2017-01-25 23:08:15 +01:00
|
|
|
use Test::More;
|
|
|
|
use strict;
|
|
|
|
use IO::String;
|
2020-01-05 21:57:24 +01:00
|
|
|
use JSON;
|
|
|
|
use Lemonldap::NG::Portal::Main::Constants 'PE_CAPTCHAEMPTY';
|
2017-01-25 23:08:15 +01:00
|
|
|
|
|
|
|
require 't/test-lib.pm';
|
|
|
|
|
|
|
|
my $res;
|
|
|
|
|
2020-01-05 22:06:57 +01:00
|
|
|
my $maintests = 29;
|
2017-01-27 12:14:50 +01:00
|
|
|
SKIP: {
|
2020-01-05 21:57:24 +01:00
|
|
|
eval 'use GD::SecurityImage; use Image::Magick;';
|
2017-01-27 12:14:50 +01:00
|
|
|
if ($@) {
|
2019-06-01 20:53:34 +02:00
|
|
|
skip 'Image::Magick not found', $maintests;
|
2017-01-25 23:08:15 +01:00
|
|
|
}
|
|
|
|
|
2019-02-07 09:27:56 +01:00
|
|
|
my $client = LLNG::Manager::Test->new( {
|
2018-11-26 14:40:21 +01:00
|
|
|
ini => {
|
2019-09-08 19:26:09 +02:00
|
|
|
logLevel => 'error',
|
|
|
|
useSafeJail => 1,
|
|
|
|
browsersDontStorePassword => 1,
|
|
|
|
loginHistoryEnabled => 1,
|
|
|
|
captcha_login_enabled => 1,
|
|
|
|
portalMainLogo => 'common/logos/logo_llng_old.png',
|
2017-01-27 12:14:50 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
2020-01-05 21:57:24 +01:00
|
|
|
# Try to authenticate without captcha
|
|
|
|
# -----------------------------------
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
|
|
|
IO::String->new('user=dwho&password=dwho'),
|
|
|
|
length => 23,
|
|
|
|
),
|
|
|
|
'Auth query'
|
|
|
|
);
|
2020-01-05 22:06:57 +01:00
|
|
|
expectReject($res);
|
2020-01-05 21:57:24 +01:00
|
|
|
|
|
|
|
my $json;
|
|
|
|
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
|
|
|
or print STDERR "$@\n" . Dumper($res);
|
|
|
|
ok( $json->{error} == PE_CAPTCHAEMPTY, 'Response is PE_CAPTCHAEMPTY' )
|
|
|
|
or explain( $json, "error => 77" );
|
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# Test normal first access
|
|
|
|
# ------------------------
|
|
|
|
ok( $res = $client->_get('/'), 'Unauth JSON request' );
|
|
|
|
expectReject($res);
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2018-11-26 14:40:21 +01:00
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Unauth request' );
|
2017-01-27 12:14:50 +01:00
|
|
|
my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
2019-09-08 19:26:09 +02:00
|
|
|
ok(
|
|
|
|
$res->[2]->[0] =~
|
2020-08-07 10:16:24 +02:00
|
|
|
m%<input[^>]*name="password"%,
|
2019-09-08 19:26:09 +02:00
|
|
|
'Password: Found text input'
|
|
|
|
);
|
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
$query =~ s/.*\btoken=([^&]+).*/token=$1/;
|
|
|
|
my $token;
|
|
|
|
ok( $token = $1, ' Token value is defined' );
|
2019-12-01 22:01:30 +01:00
|
|
|
ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,
|
2019-08-29 10:04:06 +02:00
|
|
|
' Captcha image inserted' )
|
2019-12-03 11:55:04 +01:00
|
|
|
or
|
|
|
|
explain( $res->[2]->[0], '<img id="captcha" src="data:image/png;base64' );
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# Try to get captcha value
|
|
|
|
my ( $ts, $captcha );
|
2017-03-11 19:11:57 +01:00
|
|
|
ok( $ts = getCache()->get($token), ' Found token session' );
|
|
|
|
$ts = eval { JSON::from_json($ts) };
|
|
|
|
ok( $captcha = $ts->{captcha}, ' Found captcha value' );
|
2018-11-26 14:40:21 +01:00
|
|
|
ok(
|
|
|
|
$res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
|
2018-11-20 22:35:44 +01:00
|
|
|
'Found custom Main Logo'
|
|
|
|
) or print STDERR Dumper( $res->[2]->[0] );
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# Try to authenticate
|
2018-11-20 22:35:44 +01:00
|
|
|
$query .= "&user=dwho&password=dwho&captcha=$captcha&checkLogins=1";
|
2018-11-26 14:40:21 +01:00
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
2017-01-27 12:14:50 +01:00
|
|
|
'/',
|
|
|
|
IO::String->new($query),
|
2018-11-20 22:35:44 +01:00
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
2017-01-27 12:14:50 +01:00
|
|
|
),
|
|
|
|
'Try to auth with captcha value'
|
|
|
|
);
|
|
|
|
expectOK($res);
|
|
|
|
my $id = expectCookie($res);
|
2018-11-20 22:35:44 +01:00
|
|
|
ok( $res->[2]->[0] =~ /trspan="lastLogins"/, 'History found' )
|
2018-11-26 14:40:21 +01:00
|
|
|
or explain( $res->[2]->[0], 'trspan="noHistory"' );
|
2018-11-20 22:35:44 +01:00
|
|
|
my @c = ( $res->[2]->[0] =~ /<td>127.0.0.1/gs );
|
|
|
|
|
|
|
|
# History with 1 successLogin
|
|
|
|
ok( @c == 1, " -> One entry found" );
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# Verify auth
|
2018-11-26 14:40:21 +01:00
|
|
|
ok( $res = $client->_get( '/', cookie => "lemonldap=$id" ), 'Verify auth' );
|
2017-01-27 12:14:50 +01:00
|
|
|
expectOK($res);
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# New try (with bad captcha)
|
|
|
|
ok( $res = $client->_get( '/', accept => 'text/html' ),
|
|
|
|
'New unauth request' );
|
|
|
|
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
|
|
|
$query =~ s/.*\b(token=[^&]+).*/$1/;
|
|
|
|
ok( $token = $1, ' Token value is defined' );
|
2017-01-25 23:08:15 +01:00
|
|
|
|
2017-01-27 12:14:50 +01:00
|
|
|
# Try to auth with bad captcha
|
|
|
|
$query .= '&user=dwho&password=dwho&captcha=00000';
|
2018-11-26 14:40:21 +01:00
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
2017-01-27 12:14:50 +01:00
|
|
|
'/',
|
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query)
|
|
|
|
),
|
|
|
|
'Try to auth with bad captcha value'
|
|
|
|
);
|
|
|
|
expectReject($res);
|
2018-11-26 14:40:21 +01:00
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
2017-01-27 12:14:50 +01:00
|
|
|
'/', IO::String->new($query),
|
|
|
|
length => length($query),
|
|
|
|
accept => 'text/html',
|
|
|
|
),
|
|
|
|
'Verify that there is a new captcha image'
|
|
|
|
);
|
2019-12-03 11:55:04 +01:00
|
|
|
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
|
|
|
$query =~ s/.*\b(token=[^&]+).*/$1/;
|
|
|
|
my $newtoken = $1;
|
|
|
|
ok( $newtoken ne $token, ' Token is refreshed' );
|
2019-12-01 22:01:30 +01:00
|
|
|
ok( $res->[2]->[0] =~ m#<img id="captcha" src="data:image/png;base64#,
|
2017-01-27 12:14:50 +01:00
|
|
|
' New captcha image inserted' );
|
2019-12-27 19:00:30 +01:00
|
|
|
ok(
|
|
|
|
$res->[2]->[0] =~
|
2019-12-28 12:14:47 +01:00
|
|
|
m#<img class="renewcaptchaclick" src="/static/common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" />#,
|
2019-12-27 19:00:30 +01:00
|
|
|
' Renew Captcha button found'
|
2019-12-27 19:09:35 +01:00
|
|
|
) or explain( $res->[2]->[0], 'Renew captcha button not found' );
|
2019-12-28 12:14:47 +01:00
|
|
|
ok( $res->[2]->[0] =~ /captcha\.(?:min\.)?js/, 'Get captcha javascript' );
|
2019-12-04 09:50:56 +01:00
|
|
|
|
|
|
|
# Try to renew captcha
|
|
|
|
ok( $res = $client->_get( '/renewcaptcha', accept => 'text/html' ),
|
|
|
|
'Unauth request to renew Captcha' );
|
2020-02-16 15:35:53 +01:00
|
|
|
$json = eval { JSON::from_json( $res->[2]->[0] ) };
|
2020-08-16 12:11:07 +02:00
|
|
|
ok( ( defined $json->{newtoken} and $json->{newtoken} =~ /^\w+$/ ),
|
2019-12-04 09:50:56 +01:00
|
|
|
'New token has been received' )
|
2020-08-16 12:11:07 +02:00
|
|
|
or explain( $json->{newtoken}, 'New token not received' );
|
2019-12-04 09:50:56 +01:00
|
|
|
ok( (
|
|
|
|
defined $json->{newimage}
|
|
|
|
and $json->{newimage} =~ m%^data:image/png;base64,.+%
|
|
|
|
),
|
|
|
|
'New image has been received'
|
|
|
|
) or explain( $json->{newimage}, 'NO image received' );
|
|
|
|
|
|
|
|
# Try to submit new captcha
|
|
|
|
ok( $ts = getCache()->get( $json->{newtoken} ),
|
|
|
|
' Found new token session' );
|
|
|
|
$ts = eval { JSON::from_json($ts) };
|
|
|
|
$query =
|
|
|
|
"user=dwho&password=dwho&captcha=$ts->{captcha}&token=$json->{newtoken}";
|
|
|
|
ok(
|
|
|
|
$res = $client->_post(
|
|
|
|
'/',
|
|
|
|
IO::String->new($query),
|
|
|
|
length => length($query)
|
|
|
|
),
|
|
|
|
'Try to auth with new captcha value'
|
|
|
|
);
|
|
|
|
expectOK($res);
|
|
|
|
$id = expectCookie($res);
|
|
|
|
ok(
|
|
|
|
$res = $client->_get(
|
|
|
|
'/',
|
|
|
|
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',
|
|
|
|
cookie => "lemonldap=$id",
|
|
|
|
accept => 'text/html'
|
|
|
|
),
|
|
|
|
'Auth request with redirection'
|
|
|
|
);
|
|
|
|
expectRedirection( $res, 'http://test1.example.com/' );
|
|
|
|
expectAuthenticatedAs( $res, 'dwho' );
|
2017-01-27 12:14:50 +01:00
|
|
|
}
|
|
|
|
count($maintests);
|
2017-01-25 23:08:15 +01:00
|
|
|
|
|
|
|
clean_sessions();
|
|
|
|
|
|
|
|
done_testing( count() );
|