2017-01-25 13:02:27 +01:00
|
|
|
use Test::More;
|
|
|
|
use strict;
|
|
|
|
use IO::String;
|
2020-01-06 21:34:09 +01:00
|
|
|
use JSON;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants 'PE_NOTOKEN';
|
2017-01-25 13:02:27 +01:00
|
|
|
|
|
|
|
require 't/test-lib.pm';
|
|
|
|
|
|
|
|
my $res;
|
|
|
|
|
2019-02-07 09:27:56 +01:00
|
|
|
my $client = LLNG::Manager::Test->new( {
|
2017-01-25 22:22:43 +01:00
|
|
|
ini => {
|
|
|
|
logLevel => 'error',
|
|
|
|
useSafeJail => 1,
|
2019-04-05 20:02:24 +02:00
|
|
|
requireToken => '"Bad rule"',
|
2017-01-25 22:22:43 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
2017-01-25 13:02:27 +01:00
|
|
|
|
|
|
|
# Test normal first access
|
|
|
|
# ------------------------
|
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
|
|
|
count(1);
|
|
|
|
|
|
|
|
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
2019-09-08 19:26:09 +02:00
|
|
|
ok(
|
|
|
|
$res->[2]->[0] =~
|
2020-08-07 10:16:24 +02:00
|
|
|
m%<input[^>]*name="password"%,
|
2019-09-08 19:26:09 +02:00
|
|
|
'Password: Found password input'
|
|
|
|
);
|
|
|
|
count(1);
|
|
|
|
|
2017-01-25 22:22:43 +01:00
|
|
|
$query =~ s/.*\b(token=[^&]+).*/$1/;
|
|
|
|
|
|
|
|
# Try to auth without token
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
|
|
|
IO::String->new('user=dwho&password=dwho'),
|
|
|
|
length => 23
|
|
|
|
),
|
|
|
|
'Try to auth without token'
|
|
|
|
);
|
|
|
|
count(1);
|
|
|
|
expectReject($res);
|
|
|
|
|
2020-01-06 21:34:09 +01:00
|
|
|
my $json;
|
|
|
|
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
|
|
|
or print STDERR "$@\n" . Dumper($res);
|
|
|
|
ok( $json->{error} == PE_NOTOKEN, 'Response is PE_NOTOKEN' )
|
|
|
|
or explain( $json, "error => 81" );
|
|
|
|
count(2);
|
|
|
|
|
2017-01-25 22:22:43 +01:00
|
|
|
# Try to auth with token
|
|
|
|
$query .= '&user=dwho&password=dwho';
|
|
|
|
ok(
|
|
|
|
$res =
|
|
|
|
$client->_post( '/', IO::String->new($query), length => length($query) ),
|
|
|
|
'Try to auth with token'
|
|
|
|
);
|
|
|
|
count(1);
|
|
|
|
expectOK($res);
|
|
|
|
my $id = expectCookie($res);
|
|
|
|
|
|
|
|
# Verify auth
|
|
|
|
ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );
|
|
|
|
count(1);
|
|
|
|
expectOK($res);
|
|
|
|
|
|
|
|
# Try to reuse the same token
|
|
|
|
ok(
|
|
|
|
$res =
|
|
|
|
$client->_post( '/', IO::String->new($query), length => length($query) ),
|
|
|
|
'Try to reuse the same token'
|
|
|
|
);
|
|
|
|
expectReject($res);
|
2017-01-25 23:08:13 +01:00
|
|
|
ok(
|
2017-02-15 07:41:50 +01:00
|
|
|
$res = $client->_post(
|
|
|
|
'/', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
2017-01-25 23:08:13 +01:00
|
|
|
'Verify that there is a new token'
|
|
|
|
);
|
|
|
|
expectForm( $res, '#', undef, 'token' );
|
|
|
|
count(2);
|
2017-01-25 13:02:27 +01:00
|
|
|
|
|
|
|
clean_sessions();
|
|
|
|
|
|
|
|
done_testing( count() );
|