lemonldap-ng/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t

use Test::More;
use JSON;
use MIME::Base64;
use Data::Dumper;
use URI::Escape;

require 't/test-psgi-lib.pm';

init('Lemonldap::NG::Handler::PSGI');

my $res;
my $SKIPUSER = 0;

# Unauthentified query
# --------------------
ok( $res = $client->_get('/'), 'Unauthentified query' );
ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
ok( $res->[0] == 302,     ' Code is 302' )         or explain( $res->[0], 302 );
my %h = @{ $res->[1] };
ok(
    $h{Location} eq 'http://auth.example.com/?url='
      . uri_escape( encode_base64( 'http://test1.example.com/', '' ) ),
    'Redirection points to portal'
  )
  or explain(
    \%h,
    'Location => http://auth.example.com/?url='
      . uri_escape( encode_base64( 'http://test1.example.com/', '' ) )
  );
count(4);

# Authentified queries
# --------------------
# Authorized query
ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
    'Authentified query' );
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# Request an URI protected by custom function -> allowed
ok(
    $res =
      $client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),
    'Authentified query'
);
ok( $res->[0] == 200, '/test-uri1 -> Code is 200' ) or explain( $res, 200 );
count(2);

# Request an URI protected by custom function -> allowed
ok(
    $res = $client->_get(
        '/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId"
    ),
    'Authentified query'
);
ok( $res->[0] == 200, '/test-uri2 -> Code is 200' ) or explain( $res, 200 );
count(2);

# Request an URI protected by custom function -> denied
ok(
    $res =
      $client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),
    'Denied query'
);
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
  or explain( $res->[0], 403 );
count(2);

# Request an URI protected by custom function -> denied
ok(
    $res =
      $client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),
    'Denied query'
);
ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )
  or explain( $res->[0], 403 );
count(2);

# Denied query
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
    'Denied query' );
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res->[0], 403 );
count(2);

# Required "timelords" group
ok(
    $res =
      $client->_get( '/fortimelords', undef, undef, "lemonldap=$sessionId" ),
    'Require Timelords group'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# Required "dalek" group
ok(
    $res = $client->_get( '/fordaleks', undef, undef, "lemonldap=$sessionId" ),
    'Require Dalek group'
);
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );
count(2);

# Required AuthnLevel = 1
ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
    'Weak Authentified query' );
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# Required AuthnLevel = 5
ok(
    $res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),
    'Strong Authentified query'
);
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );
%h = @{ $res->[1] };
ok(
    $h{Location} eq 'http://auth.example.com//upgradesession?url='
      . uri_escape(
        encode_base64( 'http://test1.example.com/AuthStrong', '' ) ),
    'Redirection points to http://test1.example.com/AuthStrong'
  )
  or explain(
    \%h,
    'http://auth.example.com//upgradesession?url='
      . uri_escape( encode_base64( 'http://test1.example.com/AuthStrong', '' ) )
  );
count(3);

# Bad cookie name
ok( $res = $client->_get( '/', undef, undef, "fakelemonldap=$sessionId" ),
    'Bad cookie name' );
ok( $res->[0] == 302, ' Code is 302 (name)' ) or explain( $res, 302 );
count(2);

# Bad cookie name
ok( $res = $client->_get( '/', undef, undef, "fake-lemonldap=$sessionId" ),
    'Bad cookie name (-)' );
ok( $res->[0] == 302, ' Code is 302 (-)' ) or explain( $res, 302 );
count(2);

# Bad cookie name
ok( $res = $client->_get( '/', undef, undef, "fake.lemonldap=$sessionId" ),
    'Bad cookie name (.)' );
ok( $res->[0] == 302, ' Code is 302 (.)' ) or explain( $res, 302 );
count(2);

# Bad cookie name
ok( $res = $client->_get( '/', undef, undef, "fake_lemonldap=$sessionId" ),
    'Bad cookie name (_)' );
ok( $res->[0] == 302, ' Code is 302 (_)' ) or explain( $res, 302 );
count(2);

# Bad cookie name
ok( $res = $client->_get( '/', undef, undef, "fake~lemonldap=$sessionId" ),
    'Bad cookie name (~)' );
ok( $res->[0] == 302, ' Code is 302 (~)' ) or explain( $res, 302 );
count(2);

# Bad cookie
ok(
    $res = $client->_get(
        '/deny',
        undef,
        'manager.example.com',
'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
    ),
    'Bad cookie'
);
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res->[0], 302 );
unlink(
't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
);
count(2);

# Required AuthnLevel = 1
ok(
    $res = $client->_get(
        '/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"
    ),
    'Weak Authentified query'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# Required AuthnLevel = 5
ok(
    $res =
      $client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),
    'Default Authentified query'
);
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );
%h = @{ $res->[1] };
ok(
    $h{Location} eq 'http://auth.example.com//upgradesession?url='
      . uri_escape( encode_base64( 'http://test2.example.com/', '' ) ),
    'Redirection points to http://test2.example.com/'
  )
  or explain(
    \%h,
    'http://auth.example.com//upgradesession?url='
      . uri_escape( encode_base64( 'http://test2.example.com/', '' ) )
  );
count(3);

ok( $res = $client->_get( '/skipif/za', undef, 'test1.example.com' ),
    'Test skip() rule 1' );
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );
count(2);

# Wildcards
ok(
    $res =
      $client->_get( '/', undef, 'foo.example.org', "lemonldap=$sessionId" ),
    'Accept "*.example.org"'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# SKIP TESTS
$SKIPUSER = 1;

ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com' ),
    'Test skip() rule 2' );
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

# Forged headers
ok(
    $res = $client->_get(
        '/skipif/zz', undef, 'test1.example.com', undef,
        HTTP_AUTH_USER => 'rtyler'
    ),
    'Test skip() with forged header'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

ok(
    $res =
      $client->_get( '/', undef, 'foo.example.fr', "lemonldap=$sessionId" ),
    'Reject "foo.example.fr"'
);
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );
count(2);

ok(
    $res = $client->_get(
        '/orgdeny', undef, 'foo.example.org', "lemonldap=$sessionId"
    ),
    'Reject "foo.example.org/orgdeny"'
);
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );
count(2);

ok(
    $res = $client->_get(
        '/orgdeny', undef, 'afoo.example.org', "lemonldap=$sessionId"
    ),
    'Accept "afoo.example.org/orgdeny"'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

ok(
    $res = $client->_get(
        '/orgdeny', undef, 'abfoo.example.org', "lemonldap=$sessionId"
    ),
    'Reject "abfoo.example.org/orgdeny"'
);
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );
count(2);

ok(
    $res = $client->_get(
        '/', undef, 'abfoo.a.example.org', "lemonldap=$sessionId"
    ),
    'Accept "abfoo.a.example.org/"'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

ok(
    $res = $client->_get(
        '/orgdeny', undef, 'abfoo.a.example.org', "lemonldap=$sessionId"
    ),
    'Accept "abfoo.a.example.org/orgdeny"'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

ok(
    $res =
      $client->_get( '/', undef, 'abfoo.example.org', "lemonldap=$sessionId" ),
    'Reject "abfoo.example.org/"'
);
ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );
count(2);

ok(
    $res = $client->_get(
        '/', undef, 'test-foo.example.fr', "lemonldap=$sessionId"
    ),
    'Accept "test*.example.fr"'
);
ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );
count(2);

done_testing( count() );

clean();

sub Lemonldap::NG::Handler::PSGI::handler {
    my ( $self, $req ) = @_;
    if ($SKIPUSER) {
        ok( !$req->env->{HTTP_AUTH_USER}, 'No HTTP_AUTH_USER' )
          or explain( $req->env->{HTTP_AUTH_USER}, '<empty>' );
    }
    else {
        ok( $req->env->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
          or explain( $req->env->{HTTP_AUTH_USER}, 'dwho' );
    }
    count(1);
    return [ 200, [ 'Content-Type', 'text/plain' ], ['Hello'] ];
}
Skeleton for PSGI handler tests 2016-02-01 12:11:31 +01:00			`use Test::More;`
			`use JSON;`
Full PSGI test 2016-02-01 21:10:28 +01:00			`use MIME::Base64;`
Missing dep 2019-02-05 11:23:09 +01:00			`use Data::Dumper;`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`use URI::Escape;`
Skeleton for PSGI handler tests 2016-02-01 12:11:31 +01:00
Full PSGI test 2016-02-01 21:10:28 +01:00			`require 't/test-psgi-lib.pm';`
Skeleton for PSGI handler tests 2016-02-01 12:11:31 +01:00
PSGI tests in progress... (#583) 2016-02-01 13:15:27 +01:00			`init('Lemonldap::NG::Handler::PSGI');`

Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00			`my $res;`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`my $SKIPUSER = 0;`
Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00
Full PSGI test 2016-02-01 21:10:28 +01:00			`# Unauthentified query`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# --------------------`
Full PSGI test 2016-02-01 21:10:28 +01:00			`ok( $res = $client->_get('/'), 'Unauthentified query' );`
Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00			`ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );`
tidy 2022-02-16 17:43:29 +01:00			`ok( $res->[0] == 302, ' Code is 302' ) or explain( $res->[0], 302 );`
Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00			`my %h = @{ $res->[1] };`
			`ok(`
			`$h{Location} eq 'http://auth.example.com/?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape( encode_base64( 'http://test1.example.com/', '' ) ),`
Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00			`'Redirection points to portal'`
			`)`
			`or explain(`
			`\%h,`
			`'Location => http://auth.example.com/?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape( encode_base64( 'http://test1.example.com/', '' ) )`
Nginx in progress... (#583) 2016-02-01 20:05:14 +01:00			`);`
			`count(4);`

Full PSGI test 2016-02-01 21:10:28 +01:00			`# Authentified queries`
			`# --------------------`
Typo 2019-08-26 21:57:13 +02:00			`# Authorized query`
Backport #1036 2016-06-09 13:45:10 +02:00			`ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),`
			`'Authentified query' );`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
Full PSGI test 2016-02-01 21:10:28 +01:00			`count(2);`

Append extended function (#1994) 2019-11-05 17:16:07 +01:00			`# Request an URI protected by custom function -> allowed`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok(`
			`$res =`
			`$client->_get( '/test-uri1/dwho', undef, undef, "lemonldap=$sessionId" ),`
			`'Authentified query'`
			`);`
Append extended function (#1994) 2019-11-05 17:16:07 +01:00			`ok( $res->[0] == 200, '/test-uri1 -> Code is 200' ) or explain( $res, 200 );`
			`count(2);`

			`# Request an URI protected by custom function -> allowed`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok(`
			`$res = $client->_get(`
			`'/test-uri2/dwho/dummy', undef, undef, "lemonldap=$sessionId"`
			`),`
			`'Authentified query'`
			`);`
Append extended function (#1994) 2019-11-05 17:16:07 +01:00			`ok( $res->[0] == 200, '/test-uri2 -> Code is 200' ) or explain( $res, 200 );`
			`count(2);`

			`# Request an URI protected by custom function -> denied`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok(`
			`$res =`
			`$client->_get( '/test-uri1/dwho/', undef, undef, "lemonldap=$sessionId" ),`
			`'Denied query'`
			`);`
			`ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )`
			`or explain( $res->[0], 403 );`
Append extended function (#1994) 2019-11-05 17:16:07 +01:00			`count(2);`

			`# Request an URI protected by custom function -> denied`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok(`
			`$res =`
			`$client->_get( '/test-uri1/dwh', undef, undef, "lemonldap=$sessionId" ),`
			`'Denied query'`
			`);`
			`ok( $res->[0] == 403, '/test-uri1 -> Code is 403' )`
			`or explain( $res->[0], 403 );`
Append extended function (#1994) 2019-11-05 17:16:07 +01:00			`count(2);`

Full PSGI test 2016-02-01 21:10:28 +01:00			`# Denied query`
Backport #1036 2016-06-09 13:45:10 +02:00			`ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),`
			`'Denied query' );`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res->[0], 403 );`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`count(2);`
Full PSGI test 2016-02-01 21:10:28 +01:00
Add new inGroup function to test group membership (#2036) 2020-02-06 11:56:32 +01:00			`# Required "timelords" group`
			`ok(`
			`$res =`
			`$client->_get( '/fortimelords', undef, undef, "lemonldap=$sessionId" ),`
			`'Require Timelords group'`
			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
Add new inGroup function to test group membership (#2036) 2020-02-06 11:56:32 +01:00			`count(2);`

			`# Required "dalek" group`
			`ok(`
			`$res = $client->_get( '/fordaleks', undef, undef, "lemonldap=$sessionId" ),`
			`'Require Dalek group'`
			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );`
Add new inGroup function to test group membership (#2036) 2020-02-06 11:56:32 +01:00			`count(2);`

Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# Required AuthnLevel = 1`
			`ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),`
Improve unit tests (#1988) 2019-10-29 22:35:21 +01:00			`'Weak Authentified query' );`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
Full PSGI test 2016-02-01 21:10:28 +01:00			`count(2);`

Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# Required AuthnLevel = 5`
			`ok(`
			`$res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),`
Improve unit tests (#1988) 2019-10-29 22:35:21 +01:00			`'Strong Authentified query'`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`%h = @{ $res->[1] };`
			`ok(`
			`$h{Location} eq 'http://auth.example.com//upgradesession?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape(`
			`encode_base64( 'http://test1.example.com/AuthStrong', '' ) ),`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`'Redirection points to http://test1.example.com/AuthStrong'`
			`)`
			`or explain(`
			`\%h,`
			`'http://auth.example.com//upgradesession?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape( encode_base64( 'http://test1.example.com/AuthStrong', '' ) )`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`);`
			`count(3);`

Avoid to match non-Lemon cookie (#2417) 2020-12-17 23:26:58 +01:00			`# Bad cookie name`
			`ok( $res = $client->_get( '/', undef, undef, "fakelemonldap=$sessionId" ),`
Avoid to match non-Lemon cookie (#2417) 2020-12-18 23:20:54 +01:00			`'Bad cookie name' );`
			`ok( $res->[0] == 302, ' Code is 302 (name)' ) or explain( $res, 302 );`
Avoid to match non-Lemon cookie (#2417) 2020-12-17 23:26:58 +01:00			`count(2);`

			`# Bad cookie name`
			`ok( $res = $client->_get( '/', undef, undef, "fake-lemonldap=$sessionId" ),`
Avoid to match non-Lemon cookie (#2417) 2020-12-18 23:20:54 +01:00			`'Bad cookie name (-)' );`
			`ok( $res->[0] == 302, ' Code is 302 (-)' ) or explain( $res, 302 );`
			`count(2);`

			`# Bad cookie name`
			`ok( $res = $client->_get( '/', undef, undef, "fake.lemonldap=$sessionId" ),`
			`'Bad cookie name (.)' );`
			`ok( $res->[0] == 302, ' Code is 302 (.)' ) or explain( $res, 302 );`
			`count(2);`

			`# Bad cookie name`
			`ok( $res = $client->_get( '/', undef, undef, "fake_lemonldap=$sessionId" ),`
			`'Bad cookie name (_)' );`
			`ok( $res->[0] == 302, ' Code is 302 (_)' ) or explain( $res, 302 );`
			`count(2);`

			`# Bad cookie name`
			`ok( $res = $client->_get( '/', undef, undef, "fake~lemonldap=$sessionId" ),`
			`'Bad cookie name (~)' );`
			`ok( $res->[0] == 302, ' Code is 302 (~)' ) or explain( $res, 302 );`
Avoid to match non-Lemon cookie (#2417) 2020-12-17 23:26:58 +01:00			`count(2);`

Full PSGI test 2016-02-01 21:10:28 +01:00			`# Bad cookie`
			`ok(`
			`$res = $client->_get(`
			`'/deny',`
			`undef,`
			`'manager.example.com',`
			`'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'`
			`),`
			`'Bad cookie'`
			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 302, ' Code is 302' ) or explain( $res->[0], 302 );`
make tidy 2016-02-17 11:12:19 +01:00			`unlink(`
			`'t/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'`
			`);`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`count(2);`
Full PSGI test 2016-02-01 21:10:28 +01:00
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# Required AuthnLevel = 1`
			`ok(`
			`$res = $client->_get(`
			`'/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"`
			`),`
Improve unit tests (#1988) 2019-10-29 22:35:21 +01:00			`'Weak Authentified query'`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
Full PSGI test 2016-02-01 21:10:28 +01:00			`count(2);`

Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# Required AuthnLevel = 5`
			`ok(`
			`$res =`
			`$client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),`
Improve unit tests (#1988) 2019-10-29 22:35:21 +01:00			`'Default Authentified query'`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`%h = @{ $res->[1] };`
			`ok(`
			`$h{Location} eq 'http://auth.example.com//upgradesession?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape( encode_base64( 'http://test2.example.com/', '' ) ),`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`'Redirection points to http://test2.example.com/'`
			`)`
			`or explain(`
			`\%h,`
			`'http://auth.example.com//upgradesession?url='`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`. uri_escape( encode_base64( 'http://test2.example.com/', '' ) )`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`);`
			`count(3);`

New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok( $res = $client->_get( '/skipif/za', undef, 'test1.example.com' ),`
			`'Test skip() rule 1' );`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );`
Partial test for #2434 which shows that all is not yet fixed 2021-01-14 13:12:25 +01:00			`count(2);`
New skip() function in rules 2019-12-10 16:06:17 +01:00
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`# Wildcards`
More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res =`
			`$client->_get( '/', undef, 'foo.example.org', "lemonldap=$sessionId" ),`
			`'Accept "*.example.org"'`
			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

Partial test for #2434 which shows that all is not yet fixed 2021-01-14 13:12:25 +01:00			`# SKIP TESTS`
			`$SKIPUSER = 1;`

			`ok( $res = $client->_get( '/skipif/zz', undef, 'test1.example.com' ),`
			`'Test skip() rule 2' );`
			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

			`# Forged headers`
tidy 2022-02-16 17:43:29 +01:00			`ok(`
			`$res = $client->_get(`
			`'/skipif/zz', undef, 'test1.example.com', undef,`
			`HTTP_AUTH_USER => 'rtyler'`
			`),`
			`'Test skip() with forged header'`
			`);`
Partial test for #2434 which shows that all is not yet fixed 2021-01-14 13:12:25 +01:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res =`
			`$client->_get( '/', undef, 'foo.example.fr', "lemonldap=$sessionId" ),`
			`'Reject "foo.example.fr"'`
			`);`
Fix test 2021-06-19 19:21:31 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res = $client->_get(`
			`'/orgdeny', undef, 'foo.example.org', "lemonldap=$sessionId"`
			`),`
			`'Reject "foo.example.org/orgdeny"'`
			`);`
Fix test 2021-06-19 19:21:31 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );`
Set precedence order for vhost wildcards (#2188) 2020-05-06 10:49:05 +02:00			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res = $client->_get(`
			`'/orgdeny', undef, 'afoo.example.org', "lemonldap=$sessionId"`
			`),`
			`'Accept "afoo.example.org/orgdeny"'`
			`);`
Set precedence order for vhost wildcards (#2188) 2020-05-06 10:49:05 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res = $client->_get(`
			`'/orgdeny', undef, 'abfoo.example.org', "lemonldap=$sessionId"`
			`),`
			`'Reject "abfoo.example.org/orgdeny"'`
			`);`
Fix test 2021-06-19 19:21:31 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );`
More tests (#2188) 2020-05-06 13:05:27 +02:00			`count(2);`

Improve vhost wilcards: add "%" char to match only one subdomain 2020-05-06 17:11:46 +02:00			`ok(`
Add URI escaping in Handler unit tests (#2217) 2020-05-22 17:33:25 +02:00			`$res = $client->_get(`
			`'/', undef, 'abfoo.a.example.org', "lemonldap=$sessionId"`
			`),`
Improve vhost wilcards: add "%" char to match only one subdomain 2020-05-06 17:11:46 +02:00			`'Accept "abfoo.a.example.org/"'`
			`);`
			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

			`ok(`
			`$res = $client->_get(`
			`'/orgdeny', undef, 'abfoo.a.example.org', "lemonldap=$sessionId"`
			`),`
			`'Accept "abfoo.a.example.org/orgdeny"'`
			`);`
			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res =`
			`$client->_get( '/', undef, 'abfoo.example.org', "lemonldap=$sessionId" ),`
typo 2020-05-06 13:07:12 +02:00			`'Reject "abfoo.example.org/"'`
More tests (#2188) 2020-05-06 13:05:27 +02:00			`);`
Fix test 2021-06-19 19:21:31 +02:00			`ok( $res->[0] == 403, ' Code is 403' ) or explain( $res, 403 );`
Fix vhost wildcard order (#2188) 2020-05-06 13:02:57 +02:00			`count(2);`

More tests (#2188) 2020-05-06 13:05:27 +02:00			`ok(`
			`$res = $client->_get(`
			`'/', undef, 'test-foo.example.fr', "lemonldap=$sessionId"`
			`),`
			`'Accept "test*.example.fr"'`
			`);`
Add tests for vhost wildcards 2020-05-06 10:30:03 +02:00			`ok( $res->[0] == 200, ' Code is 200' ) or explain( $res, 200 );`
			`count(2);`

Skeleton for PSGI handler tests 2016-02-01 12:11:31 +01:00			`done_testing( count() );`
Full PSGI test 2016-02-01 21:10:28 +01:00
Backport #1036 2016-06-09 13:45:10 +02:00			`clean();`

Rename router() to handler() in PSGI (#820) 2016-02-11 07:00:35 +01:00			`sub Lemonldap::NG::Handler::PSGI::handler {`
Full PSGI test 2016-02-01 21:10:28 +01:00			`my ( $self, $req ) = @_;`
Partial test for #2434 which shows that all is not yet fixed 2021-01-14 13:12:25 +01:00			`if ($SKIPUSER) {`
			`ok( !$req->env->{HTTP_AUTH_USER}, 'No HTTP_AUTH_USER' )`
			`or explain( $req->env->{HTTP_AUTH_USER}, '<empty>' );`
			`}`
			`else {`
New skip() function in rules 2019-12-10 16:06:17 +01:00			`ok( $req->env->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )`
			`or explain( $req->env->{HTTP_AUTH_USER}, 'dwho' );`
			`}`
Partial test for #2434 which shows that all is not yet fixed 2021-01-14 13:12:25 +01:00			`count(1);`
Full PSGI test 2016-02-01 21:10:28 +01:00			`return [ 200, [ 'Content-Type', 'text/plain' ], ['Hello'] ];`
			`}`