From 09996f98946de535e59985bac3539dd5e7a70706 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Thu, 7 Mar 2019 15:23:57 +0100
Subject: [PATCH] Improve unit test (#1667)

---
 lemonldap-ng-portal/t/02-Password-Demo.t | 16 ++++++++++++++
 lemonldap-ng-portal/t/68-Impersonation.t | 27 +++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/t/02-Password-Demo.t b/lemonldap-ng-portal/t/02-Password-Demo.t
index 4b0778cf9..a7f312da6 100644
--- a/lemonldap-ng-portal/t/02-Password-Demo.t
+++ b/lemonldap-ng-portal/t/02-Password-Demo.t
@@ -49,6 +49,22 @@ ok( $res->[2]->[0] =~ m%"PE85":"From lemonlap-ng.ini"%,
 count(9);
 
 
+# Try yo authenticate
+# -------------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho*&password=dwho'),
+        accept => 'text/html',
+        length => 24
+    ),
+    'Auth query'
+);
+ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
+    ' PE40 found' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(2);
+
 # Try yo authenticate
 # -------------------
 ok(
diff --git a/lemonldap-ng-portal/t/68-Impersonation.t b/lemonldap-ng-portal/t/68-Impersonation.t
index 8df351a2a..1dc59a8e8 100644
--- a/lemonldap-ng-portal/t/68-Impersonation.t
+++ b/lemonldap-ng-portal/t/68-Impersonation.t
@@ -26,6 +26,31 @@ my $client = LLNG::Manager::Test->new(
     }
 );
 
+## Try to authenticate with bad spoofed user
+ok( $res = $client->_get( '/', accept => 'text/html' ),
+    'Get Menu', );
+count(1);
+my ( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'user', 'password', 'spoofId' );
+
+$query =~ s/user=/user=rtyler/;
+$query =~ s/password=/password=rtyler/;
+$query =~ s/spoofId=/spoofId=dwho*/;
+ok( $res = $client->_post(
+        '/',
+        IO::String->new($query),
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'Auth query'
+);
+ok( $res->[2]->[0] =~ m%<span trmsg="40"></span>%,
+    ' PE40 found' )
+  or print STDERR Dumper( $res->[2]->[0] );
+count(2);
+
+my $id = expectCookie($res);
+$client->logout($id);
 
 ## Try to authenticate
 ok( $res = $client->_get( '/', accept => 'text/html' ),
@@ -47,7 +72,7 @@ ok( $res = $client->_post(
 );
 count(1);
 
-my $id = expectCookie($res);
+$id = expectCookie($res);
 expectRedirection( $res, 'http://auth.example.com/' );
 
 # CheckUser form