lemonldap-ng/lemonldap-ng-portal/t/41-Captcha.t

use Test::More;
use strict;
use IO::String;
use JSON;
use Lemonldap::NG::Portal::Main::Constants 'PE_CAPTCHAERROR';

require 't/test-lib.pm';

my $res;

my $maintests = 29;
SKIP: {
    eval 'use GD::SecurityImage; use Image::Magick;';
    if ($@) {
        skip 'Image::Magick not found', $maintests;
    }

    my $client = LLNG::Manager::Test->new( {
            ini => {
                logLevel                  => 'error',
                useSafeJail               => 1,
                browsersDontStorePassword => 1,
                loginHistoryEnabled       => 1,
                captcha_login_enabled     => 1,
                portalMainLogo            => 'common/logos/logo_llng_old.png',
            }
        }
    );

    # Try to authenticate without captcha
    # -----------------------------------
    ok(
        $res = $client->_post(
            '/',
            IO::String->new('user=dwho&password=dwho'),
            length => 23,
        ),
        'Auth query'
    );
    expectReject($res);

    my $json;
    ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
      or print STDERR "$@\n" . Dumper($res);
    ok( $json->{error} == PE_CAPTCHAERROR, 'Response is PE_CAPTCHAERROR' )
      or explain( $json, "error => 76" );

    # Test normal first access
    # ------------------------
    ok( $res = $client->_get('/'), 'Unauth JSON request' );
    expectReject($res);

    ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
    my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
    ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,
        'Password: Found text input' );

    $query =~ s/.*\btoken=([^&]+).*/token=$1/;
    my $token;
    ok( $token = $1, ' Token value is defined' );
    ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,
        ' Captcha image inserted' )
      or
      explain( $res->[2]->[0], '<img id="captcha" src="data:image/png;base64' );

    # Try to get captcha value
    my ( $ts, $captcha );
    ok( $ts = getCache()->get($token), ' Found token session' );
    $ts = eval { JSON::from_json($ts) };
    ok( $captcha = $ts->{captcha}, ' Found captcha value' );
    ok(
        $res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
        'Found custom Main Logo'
    ) or print STDERR Dumper( $res->[2]->[0] );

    # Try to authenticate
    $query .= "&user=dwho&password=dwho&captcha=$captcha&checkLogins=1";
    ok(
        $res = $client->_post(
            '/',
            IO::String->new($query),
            length => length($query),
            accept => 'text/html',
        ),
        'Try to auth with captcha value'
    );
    expectOK($res);
    my $id = expectCookie($res);
    ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
      or explain( $res->[2]->[0], 'trspan="noHistory"' );
    my @c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );

    # History with 1 successLogin
    ok( @c == 1, " -> One entry found" );

    # Verify auth
    ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );
    expectOK($res);

    # New try (with bad captcha)
    ok( $res = $client->_get( '/', accept => 'text/html' ),
        'New unauth request' );
    ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
    $query =~ s/.*\b(token=[^&]+).*/$1/;
    ok( $token = $1, ' Token value is defined' );

    # Try to auth with bad captcha
    $query .= '&user=dwho&password=dwho&captcha=00000';
    ok(
        $res = $client->_post(
            '/',
            IO::String->new($query),
            length => length($query)
        ),
        'Try to auth with bad captcha value'
    );
    expectReject($res);
    ok(
        $res = $client->_post(
            '/', IO::String->new($query),
            length => length($query),
            accept => 'text/html',
        ),
        'Verify that there is a new captcha image'
    );
    ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
    $query =~ s/.*\b(token=[^&]+).*/$1/;
    my $newtoken = $1;
    ok( $newtoken ne $token, ' Token is refreshed' );
    ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,
        ' New captcha image inserted' );
    ok(
        $res->[2]->[0] =~
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
        ' Renew Captcha button found'
    ) or explain( $res->[2]->[0], 'Renew captcha button not found' );
    ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );

    # Try to renew captcha
    ok( $res = $client->_get( '/renewcaptcha', accept => 'text/html' ),
        'Unauth request to renew Captcha' );
    $json = eval { JSON::from_json( $res->[2]->[0] ) };
    ok( ( defined $json->{newtoken} and $json->{newtoken} =~ /^\w+$/ ),
        'New token has been received' )
      or explain( $json->{newtoken}, 'New token not received' );
    ok( (
            defined $json->{newimage}
              and $json->{newimage} =~ m%^data:image/png;base64,.+%
        ),
        'New image has been received'
    ) or explain( $json->{newimage}, 'NO image received' );

    # Try to submit new captcha
    ok( $ts = getCache()->get( $json->{newtoken} ),
        ' Found new token session' );
    $ts = eval { JSON::from_json($ts) };
    $query =
      "user=dwho&password=dwho&captcha=$ts->{captcha}&token=$json->{newtoken}";
    ok(
        $res = $client->_post(
            '/',
            IO::String->new($query),
            length => length($query)
        ),
        'Try to auth with new captcha value'
    );
    expectOK($res);
    $id = expectCookie($res);
    ok(
        $res = $client->_get(
            '/',
            query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',
            cookie => "lemonldap=$id",
            accept => 'text/html'
        ),
        'Auth request with redirection'
    );
    expectRedirection( $res, 'http://test1.example.com/' );
    expectAuthenticatedAs( $res, 'dwho' );
}
count($maintests);

clean_sessions();

done_testing( count() );
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00			`use Test::More;`
			`use strict;`
			`use IO::String;`
Test if Captcha is enabled & Improve unit test (#2057) 2020-01-05 21:57:24 +01:00			`use JSON;`
Fix unit tests for new Captcha API (#2692) New API does not differentiate between empty and wrong captcha 2022-04-19 17:09:15 +02:00			`use Lemonldap::NG::Portal::Main::Constants 'PE_CAPTCHAERROR';`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
			`require 't/test-lib.pm';`

			`my $res;`

Improve unit test (#2057) 2020-01-05 22:06:57 +01:00			`my $maintests = 29;`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`SKIP: {`
Test if Captcha is enabled & Improve unit test (#2057) 2020-01-05 21:57:24 +01:00			`eval 'use GD::SecurityImage; use Image::Magick;';`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`if ($@) {`
Typo 2019-06-01 20:53:34 +02:00			`skip 'Image::Magick not found', $maintests;`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00			`}`

tidy with new conf 2019-02-07 09:27:56 +01:00			`my $client = LLNG::Manager::Test->new( {`
make tidy 2018-11-26 14:40:21 +01:00			`ini => {`
Forbid browsers to store users password & Improve unit tests (#1913) 2019-09-08 19:26:09 +02:00			`logLevel => 'error',`
			`useSafeJail => 1,`
			`browsersDontStorePassword => 1,`
			`loginHistoryEnabled => 1,`
			`captcha_login_enabled => 1,`
			`portalMainLogo => 'common/logos/logo_llng_old.png',`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`}`
			`}`
			`);`

Test if Captcha is enabled & Improve unit test (#2057) 2020-01-05 21:57:24 +01:00			`# Try to authenticate without captcha`
			`# -----------------------------------`
			`ok(`
			`$res = $client->_post(`
			`'/',`
			`IO::String->new('user=dwho&password=dwho'),`
			`length => 23,`
			`),`
			`'Auth query'`
			`);`
Improve unit test (#2057) 2020-01-05 22:06:57 +01:00			`expectReject($res);`
Test if Captcha is enabled & Improve unit test (#2057) 2020-01-05 21:57:24 +01:00
			`my $json;`
			`ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )`
			`or print STDERR "$@\n" . Dumper($res);`
Fix unit tests for new Captcha API (#2692) New API does not differentiate between empty and wrong captcha 2022-04-19 17:09:15 +02:00			`ok( $json->{error} == PE_CAPTCHAERROR, 'Response is PE_CAPTCHAERROR' )`
			`or explain( $json, "error => 76" );`
Test if Captcha is enabled & Improve unit test (#2057) 2020-01-05 21:57:24 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# Test normal first access`
			`# ------------------------`
			`ok( $res = $client->_get('/'), 'Unauth JSON request' );`
			`expectReject($res);`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
make tidy 2018-11-26 14:40:21 +01:00			`ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );`
tidy 2022-02-16 17:43:29 +01:00			`ok( $res->[2]->[0] =~ m%<input[^>]*name="password"%,`
			`'Password: Found text input' );`
Forbid browsers to store users password & Improve unit tests (#1913) 2019-09-08 19:26:09 +02:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`$query =~ s/.\btoken=([^&]+)./token=$1/;`
			`my $token;`
			`ok( $token = $1, ' Token value is defined' );`
Append renew captcha button (#2019) 2019-12-01 22:01:30 +01:00			`ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,`
Parallel tests 2019-08-29 10:04:06 +02:00			`' Captcha image inserted' )`
Propagate to Mail, GPG and Register (#2019) 2019-12-03 11:55:04 +01:00			`or`
			`explain( $res->[2]->[0], '<img id="captcha" src="data:image/png;base64' );`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# Try to get captcha value`
			`my ( $ts, $captcha );`
Use local cache by default for tokens (#1140) 2017-03-11 19:11:57 +01:00			`ok( $ts = getCache()->get($token), ' Found token session' );`
			`$ts = eval { JSON::from_json($ts) };`
			`ok( $captcha = $ts->{captcha}, ' Found captcha value' );`
make tidy 2018-11-26 14:40:21 +01:00			`ok(`
			`$res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,`
Improve unit test 2018-11-20 22:35:44 +01:00			`'Found custom Main Logo'`
			`) or print STDERR Dumper( $res->[2]->[0] );`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# Try to authenticate`
Improve unit test 2018-11-20 22:35:44 +01:00			`$query .= "&user=dwho&password=dwho&captcha=$captcha&checkLogins=1";`
make tidy 2018-11-26 14:40:21 +01:00			`ok(`
			`$res = $client->_post(`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`'/',`
			`IO::String->new($query),`
Improve unit test 2018-11-20 22:35:44 +01:00			`length => length($query),`
			`accept => 'text/html',`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`),`
			`'Try to auth with captcha value'`
			`);`
			`expectOK($res);`
			`my $id = expectCookie($res);`
Improve unit test 2018-11-20 22:35:44 +01:00			`ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )`
make tidy 2018-11-26 14:40:21 +01:00			`or explain( $res->[2]->[0], 'trspan="noHistory"' );`
Improve unit test 2018-11-20 22:35:44 +01:00			`my @c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );`

			`# History with 1 successLogin`
			`ok( @c == 1, " -> One entry found" );`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# Verify auth`
make tidy 2018-11-26 14:40:21 +01:00			`ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`expectOK($res);`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# New try (with bad captcha)`
			`ok( $res = $client->_get( '/', accept => 'text/html' ),`
			`'New unauth request' );`
			`( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );`
			`$query =~ s/.\b(token=[^&]+)./$1/;`
			`ok( $token = $1, ' Token value is defined' );`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`# Try to auth with bad captcha`
			`$query .= '&user=dwho&password=dwho&captcha=00000';`
make tidy 2018-11-26 14:40:21 +01:00			`ok(`
			`$res = $client->_post(`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`'/',`
			`IO::String->new($query),`
			`length => length($query)`
			`),`
			`'Try to auth with bad captcha value'`
			`);`
			`expectReject($res);`
make tidy 2018-11-26 14:40:21 +01:00			`ok(`
			`$res = $client->_post(`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`'/', IO::String->new($query),`
			`length => length($query),`
			`accept => 'text/html',`
			`),`
			`'Verify that there is a new captcha image'`
			`);`
Propagate to Mail, GPG and Register (#2019) 2019-12-03 11:55:04 +01:00			`( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );`
			`$query =~ s/.\b(token=[^&]+)./$1/;`
			`my $newtoken = $1;`
			`ok( $newtoken ne $token, ' Token is refreshed' );`
Append renew captcha button (#2019) 2019-12-01 22:01:30 +01:00			`ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`' New captcha image inserted' );`
Improve unit test (#2019) 2019-12-27 19:00:30 +01:00			`ok(`
			`$res->[2]->[0] =~`
Remove autocomplete on image (#2585) 2021-08-20 11:59:20 +02:00			`m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,`
Improve unit test (#2019) 2019-12-27 19:00:30 +01:00			`' Renew Captcha button found'`
Improve unit test (#2019) 2019-12-27 19:09:35 +01:00			`) or explain( $res->[2]->[0], 'Renew captcha button not found' );`
Improve unit test (#2019) 2019-12-28 12:14:47 +01:00			`ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );`
Improve unit test & update manifest (#2019) 2019-12-04 09:50:56 +01:00
			`# Try to renew captcha`
			`ok( $res = $client->_get( '/renewcaptcha', accept => 'text/html' ),`
			`'Unauth request to renew Captcha' );`
Fix warning messages 2020-02-16 15:35:53 +01:00			`$json = eval { JSON::from_json( $res->[2]->[0] ) };`
Improve unit tests (#2275) 2020-08-16 12:11:07 +02:00			`ok( ( defined $json->{newtoken} and $json->{newtoken} =~ /^\w+$/ ),`
Improve unit test & update manifest (#2019) 2019-12-04 09:50:56 +01:00			`'New token has been received' )`
Improve unit tests (#2275) 2020-08-16 12:11:07 +02:00			`or explain( $json->{newtoken}, 'New token not received' );`
Improve unit test & update manifest (#2019) 2019-12-04 09:50:56 +01:00			`ok( (`
			`defined $json->{newimage}`
			`and $json->{newimage} =~ m%^data:image/png;base64,.+%`
			`),`
			`'New image has been received'`
			`) or explain( $json->{newimage}, 'NO image received' );`

			`# Try to submit new captcha`
			`ok( $ts = getCache()->get( $json->{newtoken} ),`
			`' Found new token session' );`
			`$ts = eval { JSON::from_json($ts) };`
			`$query =`
			`"user=dwho&password=dwho&captcha=$ts->{captcha}&token=$json->{newtoken}";`
			`ok(`
			`$res = $client->_post(`
			`'/',`
			`IO::String->new($query),`
			`length => length($query)`
			`),`
			`'Try to auth with new captcha value'`
			`);`
			`expectOK($res);`
			`$id = expectCookie($res);`
			`ok(`
			`$res = $client->_get(`
			`'/',`
			`query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',`
			`cookie => "lemonldap=$id",`
			`accept => 'text/html'`
			`),`
			`'Auth request with redirection'`
			`);`
			`expectRedirection( $res, 'http://test1.example.com/' );`
			`expectAuthenticatedAs( $res, 'dwho' );`
Skip captcha tests if missing modules (#595) 2017-01-27 12:14:50 +01:00			`}`
			`count($maintests);`
Verify captcha login (#595) 2017-01-25 23:08:15 +01:00
			`clean_sessions();`

			`done_testing( count() );`