lemonldap-ng/lemonldap-ng-portal/t/62-UpgradeSession.t

use Test::More;
use strict;
use IO::String;
use Data::Dumper;

require 't/test-lib.pm';
require 't/smtp.pm';

use_ok('Lemonldap::NG::Common::FormEncode');
count(1);

my $res;
my $client = LLNG::Manager::Test->new( {
        ini => {
            logLevel                     => 'error',
            upgradeSession               => 1,
            authentication               => 'Choice',
            apacheAuthnLevel             => 5,
            forceGlobalStorageUpgradeOTT => 1,
            userDB                       => 'Same',
            'authChoiceModules'          => {
                'strong' => 'Apache;Demo;Null;;;{}',
                'weak'   => 'Demo;Demo;Null;;;{}'
            },
            'vhostOptions' => {
                'test1.example.com' => {
                    'vhostAuthnLevel' => 3
                },
            },
            "locationRules" => {
                "test1.example.com" => {
                    'default'                      => 'accept',
                    '^/AuthWeak(?#AuthnLevel=2)'   => 'deny',
                    '^/AuthStrong(?#AuthnLevel=5)' => 'deny',
                },
            },
        }
    }
);

# Try to authenticate
# -------------------
ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=dwho&lmAuth=weak'),
        length => 35,
        accept => 'text/html',
    ),
    'Auth query'
);
count(1);
my $id = expectCookie($res);

# Portal IS NOT a handler
#########################
ok(
    $res = $client->_get(
        '/AuthWeak',
        accept => 'text/html',
        cookie => "lemonldap=$id",
        host   => 'test1.example.com',
    ),
    'GET http://test1.example.com/AuthWeak'
);
expectOK($res);
count(1);

ok(
    $res = $client->_get(
        '/AuthStrong',
        accept => 'text/html',
        cookie => "lemonldap=$id",
        host   => 'test1.example.com',
    ),
    'GET http://test1.example.com/AuthStrong'
);
count(1);

# After attempting to access test1,
# the handler sends up back to /upgradesession
# --------------------------------------------

ok(
    $res = $client->_get(
        '/upgradesession',
        query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
        accept => 'text/html',
        cookie => "lemonldap=$id",
    ),
    'Upgrade session query'
);
count(1);

my ( $host, $url, $query ) =
  expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );

# Accept session upgrade
# ----------------------

ok(
    $res = $client->_post(
        '/upgradesession',
        IO::String->new($query),
        length => length($query),
        accept => 'text/html',
        cookie => "lemonldap=$id",
    ),
    'Accept session upgrade query'
);
count(1);

my $pdata = expectCookie( $res, 'lemonldappdata' );
( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );

$query = $query . "&lmAuth=strong";

# Attempt login with the "strong" auth choice
# this should trigger 2FA
# -------------------------------------------

ok(
    $res = $client->_post(
        '/upgradesession',
        IO::String->new($query),
        length => length($query),
        accept => 'text/html',
        cookie => "lemonldap=$id;lemonldappdata=$pdata",
        custom => {
            REMOTE_USER => 'dwho',
        },
    ),
    'Post login'
);
count(1);

$pdata = expectCookie( $res, 'lemonldappdata' );
$id    = expectCookie($res);

expectRedirection( $res, 'http://test1.example.com' );

# Make pdata was cleared and we aren't being redirected
ok(
    $res = $client->_get(
        '/',
        accept => 'text/html',
        cookie => "lemonldap=$id;lemonldappdata=$pdata",
    ),
    'Post login'
);
count(1);
expectOK($res);

$client->logout($id);
clean_sessions();
done_testing( count() );
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`use Test::More;`
			`use strict;`
			`use IO::String;`
			`use Data::Dumper;`

			`require 't/test-lib.pm';`
			`require 't/smtp.pm';`

			`use_ok('Lemonldap::NG::Common::FormEncode');`
			`count(1);`

Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`my $res;`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`my $client = LLNG::Manager::Test->new( {`
			`ini => {`
debug -> error 2019-10-29 22:21:58 +01:00			`logLevel => 'error',`
Override OTT conf. for Upgrade tokens (#1884) 2019-08-15 22:01:44 +02:00			`upgradeSession => 1,`
			`authentication => 'Choice',`
			`apacheAuthnLevel => 5,`
			`forceGlobalStorageUpgradeOTT => 1,`
			`userDB => 'Same',`
			`'authChoiceModules' => {`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'strong' => 'Apache;Demo;Null;;;{}',`
			`'weak' => 'Demo;Demo;Null;;;{}'`
			`},`
			`'vhostOptions' => {`
			`'test1.example.com' => {`
			`'vhostAuthnLevel' => 3`
			`},`
			`},`
Improve unit test (#1988) 2019-10-27 21:06:08 +01:00			`"locationRules" => {`
			`"test1.example.com" => {`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`'default' => 'accept',`
			`'^/AuthWeak(?#AuthnLevel=2)' => 'deny',`
			`'^/AuthStrong(?#AuthnLevel=5)' => 'deny',`
Improve unit test (#1988) 2019-10-27 21:06:08 +01:00			`},`
			`},`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`}`
			`}`
			`);`

			`# Try to authenticate`
			`# -------------------`
			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_post(`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'/',`
			`IO::String->new('user=dwho&password=dwho&lmAuth=weak'),`
			`length => 35,`
			`accept => 'text/html',`
			`),`
			`'Auth query'`
			`);`
			`count(1);`
			`my $id = expectCookie($res);`

Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`# Portal IS NOT a handler`
			`#########################`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_get(`
			`'/AuthWeak',`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`accept => 'text/html',`
			`cookie => "lemonldap=$id",`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`host => 'test1.example.com',`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`),`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`'GET http://test1.example.com/AuthWeak'`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`);`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`expectOK($res);`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`count(1);`

			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_get(`
			`'/AuthStrong',`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`accept => 'text/html',`
			`cookie => "lemonldap=$id",`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`host => 'test1.example.com',`
Improve unit test (#1988) 2019-10-27 22:02:49 +01:00			`),`
			`'GET http://test1.example.com/AuthStrong'`
			`);`
			`count(1);`

Add unit test for #1821 2019-06-26 22:13:12 +02:00			`# After attempting to access test1,`
			`# the handler sends up back to /upgradesession`
			`# --------------------------------------------`

			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_get(`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'/upgradesession',`
			`query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',`
			`accept => 'text/html',`
			`cookie => "lemonldap=$id",`
			`),`
			`'Upgrade session query'`
			`);`
			`count(1);`

			`my ( $host, $url, $query ) =`
			`expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );`

			`# Accept session upgrade`
			`# ----------------------`

			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_post(`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'/upgradesession',`
			`IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`cookie => "lemonldap=$id",`
			`),`
			`'Accept session upgrade query'`
			`);`
			`count(1);`

			`my $pdata = expectCookie( $res, 'lemonldappdata' );`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );`
Add unit test for #1821 2019-06-26 22:13:12 +02:00
			`$query = $query . "&lmAuth=strong";`

			`# Attempt login with the "strong" auth choice`
			`# this should trigger 2FA`
			`# -------------------------------------------`

			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_post(`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'/upgradesession',`
			`IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`cookie => "lemonldap=$id;lemonldappdata=$pdata",`
			`custom => {`
			`REMOTE_USER => 'dwho',`
			`},`
			`),`
			`'Post login'`
			`);`
			`count(1);`

			`$pdata = expectCookie( $res, 'lemonldappdata' );`
make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00			`$id = expectCookie($res);`
Add unit test for #1821 2019-06-26 22:13:12 +02:00
			`expectRedirection( $res, 'http://test1.example.com' );`

			`# Make pdata was cleared and we aren't being redirected`
			`ok(`
Improve unit tests (#1988) 2019-10-29 22:14:34 +01:00			`$res = $client->_get(`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`'/',`
			`accept => 'text/html',`
			`cookie => "lemonldap=$id;lemonldappdata=$pdata",`
			`),`
			`'Post login'`
			`);`
			`count(1);`
			`expectOK($res);`

Enable upgradeSession only if required & Append unit test (#2480) 2021-03-02 19:20:08 +01:00			`$client->logout($id);`
Add unit test for #1821 2019-06-26 22:13:12 +02:00			`clean_sessions();`
			`done_testing( count() );`