From 908082aa54f4926bb500e0474051fb0d15cc2bac Mon Sep 17 00:00:00 2001 From: epictete Date: Sun, 29 Dec 2019 00:18:14 +0100 Subject: [PATCH 1/2] fix call to mailTemplate in ResetCertificate module (#1605) --- .../Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm index b8ef82be2..83f18a6d1 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CertificateResetByMail.pm @@ -376,7 +376,8 @@ sub _certificateReset { else { # Use HTML template - $body = $self->loadTemplate( + $body = $self->loadMailTemplate( + $req, 'mail_confirm', filter => $tr, params => \%tplPrms @@ -562,7 +563,8 @@ sub modifyCertificate { else { # Use HTML template - $body = $self->loadTemplate( + $body = $self->loadMailTemplate( + $req, 'mail_certificatReset', filter => $tr, params => \%tplPrms From ca894220883898697503d613f5fee7724bee9fe5 Mon Sep 17 00:00:00 2001 From: epictete Date: Sun, 29 Dec 2019 02:17:32 +0100 Subject: [PATCH 2/2] improve reset-certificate unit test (test invalid certificates) (#1605) --- .../t/44-CertificateResetByMail-LDAP.t | 155 +++++++++++++++++- 1 file changed, 154 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/t/44-CertificateResetByMail-LDAP.t b/lemonldap-ng-portal/t/44-CertificateResetByMail-LDAP.t index 2acc0a89a..1f6deebf6 100644 --- a/lemonldap-ng-portal/t/44-CertificateResetByMail-LDAP.t +++ b/lemonldap-ng-portal/t/44-CertificateResetByMail-LDAP.t @@ -5,6 +5,11 @@ use strict; use IO::String; use File::Copy; +use Lemonldap::NG::Portal::Main::Constants qw( + PE_RESETCERTIFICATE_INVALID PE_RESETCERTIFICATE_FORMEMPTY + PE_RESETCERTIFICATE_FIRSTACCESS +); + BEGIN { eval { require 't/test-lib.pm'; @@ -13,7 +18,7 @@ BEGIN { } my ( $res, $user ); -my $maintests = 6; +my $maintests = 12; SKIP: { eval @@ -212,6 +217,154 @@ lkRrWfQftwmLyNIu3HfSgXlgAZS30ymfbzBU ok( mail() =~ /Certificate Reset sucessfully/, 'Certificate was changed' ); + + + # Test invalid certificate + + # Test form + # ------------------------ + ok( $res = $client->_get( '/certificateReset', accept => 'text/html' ), + 'Reset form', ); + my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail' ); + + $query = 'mail=dwho%40badwolf.org'; + + # Post email + ok( + $res = $client->_post( + '/certificateReset', IO::String->new($query), + length => length($query), + accept => 'text/html' + ), + 'Post mail' + ); + + ok( mail() =~ m#a href="http://auth.example.com/certificateReset\?(.*?)"#, + 'Found link in mail' ); + $query = $1; + my $querymail = $query; + ok( + $res = $client->_get( + '/certificateReset', + query => $query, + accept => 'text/html' + ), + 'Post mail token received by mail' + ); + + # print STDERR Dumper($res); + + ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' ); + ok( $res->[2]->[0] =~ /certif/s, ' Ask for a new certificate file' ); + + #print STDERR Dumper($query); + my %inputs = split( /[=&]/, $query ); + my %querytab = split( /[=&]/, $querymail ); + + # Create the certificate file + my $cert = "INVALID CERTIFICATE"; + + open my $FH2, '>', '/tmp/v296ZJQ_kG'; + print {$FH2} "$cert"; + close $FH2; + + $res = $client->app->( { + 'plack.request.query' => bless( { + 'skin' => $querytab{'skin'}, + 'mail_token' => $querytab{'mail_token'} + }, + 'Hash::MultiValue' + ), + 'PATH_INFO' => '/certificateReset', + 'HTTP_ACCEPT' => +'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3', + 'REQUEST_METHOD' => 'POST', + 'HTTP_ORIGIN' => 'http://auth.example.com', + 'HTTP_ACCEPT_LANGUAGE' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3', + 'REQUEST_SCHEME' => 'http', + 'HTTP_CACHE_CONTROL' => 'max-age=0', + + 'plack.request.merged' => bless( { + 'skin' => $querytab{'skin'}, + 'mail_token' => $querytab{'mail_token'}, + 'url' => '', + 'token' => $inputs{'token'} + }, + 'Hash::MultiValue' + ), + 'REMOTE_PORT' => '36674', + 'QUERY_STRING' => $querymail, + 'SERVER_SIGNATURE' => '', + 'psgix.input.buffered' => 1, + 'HTTP_UPGRADE_INSECURE_REQUESTS' => '1', + 'CONTENT_TYPE' => +'multipart/form-data; boundary=----WebKitFormBoundarybabRY9u6K9tERoLr', + 'plack.request.upload' => bless( { + 'certif' => bless( { + 'headers' => bless( { + 'content-disposition' => +'form-data; name="certif"; filename="user.pem"', + 'content-type' => + 'application/x-x509-ca-cert', + '::std_case' => { + 'content-disposition' => + 'Content-Disposition' + } + }, + 'HTTP::Headers' + ), + 'filename' => 'user.pem', + 'tempname' => '/tmp/v296ZJQ_kG', + 'size' => 1261 + }, + 'Plack::Request::Upload' + ) + }, + 'Hash::MultiValue' + ), + 'psgi.streaming' => 1, + 'plack.request.body' => bless( { + 'skin' => 'bootstrap', + 'url' => '', + 'token' => $inputs{'token'} + }, + 'Hash::MultiValue' + ), + 'SCRIPT_URL' => '/certificateReset', + 'SERVER_NAME' => 'auth.example.com', + 'HTTP_REFERER' => 'http://auth.example.com/certificateReset?' + . $querymail, + 'HTTP_CONNECTION' => 'close', + 'CONTENT_LENGTH' => '1759', + 'SCRIPT_URI' => 'http://auth.example.com/certificateReset', + 'plack.cookie.parsed' => { + 'llnglanguage' => 'fr' + }, + 'SERVER_PORT' => '80', + 'SERVER_NAME' => 'auth.example.com', + 'SERVER_PROTOCOL' => 'HTTP/1.1', + 'SCRIPT_NAME' => '', + 'HTTP_USER_AGENT' => + 'Mozilla/5.0 (VAX-4000; rv:36.0) Gecko/20350101 Firefox', + 'HTTP_COOKIE' => 'llnglanguage=fr', + 'REMOTE_ADDR' => '127.0.0.1', + 'REQUEST_URI' => '/certificateReset?' . $querymail, + 'plack.cookie.string' => 'llnglanguage=fr', + 'SERVER_ADDR' => '127.0.0.1', + 'psgi.url_scheme' => 'http', + 'psgix.harakiri' => '', + 'HTTP_HOST' => 'auth.example.com' + } + ); + + my $trmsg = $res->[2]->[0]; # get html response + my @trmsg = split(/\n/, $trmsg); # split into lines + @trmsg = grep(/trmsg="/, @trmsg); # only get line corresponding to message + $trmsg = $trmsg[0]; # get the first one only + $trmsg =~ s/.*trmsg="([0-9]+)".*/$1/g; # get error code number + ok ( $trmsg == PE_RESETCERTIFICATE_INVALID, 'Invalid certificate' ); + + } count($maintests); stopLdapServer() if $ENV{LLNGTESTLDAP};