dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unit test for #2397

Browse Source
This commit is contained in:
Maxime Besson 2021-01-19 16:11:26 +01:00
parent c311438270
commit 92c20740fb
1 changed files with 55 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t
View File

@ -4,12 +4,20 @@ BEGIN {
require 't/test-psgi-lib.pm';
}
my $maintests = 10;
my $maintests = 18;
init(
'Lemonldap::NG::Handler::Server',
{
logLevel => 'error',
logLevel => 'error',
oidcRPMetaDataOptions => {
"rp-example" => {
oidcRPMetaDataOptionsClientID => "example",
},
"rp-example2" => {
oidcRPMetaDataOptionsClientID => "example2",
},
},
vhostOptions => {
'test1.example.com' => {
vhostHttps => 0,
@ -20,9 +28,21 @@ init(
},
exportedHeaders => {
'test1.example.com' => {
'Auth-User' => '$uid',
'Auth-User' => '$uid',
'Auth-ClientID' => '$_clientId',
'Auth-ClientConfKey' => '$_clientConfKey',
'Auth-Scope' => '$_scope',
},
}
},
locationRules => {
'test1.example.com' => {
# Basic rules
'default' => 'accept',
'^/write' => '$_scope =~ /(?<!\S)write(?!\S)/',
'^/read' => '$_scope =~ /(?<!\S)read(?!\S)/',
},
},
}
);
@ -39,7 +59,7 @@ Lemonldap::NG::Common::Session->new( {
"_type" => "access_token",
"_utime" => time,
"rp" => "rp-example2",
"scope" => "openid email"
"scope" => "openid email read"
}
}
);
@ -56,7 +76,7 @@ Lemonldap::NG::Common::Session->new( {
"_type" => "refresh_token",
"_utime" => time,
"rp" => "rp-example",
"scope" => "openid email"
"scope" => "openid email read"
}
}
);
@ -90,7 +110,7 @@ Lemonldap::NG::Common::Session->new( {
# Request without Access Token
ok(
$res = $client->_get(
'/test', undef, 'test1.example.com', '', VHOSTTYPE => 'OAuth2',
'/read', undef, 'test1.example.com', '', VHOSTTYPE => 'OAuth2',
),
'Unauthenticated request to OAuth2 URL'
);
@ -102,7 +122,7 @@ is( $h{'WWW-Authenticate'}, 'Bearer', 'Got WWW-Authenticate: Bearer' );
# Request with invalid Access Token
ok(
$res = $client->_get(
'/test', undef,
'/read', undef,
'test1.example.com', '',
VHOSTTYPE => 'OAuth2',
HTTP_AUTHORIZATION => 'Bearer 123',
@ -121,7 +141,7 @@ like(
# Request with valid Access Token
ok(
$res = $client->_get(
'/test', undef,
'/read', undef,
'test1.example.com', '',
VHOSTTYPE => 'OAuth2',
HTTP_AUTHORIZATION =>
@ -132,14 +152,30 @@ ok(
# Check headers
%h = @{ $res->[1] };
is( $res->[0], 200, "Request accepted" );
ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
or explain( \%h, 'Auth-User => "dwho"' );
is( $res->[0], 200, "Request accepted" );
is( $h{'Auth-User'}, 'dwho', 'Header Auth-User is set to "dwho"' );
is( $h{'Auth-ClientID'}, 'example2', 'Client ID correctly transmitted' );
is( $h{'Auth-ClientConfKey'},
'rp-example2', 'Client confkey correctly transmitted' );
like( $h{'Auth-Scope'}, qr/\bemail\b/, 'Scope correctly transmitted' );
# Request with valid Access Token on unauthorized resource
ok(
$res = $client->_get(
'/write', undef,
'test1.example.com', '',
VHOSTTYPE => 'OAuth2',
HTTP_AUTHORIZATION =>
'Bearer f0fd4e85000ce35d062f97f5b466fc00abc2fad0406e03e086605f929ec4a249',
),
'Invalid access token'
);
is( $res->[0], 403, "Unauthorized because the write scope is not granted" );
# Request with Access token from offline session
ok(
$res = $client->_get(
'/test', undef,
'/read', undef,
'test1.example.com', '',
VHOSTTYPE => 'OAuth2',
HTTP_AUTHORIZATION => 'Bearer 999888777',
@ -149,9 +185,12 @@ ok(
# Check headers
%h = @{ $res->[1] };
is( $res->[0], 200, "Request accepted" );
ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
or explain( \%h, 'Auth-User => "dwho"' );
is( $res->[0], 200, "Request accepted" );
is( $h{'Auth-User'}, 'dwho', 'Header Auth-User is set to "dwho"' );
is( $h{'Auth-ClientID'}, 'example', 'Client ID correctly transmitted' );
is( $h{'Auth-ClientConfKey'},
'rp-example', 'Client confkey correctly transmitted' );
like( $h{'Auth-Scope'}, qr/\bemail\b/, 'Scope correctly transmitted' );
count($maintests);
done_testing( count() );