2018-08-21 17:51:28 +02:00
|
|
|
use Test::More;
|
|
|
|
use strict;
|
|
|
|
use IO::String;
|
|
|
|
|
|
|
|
require 't/test-lib.pm';
|
2019-08-03 23:49:02 +02:00
|
|
|
my $maintests = 27;
|
2018-08-21 17:51:28 +02:00
|
|
|
|
|
|
|
SKIP: {
|
|
|
|
eval { require Convert::Base32 };
|
|
|
|
if ($@) {
|
|
|
|
skip 'Convert::Base32 is missing', $maintests;
|
|
|
|
}
|
2018-08-21 20:58:24 +02:00
|
|
|
eval { require Authen::OATH };
|
|
|
|
if ($@) {
|
|
|
|
skip 'Authen::OATH is missing', $maintests;
|
|
|
|
}
|
2018-08-21 17:51:28 +02:00
|
|
|
require Lemonldap::NG::Common::TOTP;
|
|
|
|
|
2019-02-07 09:27:56 +01:00
|
|
|
my $client = LLNG::Manager::Test->new( {
|
2018-08-21 17:51:28 +02:00
|
|
|
ini => {
|
2018-08-21 17:52:05 +02:00
|
|
|
logLevel => 'error',
|
2018-08-21 17:51:28 +02:00
|
|
|
totp2fSelfRegistration => 1,
|
|
|
|
totp2fActivation => 1,
|
|
|
|
totp2fDigits => 8,
|
2019-06-12 22:00:24 +02:00
|
|
|
totp2fTTL => -1,
|
2019-08-03 22:33:30 +02:00
|
|
|
formTimeout => 2,
|
|
|
|
requireToken => 1,
|
2018-08-21 17:51:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
|
|
|
my $res;
|
|
|
|
|
|
|
|
# Try to authenticate
|
|
|
|
# -------------------
|
2019-08-03 22:33:30 +02:00
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
|
|
|
my ( $host, $url, $query ) =
|
|
|
|
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
|
|
|
|
|
|
|
$query =~ s/user=/user=dwho/;
|
|
|
|
$query =~ s/password=/password=dwho/;
|
2018-08-21 17:51:28 +02:00
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
2019-08-03 22:33:30 +02:00
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
2018-08-21 17:51:28 +02:00
|
|
|
),
|
|
|
|
'Auth query'
|
|
|
|
);
|
|
|
|
my $id = expectCookie($res);
|
2019-08-03 22:33:30 +02:00
|
|
|
expectRedirection( $res, 'http://auth.example.com/' );
|
2018-08-21 17:51:28 +02:00
|
|
|
|
|
|
|
# TOTP form
|
|
|
|
ok(
|
|
|
|
$res = $client->_get(
|
|
|
|
'/2fregisters',
|
|
|
|
cookie => "lemonldap=$id",
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Form registration'
|
|
|
|
);
|
|
|
|
expectRedirection( $res, qr#/2fregisters/totp$# );
|
|
|
|
ok(
|
|
|
|
$res = $client->_get(
|
|
|
|
'/2fregisters/totp',
|
|
|
|
cookie => "lemonldap=$id",
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Form registration'
|
|
|
|
);
|
|
|
|
ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' );
|
|
|
|
|
|
|
|
# JS query
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/2fregisters/totp/getkey', IO::String->new(''),
|
|
|
|
cookie => "lemonldap=$id",
|
|
|
|
length => 0,
|
|
|
|
),
|
|
|
|
'Get new key'
|
|
|
|
);
|
|
|
|
eval { $res = JSON::from_json( $res->[2]->[0] ) };
|
|
|
|
ok( not($@), 'Content is JSON' )
|
|
|
|
or explain( $res->[2]->[0], 'JSON content' );
|
|
|
|
my ( $key, $token );
|
|
|
|
ok( $key = $res->{secret}, 'Found secret' );
|
|
|
|
ok( $token = $res->{token}, 'Found token' );
|
|
|
|
$key = Convert::Base32::decode_base32($key);
|
|
|
|
|
|
|
|
# Post code
|
|
|
|
my $code;
|
|
|
|
ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ),
|
|
|
|
'Code' );
|
2018-09-02 17:31:58 +02:00
|
|
|
ok( $code =~ /^\d{8}$/, 'Code contains 8 digits' );
|
2018-08-21 17:51:28 +02:00
|
|
|
my $s = "code=$code&token=$token";
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/2fregisters/totp/verify',
|
|
|
|
IO::String->new($s),
|
|
|
|
length => length($s),
|
|
|
|
cookie => "lemonldap=$id",
|
|
|
|
),
|
|
|
|
'Post code'
|
|
|
|
);
|
|
|
|
eval { $res = JSON::from_json( $res->[2]->[0] ) };
|
|
|
|
ok( not($@), 'Content is JSON' )
|
|
|
|
or explain( $res->[2]->[0], 'JSON content' );
|
|
|
|
ok( $res->{result} == 1, 'Key is registered' );
|
|
|
|
|
|
|
|
# Try to sign-in
|
|
|
|
$client->logout($id);
|
2019-08-03 22:33:30 +02:00
|
|
|
|
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
|
|
|
( $host, $url, $query ) =
|
|
|
|
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
|
|
|
|
|
|
|
$query =~ s/user=/user=dwho/;
|
|
|
|
$query =~ s/password=/password=dwho/;
|
2018-08-21 17:51:28 +02:00
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
2019-08-03 22:33:30 +02:00
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query),
|
2018-08-21 17:51:28 +02:00
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Auth query'
|
|
|
|
);
|
2019-08-03 22:33:30 +02:00
|
|
|
( $host, $url, $query ) =
|
2018-08-21 17:51:28 +02:00
|
|
|
expectForm( $res, undef, '/totp2fcheck', 'token' );
|
2018-09-02 17:31:58 +02:00
|
|
|
|
2018-08-21 20:58:24 +02:00
|
|
|
# Generate TOTP with LLNG
|
|
|
|
my $totp;
|
|
|
|
ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ),
|
|
|
|
'LLNG Code' );
|
2018-09-02 17:31:58 +02:00
|
|
|
|
2018-08-21 20:58:24 +02:00
|
|
|
# Generate TOTP with an external application to validate LLNG TOTP formula
|
|
|
|
my $oath = Authen::OATH->new( digits => 8 );
|
2018-09-02 17:31:58 +02:00
|
|
|
ok( $code = $oath->totp($key), 'Ext. App Code' );
|
|
|
|
ok( $code == $totp, 'Both TOTP match' )
|
|
|
|
or explain( [ $code, $totp ], 'LLNG and Ext. App TOTP mismatch' );
|
|
|
|
|
2018-08-21 17:51:28 +02:00
|
|
|
$query =~ s/code=/code=$code/;
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/totp2fcheck', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
),
|
|
|
|
'Post code'
|
|
|
|
);
|
|
|
|
$id = expectCookie($res);
|
|
|
|
$client->logout($id);
|
2019-08-03 22:33:30 +02:00
|
|
|
|
|
|
|
# Try to sign-in with an expired OTT
|
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
|
|
|
( $host, $url, $query ) =
|
|
|
|
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
|
|
|
|
|
|
|
$query =~ s/user=/user=dwho/;
|
|
|
|
$query =~ s/password=/password=dwho/;
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Auth query'
|
|
|
|
);
|
|
|
|
( $host, $url, $query ) =
|
|
|
|
expectForm( $res, undef, '/totp2fcheck', 'token' );
|
|
|
|
|
|
|
|
# Generate TOTP with LLNG
|
|
|
|
ok( $totp = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 8 ),
|
|
|
|
'LLNG Code' );
|
|
|
|
$query =~ s/code=/code=$code/;
|
|
|
|
|
|
|
|
diag 'Waiting';
|
|
|
|
sleep 3;
|
|
|
|
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/totp2fcheck', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Post code'
|
|
|
|
);
|
|
|
|
( $host, $url, $query ) =
|
2019-08-03 22:48:07 +02:00
|
|
|
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
2019-08-04 22:35:22 +02:00
|
|
|
ok( $res->[2]->[0] =~ /<span trmsg="82"><\/span>/, 'Token expired' )
|
2019-08-03 23:49:02 +02:00
|
|
|
or print STDERR Dumper( $res->[2]->[0] );
|
|
|
|
|
|
|
|
# Try to sign-in
|
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
|
|
|
|
( $host, $url, $query ) =
|
|
|
|
expectForm( $res, '#', undef, 'user', 'password', 'token' );
|
|
|
|
|
|
|
|
$query =~ s/user=/user=dwho/;
|
|
|
|
$query =~ s/password=/password=dwho/;
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Auth query'
|
|
|
|
);
|
|
|
|
( $host, $url, $query ) =
|
|
|
|
expectForm( $res, undef, '/totp2fcheck', 'token' );
|
2018-08-21 17:51:28 +02:00
|
|
|
}
|
|
|
|
count($maintests);
|
|
|
|
|
|
|
|
clean_sessions();
|
|
|
|
|
|
|
|
done_testing( count() );
|
|
|
|
|