diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm index ebcb261f1..3b92e85ea 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/_WebForm.pm @@ -170,6 +170,7 @@ sub getDisplayType { sub setSecurity { my ( $self, $req ) = @_; + return if $req->data->{skipToken}; # If captcha is enable, prepare it if ( $self->captcha ) { diff --git a/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t b/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t index bdbb301cb..1fd4d07bd 100644 --- a/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t +++ b/lemonldap-ng-portal/t/32-OIDC-Password-Grant.t @@ -17,11 +17,11 @@ my $debug = 'error'; # Initialization my $op = LLNG::Manager::Test->new( { ini => { - logLevel => $debug, - domain => 'op.com', - portal => 'http://auth.op.com', - - macros => { + logLevel => $debug, + domain => 'op.com', + portal => 'http://auth.op.com', + requireToken => 1, + macros => { gender => '"32"', _whatToTrace => '$uid', nickname => '"froggie; frenchie"', diff --git a/lemonldap-ng-portal/t/35-REST-auth-password-server.t b/lemonldap-ng-portal/t/35-REST-auth-password-server.t new file mode 100644 index 000000000..7e60e65ad --- /dev/null +++ b/lemonldap-ng-portal/t/35-REST-auth-password-server.t @@ -0,0 +1,126 @@ +use Test::More; +use strict; +use IO::String; +use MIME::Base64; +use JSON; + +require 't/test-lib.pm'; + +my $res; + +my $client = LLNG::Manager::Test->new( { + ini => { + logLevel => 'error', + useSafeJail => 1, + requireToken => 1, + restAuthServer => 1, + restPasswordServer => 1, + authentication => 'Combination', + userDB => 'Same', + + combination => '[K,Dm] or [Dm]', + combModules => { + K => { + for => 1, + type => 'Kerberos', + }, + Dm => { + for => 0, + type => 'Demo', + }, + }, + krbKeytab => '/etc/keytab', + krbByJs => 1, + } + } +); + +# Test pwdConfirm endpoint + +my $res = expectJSON( + postJSON( + $client, + "/proxy/pwdConfirm", + { + user => "dwho", + password => "dwho", + } + ) +); + +is( $res->{result}, 1, "Correct password is accepted" ); +count(1); + +my $res = expectJSON( + postJSON( + $client, + "/proxy/pwdConfirm", + { + user => "waldo", + password => "dwho", + } + ) +); + +is( $res->{result}, 0, "Incorrect user is rejected" ); +count(1); + +my $res = expectJSON( + postJSON( + $client, + "/proxy/pwdConfirm", + { + user => "dwho", + password => "wrongpass", + } + ) +); + +is( $res->{result}, 0, "Incorrect password is rejected" ); +count(1); + +# Test getUser endpoint +# Existing user +my $res = expectJSON( + postJSON( + $client, + "/proxy/getUser", + { + user => "dwho", + } + ) +); +is( $res->{result}, 1, "Correct result" ); +is( $res->{info}->{cn}, "Doctor Who", "Correct attributes" ); +is( $res->{info}->{_whatToTrace}, "dwho", "Correct macro" ); +count(3); + +# Missing user +my $res = expectJSON( + postJSON( + $client, + "/proxy/getUser", + { + user => "notfound", + } + ) +); +is( $res->{result}, 0, "Correct result" ); +is( $res->{info}, undef, "No attributes" ); +count(2); + +clean_sessions(); + +done_testing( count() ); + +sub postJSON { + my ( $portal, $url, $payload ) = @_; + my $string_payload = to_json($payload); + return $portal->_post( + $url, + IO::String->new($string_payload), + accept => 'application/json', + type => 'application/json', + length => length($string_payload) + ); +} diff --git a/lemonldap-ng-portal/t/65-CheckState.t b/lemonldap-ng-portal/t/65-CheckState.t index af8af02e6..e399a30fb 100644 --- a/lemonldap-ng-portal/t/65-CheckState.t +++ b/lemonldap-ng-portal/t/65-CheckState.t @@ -8,10 +8,25 @@ my $res; my $client = LLNG::Manager::Test->new( { ini => { logLevel => 'error', - authentication => 'Demo', + requireToken => 1, checkStateSecret => 'x', checkState => 1, + authentication => 'Combination', userDB => 'Same', + + combination => '[K,Dm] or [Dm]', + combModules => { + K => { + for => 1, + type => 'Kerberos', + }, + Dm => { + for => 0, + type => 'Demo', + }, + }, + krbKeytab => '/etc/keytab', + krbByJs => 1, } } );