Append unit test with token & Fix error code (#1976)
This commit is contained in:
parent
23e52fcec2
commit
3219673375
|
@ -677,6 +677,7 @@ t/68-ContextSwitching-with-TOTP-and-Notification.t
|
|||
t/68-ContextSwitching-with-UnrestrictedUser.t
|
||||
t/68-ContextSwitching.t
|
||||
t/68-FindUser-with-DBI.t
|
||||
t/68-FindUser-with-Demo-and-token.t
|
||||
t/68-FindUser-with-Demo.t
|
||||
t/68-Impersonation-with-2F.t
|
||||
t/68-Impersonation-with-doubleCookies.t
|
||||
|
|
|
@ -164,12 +164,13 @@ sub check {
|
|||
$msg = PE_NOTOKEN;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'CheckUser called with an expired/bad token');
|
||||
$msg = PE_TOKENEXPIRED;
|
||||
$token = $self->ott->createToken();
|
||||
else {
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'CheckUser called with an expired/bad token');
|
||||
$msg = PE_TOKENEXPIRED;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
}
|
||||
|
||||
my $params = {
|
||||
|
|
|
@ -92,11 +92,13 @@ sub run {
|
|||
$msg = PE_NOTOKEN;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn('decryptValue try with expired/bad token');
|
||||
$msg = PE_TOKENEXPIRED;
|
||||
$token = $self->ott->createToken();
|
||||
else {
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'decryptValue try with expired/bad token');
|
||||
$msg = PE_TOKENEXPIRED;
|
||||
$token = $self->ott->createToken();
|
||||
}
|
||||
}
|
||||
|
||||
my $params = {
|
||||
|
|
|
@ -46,13 +46,16 @@ sub provideUser {
|
|||
if ( $self->ottRule->( $req, {} ) ) {
|
||||
my $token = $req->param('token');
|
||||
unless ($token) {
|
||||
$self->userLogger->warn('FindUser called without token');
|
||||
$self->userLogger->warn(
|
||||
'FindUser called without token ' . $token );
|
||||
$error = PE_NOTOKEN;
|
||||
}
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'FindUser called with an expired/bad token');
|
||||
$error = PE_TOKENEXPIRED;
|
||||
else {
|
||||
unless ( $self->ott->getToken($token) ) {
|
||||
$self->userLogger->warn(
|
||||
'FindUser called with an expired/bad token');
|
||||
$error = PE_TOKENEXPIRED;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($error) {
|
||||
|
|
|
@ -43,8 +43,8 @@ count(1);
|
|||
my $id = expectCookie($res);
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
# DecryptValue form for a foridden user
|
||||
# ------------------------
|
||||
# DecryptValue form for a forbidden user
|
||||
# --------------------------------------
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/decryptvalue',
|
||||
|
@ -128,7 +128,7 @@ count(2);
|
|||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
|
||||
|
||||
# invalid ciphered value
|
||||
# Invalid ciphered value
|
||||
$query =~ s%cipheredValue=%cipheredValue=test%;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
|
@ -147,6 +147,41 @@ count(2);
|
|||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
|
||||
|
||||
# No token
|
||||
$query = 'cipheredValue=test';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/decryptvalue',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'POST decryptvalue without token'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE81"' );
|
||||
count(2);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
|
||||
|
||||
# Expired token
|
||||
Time::Fake->offset("+5m");
|
||||
$query =~ s%cipheredValue=%cipheredValue=test%;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/decryptvalue',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'POST decryptvalue with an expired token'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%, 'Found PE_TOKENEXPIRED' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE82"' );
|
||||
count(2);
|
||||
|
||||
$client->logout($id);
|
||||
clean_sessions();
|
||||
|
||||
|
|
|
@ -49,6 +49,39 @@ count(1);
|
|||
my $id = expectCookie($res);
|
||||
expectRedirection( $res, 'http://auth.example.com/' );
|
||||
|
||||
# CheckUser form
|
||||
# ------------------------
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/checkuser',
|
||||
cookie => "lemonldap=$id",
|
||||
accept => 'text/html'
|
||||
),
|
||||
'CheckUser form',
|
||||
);
|
||||
count(1);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
|
||||
or explain( $res->[2]->[0], 'trspan="checkUser"' );
|
||||
count(1);
|
||||
$query = 'user=rtyler&url=http%3A%2F%2Ftest1.example.com';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/checkuser',
|
||||
IO::String->new($query),
|
||||
cookie => "lemonldap=$id",
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'POST checkuser'
|
||||
);
|
||||
ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
|
||||
or explain( $res->[2]->[0], 'trspan="PE81"' );
|
||||
count(2);
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
|
||||
|
||||
# CheckUser form
|
||||
# ------------------------
|
||||
ok(
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
use Test::More;
|
||||
use strict;
|
||||
use JSON;
|
||||
use IO::String;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
|
||||
my $res;
|
||||
my $json;
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'debug',
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
useSafeJail => 1,
|
||||
requireToken => 1,
|
||||
findUser => 1,
|
||||
impersonationRule => 1,
|
||||
findUserSearchingAttributes =>
|
||||
{ uid => 'Login', guy => 'Kind', cn => 'Name' },
|
||||
findUserExcludingAttributes =>
|
||||
{ type => 'mutant', uid => 'rtyler' },
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
## Simple access
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'uid', 'password', 'spoofId', 'token' );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
|
||||
count(1);
|
||||
|
||||
$query =~ s/uid=/uid=dwho/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
length => length($query)
|
||||
),
|
||||
'Post FindFuser request'
|
||||
);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{user} eq 'dwho', ' Good user' )
|
||||
or explain( $json, 'user => dwho' );
|
||||
count(3);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
|
||||
Time::Fake->offset("+150s");
|
||||
$query =~ s/uid=/uid=dwho/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
length => length($query)
|
||||
),
|
||||
'Post expired FindFuser request'
|
||||
);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{error} == 82, ' Token expired' )
|
||||
or explain( $json, 'Token expired' );
|
||||
ok( $json->{result} == 0, ' result => 0' )
|
||||
or explain( $json, 'Result => 0' );
|
||||
count(5);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
|
||||
$query = 'uid=dwho';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser', IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
length => length($query)
|
||||
),
|
||||
'Post FindFuser request without token'
|
||||
);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{error} == 81, ' No Token' )
|
||||
or explain( $json, 'No token' );
|
||||
ok( $json->{result} == 0, ' result => 0' )
|
||||
or explain( $json, 'Result => 0' );
|
||||
count(5);
|
||||
|
||||
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
|
||||
( $host, $url, $query ) =
|
||||
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
|
||||
$query =~ s/user=/user=dwho/;
|
||||
$query =~ s/password=/password=dwho/;
|
||||
$query =~ s/spoofId=/spoofId=rtyler/;
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/', IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
length => length($query)
|
||||
),
|
||||
'Post FindFuser request without token'
|
||||
);
|
||||
my $id = expectCookie($res);
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{result} == 1, ' result => 1' )
|
||||
or explain( $json, 'Result => 1' );
|
||||
$query = 'uid=dwho';
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/finduser',
|
||||
IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
cookie => "lemonldap=$id"
|
||||
),
|
||||
'Get findUser'
|
||||
);
|
||||
expectOK($res);
|
||||
expectAuthenticatedAs( $res, 'rtyler' );
|
||||
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
|
||||
or print STDERR "$@\n" . Dumper($res);
|
||||
ok( $json->{result} == 1, ' result => 1' )
|
||||
or explain( $json, 'Result => 1' );
|
||||
count(7);
|
||||
|
||||
$client->logout($id);
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
Loading…
Reference in New Issue