2016-02-01 23:22:33 +01:00
use Test::More ;
use JSON ;
use MIME::Base64 ;
2019-08-26 21:57:13 +02:00
use Data::Dumper ;
2020-05-22 17:33:25 +02:00
use URI::Escape ;
2016-02-01 23:22:33 +01:00
2020-11-15 16:17:19 +01:00
BEGIN {
require 't/test-psgi-lib.pm' ;
require 't/custom.pm' ;
}
2016-02-01 23:22:33 +01:00
2017-02-11 08:47:22 +01:00
init ( 'Lemonldap::NG::Handler::Server::Nginx' ) ;
2016-02-01 23:22:33 +01:00
my $ res ;
# Unauthentified query
ok ( $ res = $ client - > _get ( '/' ) , 'Unauthentified query' ) ;
ok ( ref ( $ res ) eq 'ARRAY' , 'Response is an array' ) or explain ( $ res , 'array' ) ;
ok ( $ res - > [ 0 ] == 401 , 'Code is 401' ) or explain ( $ res - > [ 0 ] , 401 ) ;
my % h = @ { $ res - > [ 1 ] } ;
ok (
$ h { Location } eq 'http://auth.example.com/?url='
2020-05-22 17:33:25 +02:00
. uri_escape ( encode_base64 ( 'http://test1.example.com/' , '' ) ) ,
2016-02-01 23:22:33 +01:00
'Redirection points to portal'
)
or explain (
\ % h ,
'Location => http://auth.example.com/?url='
2020-05-22 17:33:25 +02:00
. uri_escape ( encode_base64 ( 'http://test1.example.com/' , '' ) )
2016-02-01 23:22:33 +01:00
) ;
count ( 4 ) ;
# Authentified queries
# --------------------
2020-11-15 16:17:19 +01:00
# Authorized query
ok (
$ res =
$ client - > _get ( '/' , undef , 'test4.example.com' , "lemonldap=$sessionId" ) ,
'Authentified query'
) ;
ok ( $ res - > [ 0 ] == 200 , 'Code is 200' ) or explain ( $ res - > [ 0 ] , 200 ) ;
count ( 2 ) ;
# Check headers
% h = @ { $ res - > [ 1 ] } ;
ok (
$ h { 'Lm-Remote-Custom' } eq
2020-11-20 12:56:31 +01:00
'dwho@badwolf.org alias Doctor_Who:users; timelords by using Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1' ,
2020-11-16 17:51:01 +01:00
'Lm-Remote-Custom is overwriten'
2020-11-15 16:17:19 +01:00
)
2020-11-20 12:56:31 +01:00
or explain (
\ % h ,
'Lm-Remote-Custom => "dwho@badwolf.org alias Doctor_Who:users; timelords by using Mozilla/5.0 (X11; VAX4000; rv:43.0) Gecko/20100101 Firefox/143.0 Iceweasel/143.0.1"'
) ;
2020-11-15 16:17:19 +01:00
count ( 1 ) ;
2019-08-26 21:57:13 +02:00
# Authorized query
2016-06-09 13:45:10 +02:00
ok ( $ res = $ client - > _get ( '/' , undef , undef , "lemonldap=$sessionId" ) ,
'Authentified query' ) ;
2016-02-01 23:22:33 +01:00
ok ( $ res - > [ 0 ] == 200 , 'Code is 200' ) or explain ( $ res - > [ 0 ] , 200 ) ;
count ( 2 ) ;
# Check headers
% h = @ { $ res - > [ 1 ] } ;
2016-02-17 11:12:19 +01:00
ok ( $ h { 'Headername1' } eq 'Auth-User' , 'Headername1 is set to "Auth-User"' )
2016-04-04 22:39:22 +02:00
or explain ( \ % h , 'Headername1 => "Auth-User"' ) ;
2016-02-17 11:12:19 +01:00
ok ( $ h { 'Headervalue1' } eq 'dwho' , 'Headervalue1 is set to "dwho"' )
2016-04-04 22:39:22 +02:00
or explain ( \ % h , 'Headervalue1 => "dwho"' ) ;
2020-11-15 16:17:19 +01:00
ok (
$ h { 'Lm-Remote-Custom' } eq 'dwho@badwolf.org' ,
2020-11-16 17:51:01 +01:00
'Lm-Remote-Custom is set "dwho@badwolf.org"'
2020-11-15 16:17:19 +01:00
) or explain ( \ % h , 'Lm-Remote-User => "dwho@badwolf.org"' ) ;
count ( 3 ) ;
2016-02-01 23:22:33 +01:00
2019-11-05 17:16:07 +01:00
# Request an URI protected by custom function -> allowed
2020-02-20 23:34:02 +01:00
ok (
$ res =
$ client - > _get ( '/test-uri1/dwho' , undef , undef , "lemonldap=$sessionId" ) ,
'Authentified query'
) ;
2019-11-05 17:16:07 +01:00
ok ( $ res - > [ 0 ] == 200 , '/test-uri1 -> Code is 200' ) or explain ( $ res , 200 ) ;
count ( 2 ) ;
# Request an URI protected by custom function -> allowed
2020-02-20 23:34:02 +01:00
ok (
$ res = $ client - > _get (
'/test-uri2/dwho/dummy' , undef , undef , "lemonldap=$sessionId"
) ,
'Authentified query'
) ;
2019-11-05 17:16:07 +01:00
ok ( $ res - > [ 0 ] == 200 , '/test-uri2 -> Code is 200' ) or explain ( $ res , 200 ) ;
count ( 2 ) ;
# Request an URI protected by custom function -> denied
2020-02-20 23:34:02 +01:00
ok (
$ res =
$ client - > _get ( '/test-uri1/dwho/' , undef , undef , "lemonldap=$sessionId" ) ,
'Denied query'
) ;
ok ( $ res - > [ 0 ] == 403 , '/test-uri1 -> Code is 403' )
or explain ( $ res - > [ 0 ] , 403 ) ;
2019-11-05 17:16:07 +01:00
count ( 2 ) ;
# Request an URI protected by custom function -> denied
2020-02-20 23:34:02 +01:00
ok (
$ res =
$ client - > _get ( '/test-uri1/dwh' , undef , undef , "lemonldap=$sessionId" ) ,
'Denied query'
) ;
ok ( $ res - > [ 0 ] == 403 , '/test-uri1 -> Code is 403' )
or explain ( $ res - > [ 0 ] , 403 ) ;
2019-11-05 17:16:07 +01:00
count ( 2 ) ;
2016-02-01 23:22:33 +01:00
# Denied query
2016-06-09 13:45:10 +02:00
ok ( $ res = $ client - > _get ( '/deny' , undef , undef , "lemonldap=$sessionId" ) ,
'Denied query' ) ;
2016-02-01 23:22:33 +01:00
ok ( $ res - > [ 0 ] == 403 , 'Code is 403' ) or explain ( $ res - > [ 0 ] , 403 ) ;
2019-10-29 22:35:21 +01:00
count ( 2 ) ;
2016-02-01 23:22:33 +01:00
2019-10-29 22:35:21 +01:00
# Required AuthnLevel = 1
ok ( $ res = $ client - > _get ( '/AuthWeak' , undef , undef , "lemonldap=$sessionId" ) ,
'Weak Authentified query' ) ;
ok ( $ res - > [ 0 ] == 200 , 'Code is 200' ) or explain ( $ res , 200 ) ;
2016-02-01 23:22:33 +01:00
count ( 2 ) ;
2019-10-29 22:35:21 +01:00
# Required AuthnLevel = 5
ok (
$ res = $ client - > _get ( '/AuthStrong' , undef , undef , "lemonldap=$sessionId" ) ,
'Strong Authentified query'
) ;
ok ( $ res - > [ 0 ] == 401 , 'Code is 401' ) or explain ( $ res , 401 ) ;
% h = @ { $ res - > [ 1 ] } ;
ok (
$ h { Location } eq 'http://auth.example.com//upgradesession?url='
2020-05-22 17:33:25 +02:00
. uri_escape (
encode_base64 ( 'http://test1.example.com/AuthStrong' , '' ) ) ,
2019-10-29 22:35:21 +01:00
'Redirection points to http://test1.example.com/AuthStrong'
)
or explain (
\ % h ,
'http://auth.example.com//upgradesession?url='
2020-05-22 17:33:25 +02:00
. uri_escape ( encode_base64 ( 'http://test1.example.com/AuthStrong' , '' ) )
2019-10-29 22:35:21 +01:00
) ;
count ( 3 ) ;
2016-02-01 23:22:33 +01:00
# Bad cookie
ok (
$ res = $ client - > _get (
'/deny' ,
undef ,
'manager.example.com' ,
'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
) ,
'Bad cookie'
) ;
ok ( $ res - > [ 0 ] == 401 , 'Code is 401' ) or explain ( $ res - > [ 0 ] , 401 ) ;
2016-02-17 11:12:19 +01:00
unlink (
't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
) ;
2019-10-29 22:35:21 +01:00
count ( 2 ) ;
2016-02-01 23:22:33 +01:00
2019-10-29 22:35:21 +01:00
# Required AuthnLevel = 1
ok (
$ res = $ client - > _get (
'/AuthWeak' , undef , 'test2.example.com' , "lemonldap=$sessionId"
) ,
'Weak Authentified query'
) ;
ok ( $ res - > [ 0 ] == 200 , 'Code is 200' ) or explain ( $ res , 200 ) ;
2016-02-01 23:22:33 +01:00
count ( 2 ) ;
2019-10-29 22:35:21 +01:00
# Required AuthnLevel = 5
ok (
$ res =
$ client - > _get ( '/' , undef , 'test2.example.com' , "lemonldap=$sessionId" ) ,
'Default Authentified query'
) ;
ok ( $ res - > [ 0 ] == 401 , 'Code is 401' ) or explain ( $ res , 401 ) ;
% h = @ { $ res - > [ 1 ] } ;
ok (
$ h { Location } eq 'http://auth.example.com//upgradesession?url='
2020-05-22 17:33:25 +02:00
. uri_escape ( encode_base64 ( 'http://test2.example.com/' , '' ) ) ,
2019-10-29 22:35:21 +01:00
'Redirection points to http://test2.example.com/'
)
or explain (
\ % h ,
'http://auth.example.com//upgradesession?url='
2020-05-22 17:33:25 +02:00
. uri_escape ( encode_base64 ( 'http://test2.example.com/' , '' ) )
2019-10-29 22:35:21 +01:00
) ;
count ( 3 ) ;
2021-01-14 13:49:08 +01:00
# Clean headers
ok (
$ res = $ client - > _get (
'/skipif/zz' , undef , 'test1.example.com' , undef ,
HTTP_AUTH_USER = > 'rtyler'
) ,
'Test skip() with forged header'
) ;
ok ( $ res - > [ 0 ] == 200 , 'Code is 200' ) or explain ( $ res , 200 ) ;
count ( 2 ) ;
% h = @ { $ res - > [ 1 ] } ;
my % delete ;
foreach ( keys % h ) {
/^Deleteheader\d$/ and $ delete { $ h { $ _ } } + + ;
}
foreach ( qw( Cookie HTTP_COOKIE Auth-User HTTP_AUTH_USER ) ) {
ok ( $ delete { $ _ } , "Delete command for $_" )
or explain ( \ % h , 'Delete* headers' ) ;
ok ( ! $ h { $ _ } , "$_ is deleted" ) or explain ( \ % h , 'Delete* headers' ) ;
count ( 2 ) ;
}
2016-02-01 23:22:33 +01:00
done_testing ( count ( ) ) ;
2016-06-09 13:45:10 +02:00
clean ( ) ;