lemonldap-ng/lemonldap-ng-portal/t/41-Token.t

use Test::More;
use strict;
use IO::String;
use JSON;
use Lemonldap::NG::Portal::Main::Constants 'PE_NOTOKEN';

require 't/test-lib.pm';

my $res;

my $client = LLNG::Manager::Test->new( {
        ini => {
            logLevel     => 'error',
            useSafeJail  => 1,
            requireToken => '"Bad rule"',
        }
    }
);

# Test normal first access
# ------------------------
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
count(1);

my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok(
    $res->[2]->[0] =~
m%<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>%,
    'Password: Found password input'
);
count(1);

$query =~ s/.*\b(token=[^&]+).*/$1/;

# Try to auth without token
ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=dwho'),
        length => 23
    ),
    'Try to auth without token'
);
count(1);
expectReject($res);

my $json;
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
  or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == PE_NOTOKEN, 'Response is PE_NOTOKEN' )
  or explain( $json, "error => 81" );
count(2);

# Try to auth with token
$query .= '&user=dwho&password=dwho';
ok(
    $res =
      $client->_post( '/', IO::String->new($query), length => length($query) ),
    'Try to auth with token'
);
count(1);
expectOK($res);
my $id = expectCookie($res);

# Verify auth
ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );
count(1);
expectOK($res);

# Try to reuse the same token
ok(
    $res =
      $client->_post( '/', IO::String->new($query), length => length($query) ),
    'Try to reuse the same token'
);
expectReject($res);
ok(
    $res = $client->_post(
        '/', IO::String->new($query),
        length => length($query),
        accept => 'text/html'
    ),
    'Verify that there is a new token'
);
expectForm( $res, '#', undef, 'token' );
count(2);

clean_sessions();

done_testing( count() );
Start token test (#1140) 2017-01-25 13:02:27 +01:00			`use Test::More;`
			`use strict;`
			`use IO::String;`
Improve unit test 2020-01-06 21:34:09 +01:00			`use JSON;`
			`use Lemonldap::NG::Portal::Main::Constants 'PE_NOTOKEN';`
Start token test (#1140) 2017-01-25 13:02:27 +01:00
			`require 't/test-lib.pm';`

			`my $res;`

tidy with new conf 2019-02-07 09:27:56 +01:00			`my $client = LLNG::Manager::Test->new( {`
Login token is OK (#1140) 2017-01-25 22:22:43 +01:00			`ini => {`
			`logLevel => 'error',`
			`useSafeJail => 1,`
Improve unit test (#1664) 2019-04-05 20:02:24 +02:00			`requireToken => '"Bad rule"',`
Login token is OK (#1140) 2017-01-25 22:22:43 +01:00			`}`
			`}`
			`);`
Start token test (#1140) 2017-01-25 13:02:27 +01:00
			`# Test normal first access`
			`# ------------------------`
			`ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );`
			`count(1);`

			`my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );`
Forbid browsers to store users password & Improve unit tests (#1913) 2019-09-08 19:26:09 +02:00			`ok(`
			`$res->[2]->[0] =~`
			`m%<input name="password" type="password" class="form-control" trplaceholder="password" required aria-required="true"/>%,`
			`'Password: Found password input'`
			`);`
			`count(1);`

Login token is OK (#1140) 2017-01-25 22:22:43 +01:00			`$query =~ s/.\b(token=[^&]+)./$1/;`

			`# Try to auth without token`
			`ok(`
			`$res = $client->_post(`
			`'/',`
			`IO::String->new('user=dwho&password=dwho'),`
			`length => 23`
			`),`
			`'Try to auth without token'`
			`);`
			`count(1);`
			`expectReject($res);`

Improve unit test 2020-01-06 21:34:09 +01:00			`my $json;`
			`ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )`
			`or print STDERR "$@\n" . Dumper($res);`
			`ok( $json->{error} == PE_NOTOKEN, 'Response is PE_NOTOKEN' )`
			`or explain( $json, "error => 81" );`
			`count(2);`

Login token is OK (#1140) 2017-01-25 22:22:43 +01:00			`# Try to auth with token`
			`$query .= '&user=dwho&password=dwho';`
			`ok(`
			`$res =`
			`$client->_post( '/', IO::String->new($query), length => length($query) ),`
			`'Try to auth with token'`
			`);`
			`count(1);`
			`expectOK($res);`
			`my $id = expectCookie($res);`

			`# Verify auth`
			`ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );`
			`count(1);`
			`expectOK($res);`

			`# Try to reuse the same token`
			`ok(`
			`$res =`
			`$client->_post( '/', IO::String->new($query), length => length($query) ),`
			`'Try to reuse the same token'`
			`);`
			`expectReject($res);`
Improve token test (#1140) 2017-01-25 23:08:13 +01:00			`ok(`
Replace lmLog by logger-> (#857) 2017-02-15 07:41:50 +01:00			`$res = $client->_post(`
			`'/', IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html'`
			`),`
Improve token test (#1140) 2017-01-25 23:08:13 +01:00			`'Verify that there is a new token'`
			`);`
			`expectForm( $res, '#', undef, 'token' );`
			`count(2);`
Start token test (#1140) 2017-01-25 13:02:27 +01:00
			`clean_sessions();`

			`done_testing( count() );`