Improve unit tests (#1988)

2019-10-29 22:14:34 +01:00 · 2019-10-29 22:14:34 +01:00 · a3169c4480
commit a3169c4480
parent 4f8d089ec6
3 changed files with 88 additions and 25 deletions
--- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
+++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
@ -10,6 +10,7 @@ init('Lemonldap::NG::Handler::PSGI');
 my $res;

 # Unauthentified query
+# --------------------
 ok( $res = $client->_get('/'), 'Unauthentified query' );
 ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
 ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
@ -24,26 +25,47 @@ ok(
    'Location => http://auth.example.com/?url='
      . encode_base64( 'http://test1.example.com/', '' )
  );
-
 count(4);

 # Authentified queries
 # --------------------
-
 # Authorized query
 ok( $res = $client->_get( '/', undef, undef, "lemonldap=$sessionId" ),
    'Authentified query' );
 ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
-
 count(2);

 # Denied query
 ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
    'Denied query' );
 ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
-
 count(2);

+# Required AuthnLevel = 1
+ok( $res = $client->_get( '/AuthWeak', undef, undef, "lemonldap=$sessionId" ),
+    'Authentified query' );
+ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
+count(2);
+
+# Required AuthnLevel = 5
+ok(
+    $res = $client->_get( '/AuthStrong', undef, undef, "lemonldap=$sessionId" ),
+    'Authentified query'
+);
+ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
+%h = @{ $res->[1] };
+ok(
+    $h{Location} eq 'http://auth.example.com//upgradesession?url='
+      . encode_base64( 'http://test1.example.com/AuthStrong', '' ),
+    'Redirection points to http://test1.example.com/AuthStrong'
+  )
+  or explain(
+    \%h,
+    'http://auth.example.com//upgradesession?url='
+      . encode_base64( 'http://test1.example.com/AuthStrong', '' )
+  );
+count(3);
+
 # Bad cookie
 ok(
    $res = $client->_get(
@ -58,9 +80,38 @@ ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
 unlink(
 't/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock'
 );
-
 count(2);

+# Required AuthnLevel = 1
+ok(
+    $res = $client->_get(
+        '/AuthWeak', undef, 'test2.example.com', "lemonldap=$sessionId"
+    ),
+    'Authentified query'
+);
+ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
+count(2);
+
+# Required AuthnLevel = 5
+ok(
+    $res =
+      $client->_get( '/', undef, 'test2.example.com', "lemonldap=$sessionId" ),
+    'Authentified query'
+);
+ok( $res->[0] == 302, 'Code is 302' ) or explain( $res, 302 );
+%h = @{ $res->[1] };
+ok(
+    $h{Location} eq 'http://auth.example.com//upgradesession?url='
+      . encode_base64( 'http://test2.example.com/', '' ),
+    'Redirection points to http://test2.example.com/'
+  )
+  or explain(
+    \%h,
+    'http://auth.example.com//upgradesession?url='
+      . encode_base64( 'http://test2.example.com/', '' )
+  );
+count(3);
+
 done_testing( count() );

 clean();
--- a/lemonldap-ng-handler/t/lmConf-1.json
+++ b/lemonldap-ng-handler/t/lmConf-1.json
@ -41,11 +41,14 @@
      "default": "$uid eq \"dwho\""
    },
    "test1.example.com": {
+      "^/AuthStrong(?#AuthnLevel=5)": "accept",
+      "^/AuthWeak(?#AuthnLevel=1)": "accept",
      "^/logout": "logout_sso",
      "^/deny": "deny",
      "default": "accept"
    },
    "test2.example.com": {
+      "^/AuthWeak(?#AuthnLevel=1)": "accept",
      "^/logout": "logout_sso",
      "default": "accept"
    },
@ -60,5 +63,10 @@
  "portal": "http://auth.example.com/",
  "reloadUrls": {},
  "userDB": "Demo",
+  "vhostOptions": {
+    "test2.example.com": {
+        "vhostAuthnLevel": 5
+      }
+  },
  "whatToTrace": "_whatToTrace"
 }
--- a/lemonldap-ng-portal/t/62-UpgradeSession.t
+++ b/lemonldap-ng-portal/t/62-UpgradeSession.t
@ -9,9 +9,10 @@ require 't/smtp.pm';
 use_ok('Lemonldap::NG::Common::FormEncode');
 count(1);

+my $res;
 my $client = LLNG::Manager::Test->new( {
        ini => {
-            logLevel                     => 'error',
+            logLevel                     => 'debug',
            upgradeSession               => 1,
            authentication               => 'Choice',
            apacheAuthnLevel             => 5,
@ -28,9 +29,9 @@ my $client = LLNG::Manager::Test->new( {
            },
            "locationRules" => {
                "test1.example.com" => {
-                    "default"                      => "accept",
-                    '^/AuthBasic(?#AuthnLevel=2)'  => 'accept',
-                    '^/AuthStrong(?#AuthnLevel=5)' => 'accept',
+                    'default'                      => 'accept',
+                    '^/AuthWeak(?#AuthnLevel=2)'   => 'deny',
+                    '^/AuthStrong(?#AuthnLevel=5)' => 'deny',
                },
            },
        }
@ -40,7 +41,7 @@ my $client = LLNG::Manager::Test->new( {
 # Try to authenticate
 # -------------------
 ok(
-    my $res = $client->_post(
+    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=dwho&lmAuth=weak'),
        length => 35,
@ -49,37 +50,42 @@ ok(
    'Auth query'
 );
 count(1);
-
 my $id = expectCookie($res);

+
+# Portal IS NOT a handler
+#########################
 ok(
-    my $res = $client->_get(
-        'http://test1.example.com/AuthBasic',
+    $res = $client->_get(
+        '/AuthWeak',
        accept => 'text/html',
        cookie => "lemonldap=$id",
+        host   => 'test1.example.com',
    ),
-    'GET http://test1.example.com/AuthBasic'
+    'GET http://test1.example.com/AuthWeak'
 );
+expectOK($res);
 count(1);
-#print STDERR Data::Dumper::Dumper $res;
+print STDERR Data::Dumper::Dumper $res;

 ok(
-    my $res = $client->_get(
-        'http://test1.example.com/AuthStrong',
+    $res = $client->_get(
+        '/AuthStrong',
        accept => 'text/html',
        cookie => "lemonldap=$id",
+        host   => 'test1.example.com',
    ),
    'GET http://test1.example.com/AuthStrong'
 );
 count(1);
-#print STDERR Data::Dumper::Dumper $res;
+print STDERR Data::Dumper::Dumper $res;

 # After attempting to access test1,
 # the handler sends up back to /upgradesession
 # --------------------------------------------

 ok(
-    my $res = $client->_get(
+    $res = $client->_get(
        '/upgradesession',
        query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
        accept => 'text/html',
@ -96,7 +102,7 @@ my ( $host, $url, $query ) =
 # ----------------------

 ok(
-    my $res = $client->_post(
+    $res = $client->_post(
        '/upgradesession',
        IO::String->new($query),
        length => length($query),
@ -108,8 +114,7 @@ ok(
 count(1);

 my $pdata = expectCookie( $res, 'lemonldappdata' );
-
-my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );
+( $host, $url, $query ) = expectForm( $res, '#', undef, 'upgrading', 'url' );

 $query = $query . "&lmAuth=strong";

@ -118,7 +123,7 @@ $query = $query . "&lmAuth=strong";
 # -------------------------------------------

 ok(
-    my $res = $client->_post(
+    $res = $client->_post(
        '/upgradesession',
        IO::String->new($query),
        length => length($query),
@ -139,7 +144,7 @@ expectRedirection( $res, 'http://test1.example.com' );

 # Make pdata was cleared and we aren't being redirected
 ok(
-    my $res = $client->_get(
+    $res = $client->_get(
        '/',
        accept => 'text/html',
        cookie => "lemonldap=$id;lemonldappdata=$pdata",
@ -147,7 +152,6 @@ ok(
    'Post login'
 );
 count(1);
-
 expectOK($res);

 clean_sessions();