2018-09-05 22:24:23 +02:00
use lib 'inc' ;
2017-01-10 17:09:28 +01:00
use Test::More ;
use strict ;
use IO::String ;
2018-04-10 06:54:08 +02:00
use LWP::UserAgent ;
2018-09-05 22:24:23 +02:00
use LWP::Protocol::PSGI ;
2017-01-10 17:09:28 +01:00
BEGIN {
require 't/test-lib.pm' ;
}
my $ debug = 'error' ;
2017-01-10 22:43:34 +01:00
my ( $ issuer , $ sp , $ res , $ spId , $ idpId ) ;
2017-01-10 17:09:28 +01:00
my % handlerOR = ( issuer = > [] , sp = > [] ) ;
2018-04-10 06:54:08 +02:00
LWP::Protocol::PSGI - > register (
sub {
my $ req = Plack::Request - > new ( @ _ ) ;
2019-06-24 23:07:34 +02:00
ok ( $ req - > uri =~ m #http://auth.idp.com([^\?]*?)(?:\?(.*))?$#,
' @ REST request (' . $ req - > method . " $1)" ) ;
2018-04-10 06:54:08 +02:00
count ( 1 ) ;
2019-06-24 23:07:34 +02:00
my $ url = $ 1 ;
my $ query = $ 2 ;
2018-04-10 06:54:08 +02:00
my $ res ;
my $ s = $ req - > content ;
if ( $ req - > method =~ /^(post|put)$/i ) {
my $ mth = '_' . lc ( $ 1 ) ;
my $ s = $ req - > content ;
ok (
$ res = $ issuer - > $ mth (
$ url ,
IO::String - > new ( $ s ) ,
2019-06-24 23:07:34 +02:00
( $ query ? ( query = > $ query ) : ( ) ) ,
2018-04-10 06:54:08 +02:00
length = > length ( $ s ) ,
type = > $ req - > header ( 'Content-Type' ) ,
) ,
' Post request'
) ;
count ( 1 ) ;
expectOK ( $ res ) ;
2019-06-24 23:07:34 +02:00
$ idpId = expectCookie ( $ res ) unless ( $ req - > param ( 'all' ) ) ;
2018-04-10 06:54:08 +02:00
}
elsif ( $ req - > method =~ /^(get|delete)$/i ) {
my $ mth = '_' . lc ( $ 1 ) ;
ok (
$ res = $ issuer - > $ mth (
$ url ,
2019-06-24 23:07:34 +02:00
( $ query ? ( query = > $ query ) : ( ) ) ,
2018-04-10 06:54:08 +02:00
accept = > $ req - > header ( 'Accept' ) ,
cookie = > $ req - > header ( 'Cookie' )
) ,
' Execute request'
) ;
count ( 1 ) ;
expectOK ( $ res ) ;
}
ok (
getHeader ( $ res , 'Content-Type' ) =~ m #^(?:text|application)/json#,
'Content is JSON'
) or explain ( $ res - > [ 1 ] , 'Content-Type => application/json' ) ;
count ( 1 ) ;
return $ res ;
}
) ;
2017-01-10 17:09:28 +01:00
ok ( $ issuer = issuer ( ) , 'Issuer portal' ) ;
2017-02-08 23:18:52 +01:00
$ handlerOR { issuer } = \ @ Lemonldap:: NG:: Handler:: Main:: _onReload ;
2017-01-10 17:09:28 +01:00
switch ( 'sp' ) ;
2018-06-21 21:35:16 +02:00
& Lemonldap::NG::Handler::Main:: cfgNum ( 0 , 0 ) ;
2017-01-10 17:09:28 +01:00
ok ( $ sp = sp ( ) , 'SP portal' ) ;
2017-02-08 23:18:52 +01:00
$ handlerOR { sp } = \ @ Lemonldap:: NG:: Handler:: Main:: _onReload ;
2017-01-23 06:49:32 +01:00
count ( 2 ) ;
2017-01-10 17:09:28 +01:00
# Simple SP access
ok (
$ res = $ sp - > _get (
'/' , accept = > 'text/html' ,
) ,
'Unauth SP request'
) ;
expectOK ( $ res ) ;
# Try to auth
ok (
$ res = $ sp - > _post (
'/' , IO::String - > new ( 'user=dwho&password=dwho' ) ,
length = > 23 ,
accept = > 'text/html'
) ,
'Post user/password'
) ;
2017-01-23 06:49:32 +01:00
count ( 2 ) ;
2017-01-10 17:09:28 +01:00
expectRedirection ( $ res , 'http://auth.sp.com' ) ;
2017-01-10 22:43:34 +01:00
$ spId = expectCookie ( $ res ) ;
# Test other REST queries
switch ( 'issuer' ) ;
# Session content
ok ( $ res = $ issuer - > _get ( "/sessions/global/$idpId" ) , 'Session content' ) ;
expectOK ( $ res ) ;
ok ( $ res = eval { JSON:: from_json ( $ res - > [ 2 ] - > [ 0 ] ) } , ' GET JSON' )
or print STDERR $@ ;
ok ( $ res - > { _session_id } eq $ idpId , ' Good ID' )
or explain ( $ res , "_session_id => $idpId" ) ;
count ( 3 ) ;
# Session key
ok ( $ res = $ issuer - > _get ( "/sessions/global/$idpId/[_session_id,uid]" ) ,
'Some session keys' ) ;
expectOK ( $ res ) ;
ok ( $ res = eval { JSON:: from_json ( $ res - > [ 2 ] - > [ 0 ] ) } , ' GET JSON' )
or print STDERR $@ ;
ok ( $ res - > { _session_id } eq $ idpId , ' Good ID' )
or explain ( $ res , "_session_id => $idpId" ) ;
ok ( $ res - > { uid } eq 'dwho' , ' Uid is dwho' ) or explain ( $ res , 'uid => dwho' ) ;
count ( 4 ) ;
# New session
ok (
$ res = $ issuer - > _post (
'/sessions/global' , IO::String - > new ( '{"uid":"zz","_whatToTrace":"zz"}' ) ,
length = > 32 ,
type = > 'application/json'
) ,
'Create session'
) ;
expectOK ( $ res ) ;
ok ( $ res = eval { JSON:: from_json ( $ res - > [ 2 ] - > [ 0 ] ) } , ' GET JSON' )
or print STDERR $@ ;
2017-01-22 23:51:22 +01:00
my $ newId = $ res - > { session } - > { _session_id } ;
2017-01-10 22:43:34 +01:00
# Verify a key
ok ( $ res = $ issuer - > _get ( "/sessions/global/$newId/uid" ) , 'Verify uid' ) ;
ok ( $ res - > [ 2 ] - > [ 0 ] eq 'zz' , ' Uid is good' ) ;
count ( 4 ) ;
# Update a key
ok (
2019-02-07 09:27:56 +01:00
$ res = $ issuer - > app - > ( {
2017-01-10 22:43:34 +01:00
HTTP_ACCEPT = > 'application/json' ,
HTTP_ACCEPT_LANGUAGE = > 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3' ,
HTTP_HOST = > 'auth.idp.com' ,
PATH_INFO = > "/sessions/global/$newId" ,
REMOTE_ADDR = > '127.0.0.1' ,
REQUEST_METHOD = > 'PUT' ,
REQUEST_URI = > "/sessions/global/$newId" ,
SCRIPT_NAME = > '' ,
SERVER_NAME = > 'auth.example.com' ,
SERVER_PORT = > '80' ,
SERVER_PROTOCOL = > 'HTTP/1.1' ,
'psgix.input.buffered' = > 0 ,
'psgi.input' = > IO::String - > new ( '{"cn":"CN"}' ) ,
CONTENT_TYPE = > 'application/json' ,
CONTENT_LENGTH = > 11 ,
}
) ,
'Put a new key'
) ;
expectOK ( $ res ) ;
ok ( $ res = eval { JSON:: from_json ( $ res - > [ 2 ] - > [ 0 ] ) } , ' GET JSON' )
or print STDERR $@ ;
ok ( $ res - > { result } == 1 , ' Result is 1' ) ;
count ( 3 ) ;
# Verify new key
ok ( $ res = $ issuer - > _get ( "/sessions/global/$newId/cn" ) , 'Verify cn' ) ;
ok ( $ res - > [ 2 ] - > [ 0 ] eq 'CN' , ' CN is good' ) ;
count ( 2 ) ;
2019-06-24 23:07:34 +02:00
use_ok ( 'Lemonldap::NG::Common::Apache::Session::REST' ) ;
ok (
$ res =
Lemonldap::NG::Common::Apache::Session::REST - > get_key_from_all_sessions ( {
baseUrl = > 'http://auth.idp.com/sessions/global/' ,
}
) ,
'Search all sessions'
) ;
2019-06-25 09:18:58 +02:00
my ( $ c1 , $ c2 ) = ( 0 , 0 ) ;
2019-06-24 23:07:34 +02:00
if ( ok ( ref ( $ res ) eq 'HASH' , ' Result is an hash' ) ) {
my $ tmp = 1 ;
foreach ( keys %$ res ) {
2019-06-25 09:18:58 +02:00
$ c1 + + ;
unless ( $ res - > { $ _ } - > { _session_id } ) {
2019-06-24 23:07:34 +02:00
$ tmp = 0 ;
diag "Bad session:\n" . Dumper ( $ res - > { $ _ } ) ;
}
}
2019-06-25 09:18:58 +02:00
ok ( $ c1 , " Found $c1 sessions" ) ;
2019-06-24 23:07:34 +02:00
ok ( $ tmp , ' All sessions are valid' ) ;
2019-06-25 09:18:58 +02:00
count ( 2 ) ;
2019-06-24 23:07:34 +02:00
}
count ( 3 ) ;
2019-06-25 09:48:15 +02:00
ok ( $ res = Lemonldap::NG::Common::Apache::Session::REST - > get_key_from_all_sessions ( { baseUrl = > 'http://auth.idp.com/sessions/global/' } , sub { return 'a' } ) , 'Search all sessions with a code' ) ;
if ( ok ( ref ( $ res ) eq 'HASH' , ' Result is an hash' ) ) {
my $ tmp = 1 ;
my $ c = 0 ;
foreach ( keys %$ res ) {
$ c + + ;
unless ( $ res - > { $ _ } eq 'a' ) {
$ tmp = 0 ;
diag "Bad session:\n" . Dumper ( $ res - > { $ _ } ) ;
}
}
ok ( $ c == $ c1 , " Found the same count" ) or explain ( $ c , $ c1 ) ;
ok ( $ tmp , ' All sessions are valid' ) ;
count ( 2 ) ;
}
2019-06-25 10:00:46 +02:00
count ( 2 ) ;
2019-06-25 09:48:15 +02:00
2019-06-25 09:18:58 +02:00
ok (
$ res = Lemonldap::NG::Common::Apache::Session::REST - > searchOn ( {
baseUrl = > 'http://auth.idp.com/sessions/global/'
} ,
'uid' , 'dwho'
) ,
'Search dwho sessions'
) ;
if ( ok ( ref ( $ res ) eq 'HASH' , ' Result is an hash' ) ) {
my $ tmp = 1 ;
foreach ( keys %$ res ) {
$ c2 + + ;
unless ( $ res - > { $ _ } - > { _session_id } ) {
$ tmp = 0 ;
diag "Bad session:\n" . Dumper ( $ res - > { $ _ } ) ;
}
}
ok ( $ c2 , " Found $c2 sessions" ) ;
ok ( $ tmp , ' All sessions are valid' ) ;
count ( 2 ) ;
}
ok ( $ c2 < $ c1 ,
'searchOn() count is lower than get_key_from_all_sessions() count' ) ;
count ( 3 ) ;
2017-01-10 22:43:34 +01:00
# Del new session
ok (
2019-02-07 09:27:56 +01:00
$ res = $ issuer - > app - > ( {
2017-01-10 22:43:34 +01:00
HTTP_ACCEPT = > 'application/json' ,
HTTP_ACCEPT_LANGUAGE = > 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3' ,
HTTP_HOST = > 'auth.idp.com' ,
PATH_INFO = > "/sessions/global/$newId" ,
REMOTE_ADDR = > '127.0.0.1' ,
REQUEST_METHOD = > 'DELETE' ,
REQUEST_URI = > "/sessions/global/$newId" ,
SCRIPT_NAME = > '' ,
SERVER_NAME = > 'auth.example.com' ,
SERVER_PORT = > '80' ,
SERVER_PROTOCOL = > 'HTTP/1.1' ,
}
) ,
'Delete new session'
) ;
expectOK ( $ res ) ;
ok ( $ res = eval { JSON:: from_json ( $ res - > [ 2 ] - > [ 0 ] ) } , ' GET JSON' )
or print STDERR $@ ;
ok ( $ res - > { result } == 1 , ' Result is 1' ) ;
count ( 3 ) ;
# Verify that session is deleted
ok ( $ res = $ issuer - > _get ( "/sessions/global/$newId/cn" ) ,
'New session is deleted' ) ;
ok ( $ res - > [ 0 ] == 400 , ' Session does not exist' ) ;
count ( 2 ) ;
2017-01-10 17:09:28 +01:00
# Logout
2017-01-10 22:43:34 +01:00
switch ( 'sp' ) ;
2017-01-10 17:09:28 +01:00
ok (
$ res = $ sp - > _get (
'/' ,
query = > 'logout' ,
accept = > 'text/html' ,
cookie = > "lemonldap=$spId"
) ,
'Ask for logout'
) ;
count ( 1 ) ;
expectOK ( $ res ) ;
2017-01-23 06:49:32 +01:00
# Test if user is reject on IdP
2017-01-10 17:09:28 +01:00
ok (
$ res = $ sp - > _get (
'/' , cookie = > "lemonldap=$spId" ,
) ,
'Test if user is reject on IdP'
) ;
count ( 1 ) ;
expectReject ( $ res ) ;
clean_sessions ( ) ;
done_testing ( count ( ) ) ;
# Redefine LWP methods for tests
sub switch {
my $ type = shift ;
2017-02-08 23:18:52 +01:00
@ Lemonldap:: NG:: Handler:: Main:: _onReload = @ {
2017-01-10 17:09:28 +01:00
$ handlerOR { $ type } ;
} ;
}
sub issuer {
2019-02-07 09:27:56 +01:00
return LLNG::Manager::Test - > new ( {
2017-01-10 17:09:28 +01:00
ini = > {
logLevel = > $ debug ,
domain = > 'idp.com' ,
portal = > 'http://auth.idp.com' ,
authentication = > 'Demo' ,
2017-02-05 10:13:20 +01:00
userDB = > 'Same' ,
2017-01-10 17:09:28 +01:00
restSessionServer = > 1 ,
2017-01-10 22:43:34 +01:00
restConfigServer = > 1 ,
2017-01-10 17:09:28 +01:00
}
}
) ;
}
sub sp {
2019-02-07 09:27:56 +01:00
return LLNG::Manager::Test - > new ( {
2017-01-10 17:09:28 +01:00
ini = > {
logLevel = > $ debug ,
domain = > 'sp.com' ,
portal = > 'http://auth.sp.com' ,
authentication = > 'Proxy' ,
2017-02-05 10:13:20 +01:00
userDB = > 'Same' ,
2017-01-10 17:09:28 +01:00
proxyAuthService = > 'http://auth.idp.com' ,
proxyUseSoap = > 0 ,
2017-01-10 22:43:34 +01:00
whatToTrace = > '_whatToTrace' ,
2017-01-10 17:09:28 +01:00
} ,
}
) ;
}