm testRealm1a = new Realm("http://www.yahoo.com");
200 Realm testRealm1b = new Realm("http://www.yahoo.com");
201 Realm testRealm2 = new Realm("http://www.yahoo.com/b");
202 Realm testRealm3 = new Realm("http://*.www.yahoo.com");
203
204 Assert.AreEqual(testRealm1a, testRealm1b);
205 Assert.AreNotEqual(testRealm1a, testRealm2);
206 Assert.AreNotEqual(testRealm1a, null);
207 Assert.AreNotEqual(testRealm1a, testRealm1a.ToString(), "Although the URLs are equal, different object types shouldn't be equal.");
208 Assert.AreNotEqual(testRealm3, testRealm1a, "Wildcard difference ignored by Equals");
209 }
210 }
211 }
OAuth running on .NET