lemonldap-ng/lemonldap-ng-portal/t/01-AuthDemo.t

use Test::More;
use strict;
use IO::String;
use MIME::Base64;
use URI;
use URI::QueryParam;

require 't/test-lib.pm';

my $res;

my $client = LLNG::Manager::Test->new( {
        ini => {
            logLevel                       => 'error',
            portal                         => 'https://auth.example.com/',
            useSafeJail                    => 1,
            strictTransportSecurityMax_Age => '1977',
            portalFavicon                  => 'common/llng.ico'
        }
    }
);

# Test normal first access
# ------------------------
ok( $res = $client->_get('/'), 'Unauth JSON request' );
count(1);
expectReject($res);

# Test "first access" with an unprotected url
ok(
    $res = $client->_get(
        '/',
        query  => 'url=' . encode_base64( "http://test.example.fr/", '' ),
        accept => 'text/html'
    ),
    'Get Menu'
);
ok( getHeader( $res, 'Strict-Transport-Security' ) =~ /^max-age=1977$/,
    'Strict-Transport-Security is set' )
  or explain( $res->[1], 'Content-Type => application/xml' );
ok( $res->[2]->[0] =~ /<span trmsg="37">/, 'Rejected with PE_BADURL' )
  or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
  or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%link href="/static/common/llng.ico%,
    ' Custom favicon found' )
  or print STDERR Dumper( $res->[2]->[0] );
count(5);

# Test "first access" with a wildcard-protected url
ok(
    $res = $client->_get(
        '/',
        query  => 'url=' . encode_base64( "http://test.example.llng/", '' ),
        accept => 'text/html'
    ),
    'Get Menu'
);
ok( $res->[2]->[0] =~ /<span trmsg="9">/, 'Rejected with PE_FIRSTACCESS' )
  or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
  or print STDERR Dumper( $res->[2]->[0] );
count(3);

# Test "first access" with good url
ok(
    $res =
      $client->_get( '/', query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==' ),
    'Unauth ajax request with good url'
);
count(1);
expectReject($res);

ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );
ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )
  or print STDERR Dumper( $res->[2]->[0] );
count(2);

# Try to authenticate with unknown user
# -------------------------------------
ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=jdoe&password=jdoe'),
        accept => 'text/html',
        length => 23
    ),
    'Auth query'
);
ok(
    $res->[2]->[0] =~ /<span trmsg="5">/,
    'jdoe rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
    'Found connect button' )
  or print STDERR Dumper( $res->[2]->[0] );
count(3);

my ( $host, $uri, $query ) =
  expectForm( $res, undef, undef, 'user', 'password' );
my $uri = URI->new;
$uri->query($query);
is( $uri->query_param("user"), 'jdoe',
    "Login is pre-filled on second attemps" );
count(1);

# Try to authenticate with bad password
# -------------------------------------
ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=jdoe'),
        accept => 'text/html',
        length => 23
    ),
    'Auth query'
);
count(1);
ok(
    $res->[2]->[0] =~ /<span trmsg="5">/,
    'dwho rejected with PE_BADCREDENTIALS'
) or print STDERR Dumper( $res->[2]->[0] );
count(1);
ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,
    'Found connect button' )
  or print STDERR Dumper( $res->[2]->[0] );
count(1);

# Try to authenticate with good password
# --------------------------------------
ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=dwho'),
        length => 23,
    ),
    'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);

# Try to get a redirection for an auth user with a valid url
# ----------------------------------------------------------
ok(
    $res = $client->_get(
        '/',
        query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',
        cookie => "lemonldap=$id",
        accept => 'text/html'
    ),
    'Auth ajax request with good url'
);
count(1);
expectRedirection( $res, 'http://test1.example.com/' );
expectAuthenticatedAs( $res, 'dwho' );

# Try to get a redirection for an auth user with a bad url (host undeclared
# in manager)
# -------------------------------------------------------------------------
ok(
    $res = $client->_get(
        '/',
        query  => 'url=aHR0cHM6Ly90LmV4YW1wbGUuY29tLw==',
        cookie => "lemonldap=$id",
        accept => 'text/html'
    ),
    'Auth request with bad url'
);
count(1);
expectOK($res);
expectAuthenticatedAs( $res, 'dwho' );

require 't/test-psgi.pm';

ok( $res = mirror( cookie => "lemonldap=$id" ), 'PSGI test' );
count(1);
expectOK($res);
expectAuthenticatedAs( $res, 'dwho' );

# Test logout
$client->logout($id);

#print STDERR Dumper($res);

clean_sessions();

done_testing( count() );
First running test (#595) 2016-04-03 18:27:13 +02:00			`use Test::More;`
			`use strict;`
#595 in progress... 2016-04-04 07:08:26 +02:00			`use IO::String;`
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00			`use MIME::Base64;`
Unit test for #2616 2021-09-15 14:09:04 +02:00			`use URI;`
			`use URI::QueryParam;`
First running test (#595) 2016-04-03 18:27:13 +02:00
			`require 't/test-lib.pm';`

#595 in progress... 2016-04-04 07:08:26 +02:00			`my $res;`

Append favicon option (#2750) 2022-05-16 22:32:11 +02:00			`my $client = LLNG::Manager::Test->new( {`
			`ini => {`
Update langs & conf files & doc & test (#2674) 2022-08-30 23:17:03 +02:00			`logLevel => 'error',`
			`portal => 'https://auth.example.com/',`
			`useSafeJail => 1,`
			`strictTransportSecurityMax_Age => '1977',`
			`portalFavicon => 'common/llng.ico'`
Append favicon option (#2750) 2022-05-16 22:32:11 +02:00			`}`
			`}`
			`);`
Improve tests (#595) 2016-04-05 07:23:42 +02:00
Use old path for now (#595) 2016-04-08 06:40:41 +02:00			`# Test normal first access`
			`# ------------------------`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`ok( $res = $client->_get('/'), 'Unauth JSON request' );`
Clean tests (not finished) (#595)' 2016-12-23 07:41:03 +01:00			`count(1);`
			`expectReject($res);`
#595 in progress... 2016-04-04 07:08:26 +02:00
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00			`# Test "first access" with an unprotected url`
			`ok(`
			`$res = $client->_get(`
			`'/',`
			`query => 'url=' . encode_base64( "http://test.example.fr/", '' ),`
			`accept => 'text/html'`
			`),`
			`'Get Menu'`
			`);`
Update langs & conf files & doc & test (#2674) 2022-08-30 23:17:03 +02:00			`ok( getHeader( $res, 'Strict-Transport-Security' ) =~ /^max-age=1977$/,`
			`'Strict-Transport-Security is set' )`
			`or explain( $res->[1], 'Content-Type => application/xml' );`
Tidy 2020-05-24 00:04:33 +02:00			`ok( $res->[2]->[0] =~ /<span trmsg="37">/, 'Rejected with PE_BADURL' )`
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00			`or print STDERR Dumper( $res->[2]->[0] );`
			`ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )`
			`or print STDERR Dumper( $res->[2]->[0] );`
Use Perltidy 20220217 (Closes: #2765) 2022-06-23 12:12:25 +02:00			`ok( $res->[2]->[0] =~ m%link href="/static/common/llng.ico%,`
			`' Custom favicon found' )`
Append favicon option (#2750) 2022-05-16 22:32:11 +02:00			`or print STDERR Dumper( $res->[2]->[0] );`
Update langs & conf files & doc & test (#2674) 2022-08-30 23:17:03 +02:00			`count(5);`
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00
			`# Test "first access" with a wildcard-protected url`
			`ok(`
			`$res = $client->_get(`
			`'/',`
			`query => 'url=' . encode_base64( "http://test.example.llng/", '' ),`
			`accept => 'text/html'`
			`),`
			`'Get Menu'`
			`);`
Tidy 2020-05-24 00:04:33 +02:00			`ok( $res->[2]->[0] =~ /<span trmsg="9">/, 'Rejected with PE_FIRSTACCESS' )`
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00			`or print STDERR Dumper( $res->[2]->[0] );`
			`ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )`
			`or print STDERR Dumper( $res->[2]->[0] );`
			`count(3);`

Use old path for now (#595) 2016-04-08 06:40:41 +02:00			`# Test "first access" with good url`
Update tests (#595) 2016-05-30 22:20:50 +02:00			`ok(`
			`$res =`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`$client->_get( '/', query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==' ),`
Update tests (#595) 2016-05-30 22:20:50 +02:00			`'Unauth ajax request with good url'`
			`);`
Clean tests (not finished) (#595)' 2016-12-23 07:41:03 +01:00			`count(1);`
			`expectReject($res);`
autoRedirect works (#595) but macros() doesn't 2016-04-05 13:12:53 +02:00
Improve unit tests (#1539) 2018-11-07 22:27:58 +01:00			`ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu' );`
make tidy 2018-11-26 14:40:21 +01:00			`ok( $res->[2]->[0] =~ m%<span id="languages"></span>%, ' Language icons found' )`
			`or print STDERR Dumper( $res->[2]->[0] );`
Improve unit tests (#1539) 2018-11-07 22:27:58 +01:00			`count(2);`

Remove userData if authentication fails (#1666) 2019-03-18 21:29:15 +01:00			`# Try to authenticate with unknown user`
			`# -------------------------------------`
			`ok(`
			`$res = $client->_post(`
			`'/',`
			`IO::String->new('user=jdoe&password=jdoe'),`
			`accept => 'text/html',`
			`length => 23`
			`),`
			`'Auth query'`
			`);`
Tidy 2020-05-24 00:04:33 +02:00			`ok(`
			`$res->[2]->[0] =~ /<span trmsg="5">/,`
			`'jdoe rejected with PE_BADCREDENTIALS'`
			`) or print STDERR Dumper( $res->[2]->[0] );`
Remove userData if authentication fails (#1666) 2019-03-18 21:29:15 +01:00			`ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,`
			`'Found connect button' )`
			`or print STDERR Dumper( $res->[2]->[0] );`
Improve unit test (#2101) 2020-02-23 12:46:03 +01:00			`count(3);`
Remove userData if authentication fails (#1666) 2019-03-18 21:29:15 +01:00
Unit test for #2616 2021-09-15 14:09:04 +02:00			`my ( $host, $uri, $query ) =`
			`expectForm( $res, undef, undef, 'user', 'password' );`
			`my $uri = URI->new;`
			`$uri->query($query);`
			`is( $uri->query_param("user"), 'jdoe',`
			`"Login is pre-filled on second attemps" );`
			`count(1);`

Remove userData if authentication fails (#1666) 2019-03-18 21:29:15 +01:00			`# Try to authenticate with bad password`
			`# -------------------------------------`
			`ok(`
			`$res = $client->_post(`
			`'/',`
			`IO::String->new('user=dwho&password=jdoe'),`
			`accept => 'text/html',`
			`length => 23`
			`),`
			`'Auth query'`
			`);`
			`count(1);`
Tidy 2020-05-24 00:04:33 +02:00			`ok(`
			`$res->[2]->[0] =~ /<span trmsg="5">/,`
			`'dwho rejected with PE_BADCREDENTIALS'`
			`) or print STDERR Dumper( $res->[2]->[0] );`
Remove userData if authentication fails (#1666) 2019-03-18 21:29:15 +01:00			`count(1);`
			`ok( $res->[2]->[0] =~ m%<span trspan="connect">Connect</span>%,`
			`'Found connect button' )`
			`or print STDERR Dumper( $res->[2]->[0] );`
			`count(1);`

			`# Try to authenticate with good password`
			`# --------------------------------------`
More tests (not running for now, #595) 2016-04-04 20:05:22 +02:00			`ok(`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`$res = $client->_post(`
Update tests (#595) 2016-05-30 22:20:50 +02:00			`'/',`
More tests (not running for now, #595) 2016-04-04 20:05:22 +02:00			`IO::String->new('user=dwho&password=dwho'),`
Improve unit tests (#1539) 2018-11-07 22:27:58 +01:00			`length => 23,`
More tests (not running for now, #595) 2016-04-04 20:05:22 +02:00			`),`
Authentication succeeds (#595) 2016-04-04 22:39:22 +02:00			`'Auth query'`
			`);`
Clean tests (not finished) (#595)' 2016-12-23 07:41:03 +01:00			`count(1);`
			`expectOK($res);`
			`my $id = expectCookie($res);`
First running test (#595) 2016-04-03 18:27:13 +02:00
Use old path for now (#595) 2016-04-08 06:40:41 +02:00			`# Try to get a redirection for an auth user with a valid url`
			`# ----------------------------------------------------------`
autoRedirect works (#595) but macros() doesn't 2016-04-05 13:12:53 +02:00			`ok(`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`$res = $client->_get(`
autoRedirect works (#595) but macros() doesn't 2016-04-05 13:12:53 +02:00			`'/',`
			`query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',`
			`cookie => "lemonldap=$id",`
			`accept => 'text/html'`
			`),`
			`'Auth ajax request with good url'`
			`);`
Clean tests (not finished) (#595)' 2016-12-23 07:41:03 +01:00			`count(1);`
			`expectRedirection( $res, 'http://test1.example.com/' );`
			`expectAuthenticatedAs( $res, 'dwho' );`
Macros are working now (#595) 2016-04-05 22:46:11 +02:00
Use old path for now (#595) 2016-04-08 06:40:41 +02:00			`# Try to get a redirection for an auth user with a bad url (host undeclared`
			`# in manager)`
			`# -------------------------------------------------------------------------`
More tests (#595) 2016-04-06 22:10:03 +02:00			`ok(`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`$res = $client->_get(`
More tests (#595) 2016-04-06 22:10:03 +02:00			`'/',`
			`query => 'url=aHR0cHM6Ly90LmV4YW1wbGUuY29tLw==',`
			`cookie => "lemonldap=$id",`
			`accept => 'text/html'`
			`),`
			`'Auth request with bad url'`
			`);`
Clean tests (not finished) (#595)' 2016-12-23 07:41:03 +01:00			`count(1);`
			`expectOK($res);`
			`expectAuthenticatedAs( $res, 'dwho' );`
Start templates (#595) 2016-04-06 07:16:47 +02:00
Add handler test lib 2017-03-04 09:07:41 +01:00			`require 't/test-psgi.pm';`

			`ok( $res = mirror( cookie => "lemonldap=$id" ), 'PSGI test' );`
			`count(1);`
			`expectOK($res);`
			`expectAuthenticatedAs( $res, 'dwho' );`

Enable logout (#LEMONDAP-595) 2016-05-22 19:06:55 +02:00			`# Test logout`
Prepare tests for SAML (#595) 2016-11-14 13:34:46 +01:00			`$client->logout($id);`
Enable logout (#LEMONDAP-595) 2016-05-22 19:06:55 +02:00
Macros are working now (#595) 2016-04-05 22:46:11 +02:00			`#print STDERR Dumper($res);`
autoRedirect works (#595) but macros() doesn't 2016-04-05 13:12:53 +02:00
Macros are working now (#595) 2016-04-05 22:46:11 +02:00			`clean_sessions();`
Authentication succeeds (#595) 2016-04-04 22:39:22 +02:00
First running test (#595) 2016-04-03 18:27:13 +02:00			`done_testing( count() );`