dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix unit tests (#2539)

Browse Source
This commit is contained in:
Christophe Maudoux 2021-06-26 21:47:51 +02:00
parent 3d35c6454f
commit 71ed63a999
4 changed files with 358 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

288
lemonldap-ng-portal/t/68-ContextSwitching-with-2F-allowed.t
View File

@ -6,7 +6,7 @@ use JSON qw(to_json from_json);
BEGIN {
require 't/test-lib.pm';
}
my $maintests = 64;
my $maintests = 88;
SKIP: {
require Lemonldap::NG::Common::TOTP;
@ -133,6 +133,7 @@ SKIP: {
ok( $res->{result} == 1, 'TOTP is registered' );
## Try to register an U2F key
Time::Fake->offset("+3s");
ok(
$res = $client->_get(
'/2fregisters/u',
@ -278,6 +279,26 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
expectOK($res);
expectAuthenticatedAs( $res, 'rtyler' );
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters',
cookie => "lemonldap=$id",
accept => 'text/html',
),
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
my $devices;
ok(
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'\d{10}\'%%g,
'2F device found'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $devices == 2, '2F devices found' )
or explain( $devices, '2F devices registered' );
# Try to switch context 'dwho'
# ContextSwitching form
ok(
@ -321,25 +342,8 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
'Found trspan="contextSwitching_OFF"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' );
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters',
cookie => "lemonldap=$id2",
accept => 'text/html',
),
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
my $devices;
ok( $devices = $res->[2]->[0] =~ s%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%%g,
'2F devices found' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $devices == 2, 'two 2F devices found' )
or explain( $devices, 'Two 2F devices registered' );
ok( $id2 ne $id, 'New SSO session created' )
or explain( $id2, 'New SSO session created' );
## Try to register a TOTP
# TOTP form
@ -351,9 +355,7 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
),
'Form registration'
);
ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ /totpregistration\.(?:min\.)?js/, 'Found TOTP js' );
ok(
$res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
'Found custom Main Logo'
@ -371,28 +373,18 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
eval { $res = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), 'Content is JSON' )
or explain( $res->[2]->[0], 'JSON content' );
ok( $res->{error} eq 'totpExistingKey', 'TOTP already registered' )
or explain( $res, 'Bad result' );
ok( $key = $res->{secret}, 'Found secret' ) or print STDERR Dumper($res);
ok( $token = $res->{token}, 'Found token' ) or print STDERR Dumper($res);
ok( $res->{user} eq 'dwho', 'Found user' )
or print STDERR Dumper($res);
$key = Convert::Base32::decode_base32($key);
# Try to unregister TOTP
ok(
$res = $client->_post(
'/2fregisters/totp/delete',
IO::String->new("epoch=1234567890"),
length => 16,
cookie => "lemonldap=$id2",
),
'Delete TOTP query'
);
eval { $data = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), ' Content is JSON' )
or explain( [ $@, $res->[2] ], 'JSON content' );
ok(
$data->{error} eq '2FDeviceNotFound', '2F device not found'
) or explain( $data, 'Bad result' );
# Try to verify TOTP
$s = "code=123456&token=1234567890&TOTPName=myTOTP";
# Post code
ok( $code = Lemonldap::NG::Common::TOTP::_code( undef, $key, 0, 30, 6 ),
'Code' );
ok( $code =~ /^\d{6}$/, 'Code contains 6 digits' );
my $s = "code=$code&token=$token&TOTPName=myTOTP";
my $epoch = time();
ok(
$res = $client->_post(
'/2fregisters/totp/verify',
@ -402,61 +394,199 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
),
'Post code'
);
eval { $data = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), ' Content is JSON' )
or explain( [ $@, $res->[2] ], 'JSON content' );
ok( $data->{error} eq 'PE82', 'PE82' )
or explain( $data, 'Bad result' );
eval { $res = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), 'Content is JSON' )
or explain( $res->[2]->[0], 'JSON content' );
ok( $res->{result} == 1, 'TOTP is registered' );
## Try to register an U2F key
# U2F form
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters/u',
'/2fregisters',
cookie => "lemonldap=$id2",
accept => 'text/html',
),
'Form registration'
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /u2fregistration\.(?:min\.)?js/, 'Found U2F js' );
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
my $devices;
ok(
$res->[2]->[0] =~ qr%<img src="/static/common/logos/logo_llng_old.png"%,
'Found custom Main Logo'
$devices = $res->[2]->[0] =~ s%<span device=\'TOTP\' epoch=\'\d{10}\'%%g,
'2F device found'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $devices == 1, '2F device found' )
or explain( $devices, '2F device registered' );
# Ajax registration request
# Try to unregister TOTP
ok(
$res = $client->_post(
'/2fregisters/u/register', IO::String->new(''),
accept => 'application/json',
cookie => "lemonldap=$id2",
length => 0,
),
'Get registration challenge'
);
eval { $data = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), ' Content is JSON' )
or explain( [ $@, $res->[2] ], 'JSON content' );
ok(
$data->{challenge} =~ /\w+/, 'Get challenge'
) or explain( $data, 'Bad result' );
# Try to unregister U2F key
ok(
$res = $client->_post(
'/2fregisters/u/delete',
IO::String->new("epoch=1234567890"),
'/2fregisters/totp/delete',
IO::String->new("epoch=$epoch"),
length => 16,
cookie => "lemonldap=$id2",
),
'Delete U2F key query'
'Delete TOTP query'
);
eval { $data = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), ' Content is JSON' )
or explain( [ $@, $res->[2] ], 'JSON content' );
ok( $data->{result} == 1, 'TOTP removed' )
or explain( $data, '"result":1' );
$client->logout($id);
$client->logout($id2);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password' );
$query =~ s/user=/user=dwho/;
$query =~ s/password=/password=dwho/;
ok(
$data->{error} eq '2FDeviceNotFound', '2F device not found'
) or explain( $data, 'Bad result' );
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
$id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# Get Menu
# ------------------------
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'Get Menu',
);
expectOK($res);
ok(
$res->[2]->[0] =~
m%<span trspan="connectedAs">Connected as</span> dwho%,
'Connected as dwho'
) or print STDERR Dumper( $res->[2]->[0] );
expectAuthenticatedAs( $res, 'dwho' );
ok(
$res->[2]->[0] =~
m%<span trspan="contextSwitching_ON">contextSwitching_ON</span>%,
'contextSwitching allowed'
) or print STDERR Dumper( $res->[2]->[0] );
# Try to switch context 'rtyler'
# ContextSwitching form
ok(
$res = $client->_get(
'/switchcontext',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'ContextSwitching form',
);
( $host, $url, $query ) =
expectForm( $res, undef, '/switchcontext', 'spoofId' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_ON">%,
'Found trspan="contextSwitching_ON"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' );
## POST form
$query =~ s/spoofId=/spoofId=rtyler/;
ok(
$res = $client->_post(
'/switchcontext',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST switchcontext'
);
expectRedirection( $res, 'http://auth.example.com/' );
$id2 = expectCookie($res);
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id2",
accept => 'text/html'
),
'Get Menu',
);
expectAuthenticatedAs( $res, 'rtyler' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
'Found trspan="contextSwitching_OFF"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' );
ok( $id2 ne $id, 'New SSO session created' )
or explain( $id2, 'New SSO session created' );
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters',
cookie => "lemonldap=$id2",
accept => 'text/html',
),
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$res->[2]->[0] =~ m%<span device=\'TOTP\' epoch=\'(\d{10})\'%,
'TOTP found'
) or print STDERR Dumper( $res->[2]->[0] );
$epoch = $1;
ok(
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(?:\d{10})\'%%g,
'2F devices found'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $devices == 2, '2F devices registered' )
or explain( $devices, '2F devices registered' );
# Try to unregister TOTP
ok(
$res = $client->_post(
'/2fregisters/totp/delete',
IO::String->new("epoch=$epoch"),
length => 16,
cookie => "lemonldap=$id2",
),
'Delete TOTP query'
);
eval { $data = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), ' Content is JSON' )
or explain( [ $@, $res->[2] ], 'JSON content' );
ok( $data->{result} == 1, '2F removed' )
or explain( $data, '"result":1' );
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters',
cookie => "lemonldap=$id2",
accept => 'text/html',
),
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /<span trspan="remove2fWarning">/,
'Found 2F modal' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] =~ /<span id="msg" trspan="choose2f">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
ok(
$devices = $res->[2]->[0] =~ s%<span device=\'(?:TOTP|U2F)\' epoch=\'(\d{10})\'%%g,
'2F device found'
) or print STDERR Dumper( $res->[2]->[0] );
ok( $devices == 1, '2F device registered' )
or explain( $devices, '2F device registered' );
$client->logout($id);
$client->logout($id2);

104
lemonldap-ng-portal/t/68-ContextSwitching-with-2F.t
View File

@ -6,7 +6,7 @@ use JSON qw(to_json from_json);
BEGIN {
require 't/test-lib.pm';
}
my $maintests = 63;
my $maintests = 76;
SKIP: {
require Lemonldap::NG::Common::TOTP;
@ -460,6 +460,108 @@ JjTJecOOS+88fK8qL1TrYv5rapIdqUI7aQ==
$client->logout($id);
$client->logout($id2);
## Try to authenticate
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Menu', );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'password' );
$query =~ s/user=/user=dwho/;
$query =~ s/password=/password=dwho/;
ok(
$res = $client->_post(
'/',
IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query'
);
$id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# Get Menu
# ------------------------
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'Get Menu',
);
expectOK($res);
ok(
$res->[2]->[0] =~
m%<span trspan="connectedAs">Connected as</span> dwho%,
'Connected as dwho'
) or print STDERR Dumper( $res->[2]->[0] );
expectAuthenticatedAs( $res, 'dwho' );
ok(
$res->[2]->[0] =~
m%<span trspan="contextSwitching_ON">contextSwitching_ON</span>%,
'contextSwitching allowed'
) or print STDERR Dumper( $res->[2]->[0] );
# Try to switch context 'rtyler'
# ContextSwitching form
ok(
$res = $client->_get(
'/switchcontext',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'ContextSwitching form',
);
( $host, $url, $query ) =
expectForm( $res, undef, '/switchcontext', 'spoofId' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_ON">%,
'Found trspan="contextSwitching_ON"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' );
## POST form
$query =~ s/spoofId=/spoofId=rtyler/;
ok(
$res = $client->_post(
'/switchcontext',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST switchcontext'
);
expectRedirection( $res, 'http://auth.example.com/' );
$id2 = expectCookie($res);
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id2",
accept => 'text/html'
),
'Get Menu',
);
expectAuthenticatedAs( $res, 'rtyler' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
'Found trspan="contextSwitching_OFF"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' );
# 2fregisters
ok(
$res = $client->_get(
'/2fregisters',
cookie => "lemonldap=$id2",
accept => 'text/html',
),
'Form 2fregisters'
);
ok( $res->[2]->[0] =~ /<span id="msg" trspan="notAuthorized">/,
'Found choose 2F' )
or print STDERR Dumper( $res->[2]->[0] );
ok( $res->[2]->[0] !~ m%<span device=\'(TOTP|U2F)\' epoch=\'\d{10}\'%g,
'No 2F device found' )
or print STDERR Dumper( $res->[2]->[0] );
}
count($maintests);

34
lemonldap-ng-portal/t/68-ContextSwitching-with-Impersonation.t
View File

@ -99,8 +99,11 @@ ok(
'POST switchcontext'
);
expectRedirection( $res, 'http://auth.example.com/' );
# Refresh cookie value
my $id2 = expectCookie($res);
ok( $id2 ne $id, 'New SSO session created' )
or explain( $id2, 'New SSO session created' );
ok(
$res = $client->_get(
'/',
@ -121,10 +124,17 @@ ok(
),
'Stop context switching rtyler',
);
count(6);
# Refresh cookie value
$id = expectCookie($res);
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id2",
accept => 'text/html'
),
'Get Menu',
);
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED' )
or explain( $res->[2]->[0], 'Session expired' );
count(9);
# ContextSwitching form: dwho -> french
# ------------------------
@ -153,8 +163,11 @@ ok(
'POST switchcontext'
);
expectRedirection( $res, 'http://auth.example.com/' );
# Refresh cookie value
$id2 = expectCookie($res);
ok( $id2 ne $id, 'New SSO session created' )
or explain( $id2, 'New SSO session created' );
ok(
$res = $client->_get(
'/',
@ -167,7 +180,7 @@ expectAuthenticatedAs( $res, 'french' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
'Found trspan="contextSwitching_OFF"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_OFF"' );
count(5);
count(6);
# CheckUser request
ok(
@ -180,11 +193,14 @@ eval { $res = JSON::from_json( $res->[2]->[0] ) };
ok( not($@), 'Content is JSON' )
or explain( $res->[2]->[0], 'JSON content' );
my @sessions_id =
map { $_->{key} =~ /_session_id$/ ? $_ : () } @{ $res->{ATTRIBUTES} };
map { $_->{key} =~ /^switching_session_id$/ ? $_ : () }
@{ $res->{ATTRIBUTES} };
ok( $sessions_id[0]->{value} eq $id, 'Good switching_id found' )
or explain( $sessions_id[0]->{value}, 'Switching_session_id' );
ok( $sessions_id[1]->{value} eq $id, 'Good Real_session_id found' )
or explain( $sessions_id[1]->{value}, 'Real_session_id' );
or explain( $sessions_id[0]->{value}, 'switching_session_id' );
my @real_values =
map { $_->{key} =~ /^real_/ ? $_ : () } @{ $res->{ATTRIBUTES} };
ok( scalar @real_values == 0, 'No real value found' )
or explain( scalar(@real_values), 'Found real value' );
count(4);
ok(

34
lemonldap-ng-portal/t/68-ContextSwitching.t
View File

@ -287,12 +287,14 @@ ok(
'POST switchcontext'
);
# Refresh cookie value
$id = expectCookie($res);
# Get cookie value
my $id1 = expectCookie($res);
ok( $id1 ne $id, 'New SSO session created' )
or explain( $id1, 'New SSO session created' );
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id",
cookie => "lemonldap=$id1",
accept => 'text/html'
),
'Get Menu',
@ -305,35 +307,37 @@ ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_OFF">%,
ok(
$res = $client->_get(
'/switchcontext',
cookie => "lemonldap=$id",
cookie => "lemonldap=$id1",
accept => 'text/html'
),
'Stop context switching',
);
count(2);
# Refresh cookie value
my $id1 = expectCookie($res);
# Get cookie value
my $id0 = expectCookie($res);
ok( $id0 eq $id, 'New SSO session created' )
or explain( $id0, 'New SSO session created' );
ok(
$res = $client->_get(
'/',
cookie => "lemonldap=$id1",
cookie => "lemonldap=$id",
accept => 'text/html'
),
'Get Menu',
);
count(3);
expectAuthenticatedAs( $res, 'dwho' );
ok( $res->[2]->[0] =~ m%<span trspan="contextSwitching_ON">%,
'Found trspan="contextSwitching_ON"' )
or explain( $res->[2]->[0], 'trspan="contextSwitching_ON"' );
count(1);
count(4);
# ContextSwitching form -> PE_OK
# ------------------------
ok(
$res = $client->_get(
'/switchcontext',
cookie => "lemonldap=$id1",
cookie => "lemonldap=$id",
accept => 'text/html'
),
'ContextSwitching form',
@ -349,16 +353,20 @@ ok(
$res = $client->_post(
'/switchcontext',
IO::String->new($query),
cookie => "lemonldap=$id1",
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST switchcontext'
);
count(3);
# Refresh cookie value
my $id2 = expectCookie($res);
$client->logout($id1);
ok( $id2 ne $id, 'New SSO session created' )
or explain( $id2, 'New SSO session created' );
$client->logout($id);
ok(
$res = $client->_get(
@ -382,7 +390,7 @@ ok(
),
'Stop context switching',
);
count(6);
count(4);
ok( $res->[2]->[0] =~ m%<span trmsg="1">%, 'Found PE_SESSIONEXPIRED' )
or explain( $res->[2]->[0], 'Session expired' );