Append unit test with token & Fix error code (#1976)

lemonldap-ng-portal/MANIFEST

@@ -677,6 +677,7 @@ t/68-ContextSwitching-with-TOTP-and-Notification.t
 t/68-ContextSwitching-with-UnrestrictedUser.t
 t/68-ContextSwitching.t
 t/68-FindUser-with-DBI.t
+t/68-FindUser-with-Demo-and-token.t
 t/68-FindUser-with-Demo.t
 t/68-Impersonation-with-2F.t
 t/68-Impersonation-with-doubleCookies.t

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm

@@ -164,12 +164,13 @@ sub check {
             $msg   = PE_NOTOKEN;
             $token = $self->ott->createToken();
         }
-
-        unless ( $self->ott->getToken($token) ) {
-            $self->userLogger->warn(
-                'CheckUser called with an expired/bad token');
-            $msg   = PE_TOKENEXPIRED;
-            $token = $self->ott->createToken();
+        else {
+            unless ( $self->ott->getToken($token) ) {
+                $self->userLogger->warn(
+                    'CheckUser called with an expired/bad token');
+                $msg   = PE_TOKENEXPIRED;
+                $token = $self->ott->createToken();
+            }
         }
 
         my $params = {

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm

@@ -92,11 +92,13 @@ sub run {
             $msg   = PE_NOTOKEN;
             $token = $self->ott->createToken();
         }
-
-        unless ( $self->ott->getToken($token) ) {
-            $self->userLogger->warn('decryptValue try with expired/bad token');
-            $msg   = PE_TOKENEXPIRED;
-            $token = $self->ott->createToken();
+        else {
+            unless ( $self->ott->getToken($token) ) {
+                $self->userLogger->warn(
+                    'decryptValue try with expired/bad token');
+                $msg   = PE_TOKENEXPIRED;
+                $token = $self->ott->createToken();
+            }
         }
 
         my $params = {

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm

@@ -46,13 +46,16 @@ sub provideUser {
     if ( $self->ottRule->( $req, {} ) ) {
         my $token = $req->param('token');
         unless ($token) {
-            $self->userLogger->warn('FindUser called without token');
+            $self->userLogger->warn(
+                'FindUser called without token ' . $token );
             $error = PE_NOTOKEN;
         }
-        unless ( $self->ott->getToken($token) ) {
-            $self->userLogger->warn(
-                'FindUser called with an expired/bad token');
-            $error = PE_TOKENEXPIRED;
+        else {
+            unless ( $self->ott->getToken($token) ) {
+                $self->userLogger->warn(
+                    'FindUser called with an expired/bad token');
+                $error = PE_TOKENEXPIRED;
+            }
         }
     }
     if ($error) {

lemonldap-ng-portal/t/58-DecryptValue-with-internal-function.t

@@ -43,8 +43,8 @@ count(1);
 my $id = expectCookie($res);
 expectRedirection( $res, 'http://auth.example.com/' );
 
-# DecryptValue form for a foridden user
-# ------------------------
+# DecryptValue form for a forbidden user
+# --------------------------------------
 ok(
     $res = $client->_get(
         '/decryptvalue',
@@ -128,7 +128,7 @@ count(2);
 ( $host, $url, $query ) =
   expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
 
-# invalid ciphered value
+# Invalid ciphered value
 $query =~ s%cipheredValue=%cipheredValue=test%;
 ok(
     $res = $client->_post(
@@ -147,6 +147,41 @@ count(2);
 ( $host, $url, $query ) =
   expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
 
+# No token
+$query = 'cipheredValue=test';
+ok(
+    $res = $client->_post(
+        '/decryptvalue',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'POST decryptvalue without token'
+);
+ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
+  or explain( $res->[2]->[0], 'trspan="PE81"' );
+count(2);
+( $host, $url, $query ) =
+  expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
+
+# Expired token
+Time::Fake->offset("+5m");
+$query =~ s%cipheredValue=%cipheredValue=test%;
+ok(
+    $res = $client->_post(
+        '/decryptvalue',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'POST decryptvalue with an expired token'
+);
+ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%, 'Found PE_TOKENEXPIRED' )
+  or explain( $res->[2]->[0], 'trspan="PE82"' );
+count(2);
+
 $client->logout($id);
 clean_sessions();
 

lemonldap-ng-portal/t/67-CheckUser-with-token.t

@@ -49,6 +49,39 @@ count(1);
 my $id = expectCookie($res);
 expectRedirection( $res, 'http://auth.example.com/' );
 
+# CheckUser form
+# ------------------------
+ok(
+    $res = $client->_get(
+        '/checkuser',
+        cookie => "lemonldap=$id",
+        accept => 'text/html'
+    ),
+    'CheckUser form',
+);
+count(1);
+( $host, $url, $query ) =
+  expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
+ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
+  or explain( $res->[2]->[0], 'trspan="checkUser"' );
+count(1);
+$query = 'user=rtyler&url=http%3A%2F%2Ftest1.example.com';
+ok(
+    $res = $client->_post(
+        '/checkuser',
+        IO::String->new($query),
+        cookie => "lemonldap=$id",
+        length => length($query),
+        accept => 'text/html',
+    ),
+    'POST checkuser'
+);
+ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
+  or explain( $res->[2]->[0], 'trspan="PE81"' );
+count(2);
+( $host, $url, $query ) =
+  expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
+
 # CheckUser form
 # ------------------------
 ok(

lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t

@@ -0,0 +1,130 @@
+use Test::More;
+use strict;
+use JSON;
+use IO::String;
+
+require 't/test-lib.pm';
+
+my $res;
+my $json;
+my $client = LLNG::Manager::Test->new( {
+        ini => {
+            logLevel          => 'debug',
+            authentication    => 'Demo',
+            userDB            => 'Same',
+            useSafeJail       => 1,
+            requireToken      => 1,
+            findUser          => 1,
+            impersonationRule => 1,
+            findUserSearchingAttributes =>
+              { uid => 'Login', guy => 'Kind', cn => 'Name' },
+            findUserExcludingAttributes =>
+              { type => 'mutant', uid => 'rtyler' },
+        }
+    }
+);
+
+## Simple access
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+my ( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'uid', 'password', 'spoofId', 'token' );
+( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
+count(1);
+
+$query =~ s/uid=/uid=dwho/;
+ok(
+    $res = $client->_post(
+        '/finduser', IO::String->new($query),
+        accept => 'application/json',
+        length => length($query)
+    ),
+    'Post FindFuser request'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{user} eq 'dwho', ' Good user' )
+  or explain( $json, 'user => dwho' );
+count(3);
+
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
+Time::Fake->offset("+150s");
+$query =~ s/uid=/uid=dwho/;
+ok(
+    $res = $client->_post(
+        '/finduser', IO::String->new($query),
+        accept => 'application/json',
+        length => length($query)
+    ),
+    'Post expired FindFuser request'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == 82, ' Token expired' )
+  or explain( $json, 'Token expired' );
+ok( $json->{result} == 0, ' result => 0' )
+  or explain( $json, 'Result => 0' );
+count(5);
+
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
+$query = 'uid=dwho';
+ok(
+    $res = $client->_post(
+        '/finduser', IO::String->new($query),
+        accept => 'application/json',
+        length => length($query)
+    ),
+    'Post FindFuser request without token'
+);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == 81, ' No Token' )
+  or explain( $json, 'No token' );
+ok( $json->{result} == 0, ' result => 0' )
+  or explain( $json, 'Result => 0' );
+count(5);
+
+ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+( $host, $url, $query ) =
+  expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
+$query =~ s/user=/user=dwho/;
+$query =~ s/password=/password=dwho/;
+$query =~ s/spoofId=/spoofId=rtyler/;
+ok(
+    $res = $client->_post(
+        '/', IO::String->new($query),
+        accept => 'application/json',
+        length => length($query)
+    ),
+    'Post FindFuser request without token'
+);
+my $id = expectCookie($res);
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{result} == 1, ' result => 1' )
+  or explain( $json, 'Result => 1' );
+$query = 'uid=dwho';
+ok(
+    $res = $client->_post(
+        '/finduser',
+        IO::String->new($query),
+        accept => 'application/json',
+        cookie => "lemonldap=$id"
+    ),
+    'Get findUser'
+);
+expectOK($res);
+expectAuthenticatedAs( $res, 'rtyler' );
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{result} == 1, ' result => 1' )
+  or explain( $json, 'Result => 1' );
+count(7);
+
+$client->logout($id);
+clean_sessions();
+done_testing( count() );