2019-09-18 16:04:45 +02:00
|
|
|
#!/usr/bin/perl
|
|
|
|
|
|
|
|
use Test::More;
|
|
|
|
use strict;
|
|
|
|
use IO::String;
|
|
|
|
use File::Copy;
|
|
|
|
|
2020-01-10 23:07:21 +01:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants qw(
|
|
|
|
PE_RESETCERTIFICATE_INVALID PE_RESETCERTIFICATE_FORMEMPTY
|
|
|
|
PE_RESETCERTIFICATE_FIRSTACCESS
|
|
|
|
);
|
|
|
|
|
2019-09-18 16:04:45 +02:00
|
|
|
BEGIN {
|
|
|
|
eval {
|
|
|
|
require 't/test-lib.pm';
|
|
|
|
require 't/smtp.pm';
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2019-09-18 21:49:51 +02:00
|
|
|
my ( $res, $user );
|
2019-09-18 16:04:45 +02:00
|
|
|
my $maintests = 6;
|
|
|
|
|
|
|
|
SKIP: {
|
|
|
|
eval
|
2020-01-04 22:57:30 +01:00
|
|
|
'require Email::Sender::Simple; use GD::SecurityImage; use Image::Magick; use Net::SSLeay;
|
|
|
|
use DateTime::Format::RFC3339;';
|
2019-09-18 16:04:45 +02:00
|
|
|
if ($@) {
|
2019-09-18 21:49:51 +02:00
|
|
|
skip 'Missing dependencies ' . $@, $maintests;
|
2019-09-18 16:04:45 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} );
|
|
|
|
require 't/test-ldap.pm';
|
|
|
|
|
|
|
|
my $client = LLNG::Manager::Test->new( {
|
|
|
|
ini => {
|
2020-02-20 21:49:55 +01:00
|
|
|
logLevel => 'error',
|
2019-09-18 21:49:51 +02:00
|
|
|
useSafeJail => 1,
|
|
|
|
portalDisplayRegister => 1,
|
|
|
|
authentication => 'SSL',
|
|
|
|
userDB => 'LDAP',
|
|
|
|
passwordDB => 'LDAP',
|
|
|
|
registerDB => 'LDAP',
|
|
|
|
ldapServer => 'ldap://127.0.0.1:19389/',
|
|
|
|
ldapBase => 'ou=users,dc=example,dc=com',
|
|
|
|
managerDn => 'cn=admin,dc=example,dc=com',
|
|
|
|
managerPassword => 'admin',
|
|
|
|
captcha_mail_enabled => 0,
|
|
|
|
portalDisplayCertificateResetByMail => 1,
|
|
|
|
certificateResetByMailCeaAttribute => 'description',
|
|
|
|
certificateResetByMailCertificateAttribute =>
|
|
|
|
'userCertificate;binary',
|
|
|
|
certificateResetByMailStep1Body =>
|
|
|
|
'Click here <a href="$url"> to confirm your mail. It will expire $expMailDate',
|
|
|
|
certificateResetByMailStep2Body =>
|
2020-01-04 16:30:22 +01:00
|
|
|
'Certificate successfully reset!',
|
2019-09-18 21:49:51 +02:00
|
|
|
certificateValidityDelay => 30
|
|
|
|
|
|
|
|
}
|
2019-09-18 16:04:45 +02:00
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
# Test form
|
|
|
|
# ------------------------
|
2019-09-18 21:49:51 +02:00
|
|
|
ok( $res = $client->_get( '/certificateReset', accept => 'text/html' ),
|
2019-09-18 16:04:45 +02:00
|
|
|
'Reset form', );
|
|
|
|
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' );
|
|
|
|
|
|
|
|
$query = 'mail=dwho%40badwolf.org';
|
|
|
|
|
|
|
|
# Post email
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/certificateReset', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
|
|
|
'Post mail'
|
2019-09-18 21:49:51 +02:00
|
|
|
);
|
|
|
|
|
2019-09-18 16:04:45 +02:00
|
|
|
ok( mail() =~ m#a href="http://auth.example.com/certificateReset\?(.*?)"#,
|
|
|
|
'Found link in mail' );
|
|
|
|
$query = $1;
|
|
|
|
my $querymail = $query;
|
|
|
|
ok(
|
2019-09-18 21:49:51 +02:00
|
|
|
$res = $client->_get(
|
|
|
|
'/certificateReset',
|
|
|
|
query => $query,
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
2019-09-18 16:04:45 +02:00
|
|
|
'Post mail token received by mail'
|
|
|
|
);
|
|
|
|
|
2019-09-18 21:49:51 +02:00
|
|
|
# print STDERR Dumper($res);
|
|
|
|
|
|
|
|
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
|
|
|
ok( $res->[2]->[0] =~ /certif/s, ' Ask for a new certificate file' );
|
2019-09-18 16:04:45 +02:00
|
|
|
|
2019-09-18 21:49:51 +02:00
|
|
|
#print STDERR Dumper($query);
|
|
|
|
my %inputs = split( /[=&]/, $query );
|
|
|
|
my %querytab = split( /[=&]/, $querymail );
|
2019-09-18 16:04:45 +02:00
|
|
|
|
2019-09-18 21:49:51 +02:00
|
|
|
# Create the certificate file
|
|
|
|
my $cert = "-----BEGIN CERTIFICATE-----
|
2019-09-18 16:04:45 +02:00
|
|
|
MIIDdzCCAl+gAwIBAgIJAKGx8siw7lkRMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
|
|
|
|
BAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxDjAMBgNVBAcMBVBBcmlzMREwDwYDVQQK
|
|
|
|
DAhMaW5hZ29yYTEOMAwGA1UECwwFTElOSUQwIBcNMTkwNzA0MTcyNjI4WhgPMjEx
|
|
|
|
OTA2MTAxNzI2MjhaMFExCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGcmFuY2UxDjAM
|
|
|
|
BgNVBAcMBVBBcmlzMREwDwYDVQQKDAhMaW5hZ29yYTEOMAwGA1UECwwFTElOSUQw
|
|
|
|
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3iyeNE2vpURgdY7xwxS16
|
|
|
|
xUJANPuMSrCfy1E/xpCtbP02zK0B11DkT81AnTHgvsWYuiubR1P3Phhh+JLsLRho
|
|
|
|
Grzu9xjaiKXQ+kT1cAiq6skZljphykXBfKUb73W9CPntHL/zl3XyIfu+dWyCGbqa
|
|
|
|
jHw0Llomi8JqU/XKB6XAYumsV3QzFMM7ECm5HeV3BxfIBwoIOwfwINDUrAGS3h4k
|
|
|
|
WH/iiqwG7uSuADupSfdmOrvE7rYZupPas4YATX1m5hmON++9pRRFVEoNeOV1qyGY
|
|
|
|
G7swH1uoO2hAgwKIw0vinft/pJLqe3qhrJwNCIZFHaDEx/PRERFeeEH9/6HSz5kt
|
|
|
|
AgMBAAGjUDBOMB0GA1UdDgQWBBTFv6pQT/9IBWEAGhILGCcweVfHmTAfBgNVHSME
|
|
|
|
GDAWgBTFv6pQT/9IBWEAGhILGCcweVfHmTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
|
|
|
|
DQEBCwUAA4IBAQBFYneMW5etMnsA3/PdvOqx/ijBF98aKlB4U4IKZpdDRAcsstdL
|
|
|
|
BSsHRQbHXtb9VdlDWvUnNg5DmjsA8DkOXKXGPGM9ncu9tQi9EoInbOJTMaEsIr2j
|
|
|
|
zrLj6PHTvazy+6Au+R/9N5u3WQtq/Z2xoN/+bbQ1dyjXgQmBZFizHP32l5AdgBDT
|
|
|
|
jF7xMHxJ6Jxz9lkI+d9v0TzpxTStsaC+pbDfoouNc2deZkv84YTIrD0EPSHFDH5d
|
|
|
|
u5i9b+lrWZeCtpVEPzSYpnBwGfepbZAzfVRKJm7wZPCe7KxqMGXQLVBkD8oN7vA1
|
|
|
|
lkRrWfQftwmLyNIu3HfSgXlgAZS30ymfbzBU
|
2019-09-18 21:49:51 +02:00
|
|
|
-----END CERTIFICATE-----";
|
|
|
|
|
|
|
|
open my $FH2, '>', '/tmp/v296ZJQ_kG';
|
|
|
|
print {$FH2} "$cert";
|
|
|
|
close $FH2;
|
|
|
|
|
|
|
|
$res = $client->app->( {
|
|
|
|
'plack.request.query' => bless( {
|
|
|
|
'skin' => $querytab{'skin'},
|
|
|
|
'mail_token' => $querytab{'mail_token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'PATH_INFO' => '/certificateReset',
|
|
|
|
'HTTP_ACCEPT' =>
|
|
|
|
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
|
|
|
|
'REQUEST_METHOD' => 'POST',
|
|
|
|
'HTTP_ORIGIN' => 'http://auth.example.com',
|
|
|
|
'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
|
|
|
|
'REQUEST_SCHEME' => 'http',
|
|
|
|
'HTTP_CACHE_CONTROL' => 'max-age=0',
|
|
|
|
|
|
|
|
'plack.request.merged' => bless( {
|
|
|
|
'skin' => $querytab{'skin'},
|
|
|
|
'mail_token' => $querytab{'mail_token'},
|
|
|
|
'url' => '',
|
|
|
|
'token' => $inputs{'token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'REMOTE_PORT' => '36674',
|
|
|
|
'QUERY_STRING' => $querymail,
|
|
|
|
'SERVER_SIGNATURE' => '',
|
|
|
|
'psgix.input.buffered' => 1,
|
|
|
|
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
|
|
|
|
'CONTENT_TYPE' =>
|
|
|
|
'multipart/form-data; boundary=----WebKitFormBoundarybabRY9u6K9tERoLr',
|
|
|
|
'plack.request.upload' => bless( {
|
|
|
|
'certif' => bless( {
|
|
|
|
'headers' => bless( {
|
|
|
|
'content-disposition' =>
|
|
|
|
'form-data; name="certif"; filename="user.pem"',
|
|
|
|
'content-type' =>
|
|
|
|
'application/x-x509-ca-cert',
|
|
|
|
'::std_case' => {
|
|
|
|
'content-disposition' =>
|
|
|
|
'Content-Disposition'
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'HTTP::Headers'
|
|
|
|
),
|
|
|
|
'filename' => 'user.pem',
|
|
|
|
'tempname' => '/tmp/v296ZJQ_kG',
|
|
|
|
'size' => 1261
|
|
|
|
},
|
|
|
|
'Plack::Request::Upload'
|
|
|
|
)
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'psgi.streaming' => 1,
|
|
|
|
'plack.request.body' => bless( {
|
|
|
|
'skin' => 'bootstrap',
|
|
|
|
'url' => '',
|
|
|
|
'token' => $inputs{'token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'SCRIPT_URL' => '/certificateReset',
|
|
|
|
'SERVER_NAME' => 'auth.example.com',
|
|
|
|
'HTTP_REFERER' => 'http://auth.example.com/certificateReset?'
|
|
|
|
. $querymail,
|
|
|
|
'HTTP_CONNECTION' => 'close',
|
|
|
|
'CONTENT_LENGTH' => '1759',
|
|
|
|
'SCRIPT_URI' => 'http://auth.example.com/certificateReset',
|
|
|
|
'plack.cookie.parsed' => {
|
|
|
|
'llnglanguage' => 'fr'
|
|
|
|
},
|
|
|
|
'SERVER_PORT' => '80',
|
|
|
|
'SERVER_NAME' => 'auth.example.com',
|
|
|
|
'SERVER_PROTOCOL' => 'HTTP/1.1',
|
|
|
|
'SCRIPT_NAME' => '',
|
|
|
|
'HTTP_USER_AGENT' =>
|
|
|
|
'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
|
|
|
|
'HTTP_COOKIE' => 'llnglanguage=fr',
|
|
|
|
'REMOTE_ADDR' => '127.0.0.1',
|
|
|
|
'REQUEST_URI' => '/certificateReset?' . $querymail,
|
|
|
|
'plack.cookie.string' => 'llnglanguage=fr',
|
|
|
|
'SERVER_ADDR' => '127.0.0.1',
|
|
|
|
'psgi.url_scheme' => 'http',
|
|
|
|
'psgix.harakiri' => '',
|
|
|
|
'HTTP_HOST' => 'auth.example.com'
|
|
|
|
}
|
|
|
|
);
|
2019-09-18 16:04:45 +02:00
|
|
|
|
2020-01-04 22:57:30 +01:00
|
|
|
ok( mail() =~ /Certificate successfully reset/,
|
|
|
|
'Certificate has been reset' );
|
2019-12-29 02:17:32 +01:00
|
|
|
|
|
|
|
# Test invalid certificate
|
|
|
|
|
|
|
|
# Test form
|
|
|
|
# ------------------------
|
|
|
|
ok( $res = $client->_get( '/certificateReset', accept => 'text/html' ),
|
|
|
|
'Reset form', );
|
2020-02-16 14:35:14 +01:00
|
|
|
( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' );
|
2019-12-29 02:17:32 +01:00
|
|
|
|
|
|
|
$query = 'mail=dwho%40badwolf.org';
|
|
|
|
|
|
|
|
# Post email
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/certificateReset', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
|
|
|
'Post mail'
|
|
|
|
);
|
|
|
|
|
|
|
|
ok( mail() =~ m#a href="http://auth.example.com/certificateReset\?(.*?)"#,
|
|
|
|
'Found link in mail' );
|
2020-02-16 14:35:14 +01:00
|
|
|
$query = $1;
|
|
|
|
$querymail = $query;
|
2019-12-29 02:17:32 +01:00
|
|
|
ok(
|
|
|
|
$res = $client->_get(
|
|
|
|
'/certificateReset',
|
|
|
|
query => $query,
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
|
|
|
'Post mail token received by mail'
|
|
|
|
);
|
|
|
|
|
|
|
|
# print STDERR Dumper($res);
|
|
|
|
|
|
|
|
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
|
|
|
ok( $res->[2]->[0] =~ /certif/s, ' Ask for a new certificate file' );
|
|
|
|
|
|
|
|
#print STDERR Dumper($query);
|
2020-02-16 14:35:14 +01:00
|
|
|
%inputs = split( /[=&]/, $query );
|
|
|
|
%querytab = split( /[=&]/, $querymail );
|
2019-12-29 02:17:32 +01:00
|
|
|
|
|
|
|
# Create the certificate file
|
2020-02-16 14:35:14 +01:00
|
|
|
$cert = "INVALID CERTIFICATE";
|
2019-12-29 02:17:32 +01:00
|
|
|
|
2020-02-16 15:35:53 +01:00
|
|
|
open $FH2, '>', '/tmp/v296ZJQ_kG';
|
2019-12-29 02:17:32 +01:00
|
|
|
print {$FH2} "$cert";
|
|
|
|
close $FH2;
|
|
|
|
|
|
|
|
$res = $client->app->( {
|
|
|
|
'plack.request.query' => bless( {
|
|
|
|
'skin' => $querytab{'skin'},
|
|
|
|
'mail_token' => $querytab{'mail_token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'PATH_INFO' => '/certificateReset',
|
|
|
|
'HTTP_ACCEPT' =>
|
|
|
|
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
|
|
|
|
'REQUEST_METHOD' => 'POST',
|
|
|
|
'HTTP_ORIGIN' => 'http://auth.example.com',
|
|
|
|
'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
|
|
|
|
'REQUEST_SCHEME' => 'http',
|
|
|
|
'HTTP_CACHE_CONTROL' => 'max-age=0',
|
|
|
|
|
|
|
|
'plack.request.merged' => bless( {
|
|
|
|
'skin' => $querytab{'skin'},
|
|
|
|
'mail_token' => $querytab{'mail_token'},
|
|
|
|
'url' => '',
|
|
|
|
'token' => $inputs{'token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'REMOTE_PORT' => '36674',
|
|
|
|
'QUERY_STRING' => $querymail,
|
|
|
|
'SERVER_SIGNATURE' => '',
|
|
|
|
'psgix.input.buffered' => 1,
|
|
|
|
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
|
|
|
|
'CONTENT_TYPE' =>
|
|
|
|
'multipart/form-data; boundary=----WebKitFormBoundarybabRY9u6K9tERoLr',
|
|
|
|
'plack.request.upload' => bless( {
|
|
|
|
'certif' => bless( {
|
|
|
|
'headers' => bless( {
|
|
|
|
'content-disposition' =>
|
|
|
|
'form-data; name="certif"; filename="user.pem"',
|
|
|
|
'content-type' =>
|
|
|
|
'application/x-x509-ca-cert',
|
|
|
|
'::std_case' => {
|
|
|
|
'content-disposition' =>
|
|
|
|
'Content-Disposition'
|
|
|
|
}
|
|
|
|
},
|
|
|
|
'HTTP::Headers'
|
|
|
|
),
|
|
|
|
'filename' => 'user.pem',
|
|
|
|
'tempname' => '/tmp/v296ZJQ_kG',
|
|
|
|
'size' => 1261
|
|
|
|
},
|
|
|
|
'Plack::Request::Upload'
|
|
|
|
)
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'psgi.streaming' => 1,
|
|
|
|
'plack.request.body' => bless( {
|
|
|
|
'skin' => 'bootstrap',
|
|
|
|
'url' => '',
|
|
|
|
'token' => $inputs{'token'}
|
|
|
|
},
|
|
|
|
'Hash::MultiValue'
|
|
|
|
),
|
|
|
|
'SCRIPT_URL' => '/certificateReset',
|
|
|
|
'SERVER_NAME' => 'auth.example.com',
|
|
|
|
'HTTP_REFERER' => 'http://auth.example.com/certificateReset?'
|
|
|
|
. $querymail,
|
|
|
|
'HTTP_CONNECTION' => 'close',
|
|
|
|
'CONTENT_LENGTH' => '1759',
|
|
|
|
'SCRIPT_URI' => 'http://auth.example.com/certificateReset',
|
|
|
|
'plack.cookie.parsed' => {
|
|
|
|
'llnglanguage' => 'fr'
|
|
|
|
},
|
|
|
|
'SERVER_PORT' => '80',
|
|
|
|
'SERVER_NAME' => 'auth.example.com',
|
|
|
|
'SERVER_PROTOCOL' => 'HTTP/1.1',
|
|
|
|
'SCRIPT_NAME' => '',
|
|
|
|
'HTTP_USER_AGENT' =>
|
|
|
|
'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox',
|
|
|
|
'HTTP_COOKIE' => 'llnglanguage=fr',
|
|
|
|
'REMOTE_ADDR' => '127.0.0.1',
|
|
|
|
'REQUEST_URI' => '/certificateReset?' . $querymail,
|
|
|
|
'plack.cookie.string' => 'llnglanguage=fr',
|
|
|
|
'SERVER_ADDR' => '127.0.0.1',
|
|
|
|
'psgi.url_scheme' => 'http',
|
|
|
|
'psgix.harakiri' => '',
|
|
|
|
'HTTP_HOST' => 'auth.example.com'
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
2020-01-04 22:57:30 +01:00
|
|
|
my $trmsg = $res->[2]->[0]; # get html response
|
|
|
|
my @trmsg = split( /\n/, $trmsg ); # split into lines
|
|
|
|
@trmsg = grep( /trmsg="/, @trmsg ); # only get line corresponding to message
|
|
|
|
$trmsg = $trmsg[0]; # get the first one only
|
|
|
|
$trmsg =~ s/.*trmsg="([0-9]+)".*/$1/g; # get error code number
|
|
|
|
ok( $trmsg == PE_RESETCERTIFICATE_INVALID, 'Invalid certificate' );
|
2020-02-04 17:08:15 +01:00
|
|
|
stopLdapServer() if $ENV{LLNGTESTLDAP};
|
2019-09-18 16:04:45 +02:00
|
|
|
}
|
2020-01-10 23:07:21 +01:00
|
|
|
|
2019-09-18 16:04:45 +02:00
|
|
|
count($maintests);
|
|
|
|
done_testing( count() );
|