lemonldap-ng/lemonldap-ng-portal/t/33-Auth-and-issuer-OpenID2.t

use lib 'inc';
use Test::More;
use strict;
use IO::String;
use LWP::UserAgent;
use LWP::Protocol::PSGI;
use MIME::Base64;

BEGIN {
    require 't/test-lib.pm';
}

my $maintests = 12;
my $debug     = 'error';
my ( $issuer, $sp, $res );

LWP::Protocol::PSGI->register(
    sub {
        my $req = Plack::Request->new(@_);
        ok( $req->uri =~ m#http://auth.idp.com(.*)#,
            ' Request from SP to IdP' );
        my $url = $1;
        my ($res);
        count(1);
        if ( $req->method =~ /^post$/i ) {
            my $s = $req->content;
            ok(
                $res = $issuer->_post(
                    $url, IO::String->new($s),
                    length => length($s),
                    type   => $req->header('Content-Type'),
                    accept => 'text/plain',
                ),
                '  Execute request'
            );
        }
        else {
            ok( $res = $issuer->_get( $url, accept => 'text/plain', ),
                '  Execute post request' );
        }
        expectOK($res);
        count(1);
        return $res;
    }
);

SKIP: {
    eval { require Net::OpenID::Consumer; require Net::OpenID::Server; };
    if ($@) {
        skip 'Net::OpenID::* notfound', $maintests;
    }

    $issuer = register( 'issuer', \&issuer );

    $sp = register( 'sp', \&sp );

    # Simple SP access
    my $res;
    ok(
        $res = $sp->_get(
            '/', accept => 'text/html',
        ),
        'Unauth SP request'
    );
    my ( $host, $url, $query ) = expectForm( $res, '#', undef );
    ok( $res->[2]->[0] =~ /name="openid_identifier"/,
        ' Ask for OpenID identity' );

    $query .=
      '&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Ffrench';

    ok(
        $res = $sp->_post(
            '/', IO::String->new($query),
            length => length($query),
            accept => 'text/html',
        ),
        'Post OpenID identity'
    );
    my $uri;
    ( $uri, $query ) = expectRedirection( $res,
        qr#http://auth.idp.com(/openidserver/?)\?(openid.*)$# );

    # Follow redirection do IdP
    switch ('issuer');
    ok( $res = $issuer->_get( $uri, query => $query, accept => 'text/html' ),
        'Follow redirection to IdP' );
    expectOK($res);
    my ($tmp);
    my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
    ( $host, $tmp, $query ) = expectForm( $res, '#', undef );
    $query .= '&user=french&password=french';

    # Try to authenticate with an unauthorized user
    ok(
        $res = $issuer->_post(
            $uri, IO::String->new($query),
            length => length($query),
            accept => 'text/html',
            cookie => $pdata,
        ),
        'Try to authenticate'
    );
    ok( $res->[2]->[0] =~ /trmsg="91"/, 'Reject reason is 91' )
      or print STDERR Dumper( $res->[2]->[0] );
    count(1);

    # Simple SP access
    ok(
        $res = $sp->_get(
            '/', accept => 'text/html',
        ),
        'Unauth SP request'
    );
    ( $host, $url, $query ) = expectForm( $res, '#', undef );
    ok( $res->[2]->[0] =~ /name="openid_identifier"/,
        ' Ask for OpenID identity' );

    $query .=
      '&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Fdwho';

    ok(
        $res = $sp->_post(
            '/', IO::String->new($query),
            length => length($query),
            accept => 'text/html',
        ),
        'Post OpenID identity'
    );
    ( $uri, $query ) = expectRedirection( $res,
        qr#http://auth.idp.com(/openidserver/?)\?(openid.*)$# );

    # Follow redirection do IdP
    switch ('issuer');
    ok( $res = $issuer->_get( $uri, query => $query, accept => 'text/html' ),
        'Follow redirection to IdP' );
    expectOK($res);
    $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
    ( $host, $tmp, $query ) = expectForm( $res, '#', undef );
    $query .= '&user=dwho&password=dwho';

    # Try to authenticate with an authorized user
    ok(
        $res = $issuer->_post(
            $uri, IO::String->new($query),
            length => length($query),
            accept => 'text/html',
            cookie => $pdata,
        ),
        'Try to authenticate'
    );
    my $idpId = expectCookie($res);
    ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );

    # Confirm
    ok(
        $res = $issuer->_post(
            $uri, IO::String->new($query),
            length => length($query),
            cookie => "lemonldap=$idpId",
            accept => 'text/html'
        ),
        'Confirm choice'
    );
    ($query) = expectRedirection( $res, qr#^http://auth.sp.com/?\?(.*)# );

    # Push redirection to SP
    switch ('sp');
    ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),
        'Follow redirection to SP' );
    my $spId = expectCookie($res);
    expectRedirection( $res, qr#^http://auth.sp.com/?$# );

    #print STDERR Dumper($res);
}

count($maintests);
clean_sessions();
done_testing( count() );

sub issuer {
    return LLNG::Manager::Test->new( {
            ini => {
                logLevel                 => $debug,
                domain                   => 'idp.com',
                portal                   => 'http://auth.idp.com',
                authentication           => 'Demo',
                userDB                   => 'Same',
                issuerDBOpenIDActivation => 1,
                issuerDBOpenIDRule       => '$uid eq "dwho"',
            }
        }
    );
}

sub sp {
    return LLNG::Manager::Test->new( {
            ini => {
                logLevel       => $debug,
                domain         => 'sp.com',
                portal         => 'http://auth.sp.com',
                authentication => 'OpenID',
                userDB         => 'Same',
                openIdSecret   => 'qwerty',
                exportedVars   => {
                    mail => 'email',
                },
                openIdIDPList => '0;',
            },
        }
    );
}
Improve Debian autopkgtest tests 2018-09-05 22:24:23 +02:00			`use lib 'inc';`
Restore OpenID-2 (#1113) 2017-03-21 17:06:44 +01:00			`use Test::More;`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`use strict;`
			`use IO::String;`
Use inc::LWP::Protocol::PSGI in tests instead of redefining LWP::UserAgent methods (#595) 2018-04-10 06:54:08 +02:00			`use LWP::UserAgent;`
Improve Debian autopkgtest tests 2018-09-05 22:24:23 +02:00			`use LWP::Protocol::PSGI;`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`use MIME::Base64;`

			`BEGIN {`
			`require 't/test-lib.pm';`
			`}`

Refactor switch() in portal tests 2020-02-05 17:12:07 +01:00			`my $maintests = 12;`
Restore OpenID-2 (#1113) 2017-03-21 17:06:44 +01:00			`my $debug = 'error';`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`my ( $issuer, $sp, $res );`

Use inc::LWP::Protocol::PSGI in tests instead of redefining LWP::UserAgent methods (#595) 2018-04-10 06:54:08 +02:00			`LWP::Protocol::PSGI->register(`
			`sub {`
			`my $req = Plack::Request->new(@_);`
			`ok( $req->uri =~ m#http://auth.idp.com(.*)#,`
			`' Request from SP to IdP' );`
			`my $url = $1;`
			`my ($res);`
			`count(1);`
			`if ( $req->method =~ /^post$/i ) {`
			`my $s = $req->content;`
			`ok(`
			`$res = $issuer->_post(`
			`$url, IO::String->new($s),`
			`length => length($s),`
			`type => $req->header('Content-Type'),`
			`accept => 'text/plain',`
			`),`
			`' Execute request'`
			`);`
			`}`
			`else {`
			`ok( $res = $issuer->_get( $url, accept => 'text/plain', ),`
			`' Execute post request' );`
			`}`
			`expectOK($res);`
			`count(1);`
			`return $res;`
			`}`
			`);`

Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`SKIP: {`
			`eval { require Net::OpenID::Consumer; require Net::OpenID::Server; };`
			`if ($@) {`
			`skip 'Net::OpenID::* notfound', $maintests;`
			`}`

Tidy 2020-02-20 23:34:02 +01:00			`$issuer = register( 'issuer', \&issuer );`
Refactor switch() in portal tests 2020-02-05 17:12:07 +01:00
Tidy 2020-02-20 23:34:02 +01:00			`$sp = register( 'sp', \&sp );`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00
			`# Simple SP access`
			`my $res;`
			`ok(`
			`$res = $sp->_get(`
			`'/', accept => 'text/html',`
			`),`
			`'Unauth SP request'`
			`);`
Restore OpenID-2 (#1113) 2017-03-21 17:06:44 +01:00			`my ( $host, $url, $query ) = expectForm( $res, '#', undef );`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00			`ok( $res->[2]->[0] =~ /name="openid_identifier"/,`
			`' Ask for OpenID identity' );`
OpenID2 in progress (#595) 2017-01-05 17:44:16 +01:00
Typo 2017-03-21 17:06:50 +01:00			`$query .=`
Improve unit test (#1625) 2019-02-10 22:29:50 +01:00			`'&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Ffrench';`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00
			`ok(`
			`$res = $sp->_post(`
			`'/', IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`),`
			`'Post OpenID identity'`
			`);`
			`my $uri;`
			`( $uri, $query ) = expectRedirection( $res,`
			`qr#http://auth.idp.com(/openidserver/?)\?(openid.*)$# );`

			`# Follow redirection do IdP`
			`switch ('issuer');`
			`ok( $res = $issuer->_get( $uri, query => $query, accept => 'text/html' ),`
			`'Follow redirection to IdP' );`
			`expectOK($res);`
Typo 2017-03-21 17:06:50 +01:00			`my ($tmp);`
make tidy 2018-07-05 23:00:40 +02:00			`my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );`
Better request management in issuers (#595) 2017-03-21 07:23:58 +01:00			`( $host, $tmp, $query ) = expectForm( $res, '#', undef );`
Improve unit test (#1625) 2019-02-10 22:29:50 +01:00			`$query .= '&user=french&password=french';`

			`# Try to authenticate with an unauthorized user`
			`ok(`
			`$res = $issuer->_post(`
			`$uri, IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`cookie => $pdata,`
			`),`
			`'Try to authenticate'`
			`);`
			`ok( $res->[2]->[0] =~ /trmsg="91"/, 'Reject reason is 91' )`
Please use our .perltidyrc 2019-03-07 18:22:16 +01:00			`or print STDERR Dumper( $res->[2]->[0] );`
Improve unit test (#1625) 2019-02-10 22:29:50 +01:00			`count(1);`

			`# Simple SP access`
			`ok(`
			`$res = $sp->_get(`
			`'/', accept => 'text/html',`
			`),`
			`'Unauth SP request'`
			`);`
			`( $host, $url, $query ) = expectForm( $res, '#', undef );`
			`ok( $res->[2]->[0] =~ /name="openid_identifier"/,`
			`' Ask for OpenID identity' );`

			`$query .=`
			`'&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Fdwho';`

			`ok(`
			`$res = $sp->_post(`
			`'/', IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`),`
			`'Post OpenID identity'`
			`);`
			`( $uri, $query ) = expectRedirection( $res,`
			`qr#http://auth.idp.com(/openidserver/?)\?(openid.*)$# );`

			`# Follow redirection do IdP`
			`switch ('issuer');`
			`ok( $res = $issuer->_get( $uri, query => $query, accept => 'text/html' ),`
			`'Follow redirection to IdP' );`
			`expectOK($res);`
			`$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );`
			`( $host, $tmp, $query ) = expectForm( $res, '#', undef );`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00			`$query .= '&user=dwho&password=dwho';`

Improve unit test (#1625) 2019-02-10 22:29:50 +01:00			`# Try to authenticate with an authorized user`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00			`ok(`
			`$res = $issuer->_post(`
			`$uri, IO::String->new($query),`
			`length => length($query),`
Trying to use pdata for issuers (#1461) 2018-07-04 22:54:09 +02:00			`accept => 'text/html',`
			`cookie => $pdata,`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00			`),`
			`'Try to authenticate'`
			`);`
OpenID-2 in progress (#595) 2017-01-06 07:02:54 +01:00			`my $idpId = expectCookie($res);`
			`( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );`

			`# Confirm`
			`ok(`
			`$res = $issuer->_post(`
			`$uri, IO::String->new($query),`
			`length => length($query),`
Restore OpenID-2 (#1113) 2017-03-21 17:06:44 +01:00			`cookie => "lemonldap=$idpId",`
OpenID-2 in progress (#595) 2017-01-06 07:02:54 +01:00			`accept => 'text/html'`
			`),`
			`'Confirm choice'`
			`);`
OpenID-2 seems ready (#595) 2017-01-06 07:22:31 +01:00			`($query) = expectRedirection( $res, qr#^http://auth.sp.com/?\?(.*)# );`
OpenID-2 in progress (#595) 2017-01-06 07:02:54 +01:00
			`# Push redirection to SP`
			`switch ('sp');`
			`ok( $res = $sp->_get( '/', query => $query, accept => 'text/html' ),`
			`'Follow redirection to SP' );`
OpenID-2 seems ready (#595) 2017-01-06 07:22:31 +01:00			`my $spId = expectCookie($res);`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`expectRedirection( $res, qr#^http://auth.sp.com/?$# );`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00
OpenID-2 in progress (#595) 2017-01-06 07:02:54 +01:00			`#print STDERR Dumper($res);`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`}`

			`count($maintests);`
			`clean_sessions();`
			`done_testing( count() );`

			`sub issuer {`
tidy with new conf 2019-02-07 09:27:56 +01:00			`return LLNG::Manager::Test->new( {`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`ini => {`
OpenID2 in progress (#595) 2017-01-05 17:44:16 +01:00			`logLevel => $debug,`
			`domain => 'idp.com',`
			`portal => 'http://auth.idp.com',`
			`authentication => 'Demo',`
Create a "Same" value for userDB and remove some other 2017-02-05 10:13:20 +01:00			`userDB => 'Same',`
OpenID2 in progress (#595) 2017-01-05 17:44:16 +01:00			`issuerDBOpenIDActivation => 1,`
Restore OpenID activation global rule & Improve unit test (#1625) 2019-02-07 17:21:14 +01:00			`issuerDBOpenIDRule => '$uid eq "dwho"',`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`}`
			`}`
			`);`
			`}`

			`sub sp {`
tidy with new conf 2019-02-07 09:27:56 +01:00			`return LLNG::Manager::Test->new( {`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`ini => {`
			`logLevel => $debug,`
			`domain => 'sp.com',`
			`portal => 'http://auth.sp.com',`
			`authentication => 'OpenID',`
Create a "Same" value for userDB and remove some other 2017-02-05 10:13:20 +01:00			`userDB => 'Same',`
OpenID2 in progress (#595) 2017-01-05 17:44:16 +01:00			`openIdSecret => 'qwerty',`
OpenID-2 in progress (#595) 2017-01-05 22:45:34 +01:00			`exportedVars => {`
			`mail => 'email',`
OpenID-2 seems ready (#595) 2017-01-06 07:22:31 +01:00			`},`
			`openIdIDPList => '0;',`
Add UserDB/OpenID (#595) 2017-01-05 16:19:57 +01:00			`},`
			`}`
			`);`
			`}`