From bb3a2e37bdd2bf18007d911d91a8411e74b69494 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Mon, 11 Jul 2016 21:02:32 +0000
Subject: [PATCH] Add test for Password/Demo (#595)

---
 .../lib/Lemonldap/NG/Portal/Main/Run.pm       |  18 ++-
 .../lib/Lemonldap/NG/Portal/Password/Base.pm  |   5 +-
 .../lib/Lemonldap/NG/Portal/Password/Demo.pm  |   8 +-
 ...cations-File.t => 21-Notifications-File.t} |   0
 ...fications-DBI.t => 22-Notifications-DBI.t} |   0
 lemonldap-ng-portal/t/40-Password-Demo.t      | 103 ++++++++++++++++++
 6 files changed, 125 insertions(+), 9 deletions(-)
 rename lemonldap-ng-portal/t/{10-Notifications-File.t => 21-Notifications-File.t} (100%)
 rename lemonldap-ng-portal/t/{11-Notifications-DBI.t => 22-Notifications-DBI.t} (100%)
 create mode 100644 lemonldap-ng-portal/t/40-Password-Demo.t

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 2fac0d5c2..670a84cbc 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -125,7 +125,7 @@ sub do {
 
     # TODO: updateStatus
     if ( !$self->conf->{noAjaxHook} and $req->wantJSON ) {
-        if ( $err > 0 ) {
+        if ( $err > 0 and !%{ $req->sessionInfo } ) {
             return [
                 401,
                 [
@@ -135,9 +135,21 @@ sub do {
                 []
             ];
         }
+        elsif ( $err > 0 ) {
+            return $self->sendJSONresponse(
+                $req,
+                { result => 0, error => $err },
+                code => 400
+            );
+        }
         else {
-            return $self->sendJSONresponse( $req,
-                { result => 1, message => 'Authenticated' } );
+            return $self->sendJSONresponse(
+                $req,
+                {
+                    result => 1,
+                    code   => $err
+                }
+            );
         }
     }
     else {
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
index f893077a1..ed3766490 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@@ -5,6 +5,7 @@ use strict;
 use Mouse;
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
+  PE_BADOLDPASSWORD
   PE_PASSWORD_OK
   PE_PASSWORD_MISMATCH
   PE_PP_MUST_SUPPLY_OLD_PASSWORD
@@ -28,7 +29,7 @@ sub _modifyPassword {
 
         # TODO: verify oldpassword
         unless ( $req->datas->{oldpassword} = $req->param('oldpassword') ) {
-            $self->lmLog( "Portal require old password", 'error' );
+            $self->lmLog( "Portal require old password", 'warn' );
             return PE_PP_MUST_SUPPLY_OLD_PASSWORD;
         }
 
@@ -38,6 +39,8 @@ sub _modifyPassword {
             $req->datas->{newpassword} eq $req->param('confirmpassword') );
 
         # Verify old password
+        return PE_BADOLDPASSWORD
+          unless ( $self->confirm( $req, $req->datas->{newpassword} ) );
     }
 
     # Call password package
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
index 92758d7bd..b2d463318 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Demo.pm
@@ -8,15 +8,13 @@ extends 'Lemonldap::NG::Portal::Password::Base';
 
 sub init {
     my ($self) = @_;
-    if ( $self->p->get_module('auth') eq 'Demo' ) {
-        return PE_OK;
+    if ( $self->p->getModule(undef,'auth') eq 'Demo' ) {
+        return 1;
     }
     else {
         $self->lmLog( "Use PasswordDBDemo only with AuthDemo", 'error' );
-        return PE_ERROR;
+        return 0;
     }
-
-    PE_OK;
 }
 
 sub confirm {
diff --git a/lemonldap-ng-portal/t/10-Notifications-File.t b/lemonldap-ng-portal/t/21-Notifications-File.t
similarity index 100%
rename from lemonldap-ng-portal/t/10-Notifications-File.t
rename to lemonldap-ng-portal/t/21-Notifications-File.t
diff --git a/lemonldap-ng-portal/t/11-Notifications-DBI.t b/lemonldap-ng-portal/t/22-Notifications-DBI.t
similarity index 100%
rename from lemonldap-ng-portal/t/11-Notifications-DBI.t
rename to lemonldap-ng-portal/t/22-Notifications-DBI.t
diff --git a/lemonldap-ng-portal/t/40-Password-Demo.t b/lemonldap-ng-portal/t/40-Password-Demo.t
new file mode 100644
index 000000000..a408c9464
--- /dev/null
+++ b/lemonldap-ng-portal/t/40-Password-Demo.t
@@ -0,0 +1,103 @@
+use Test::More;
+use strict;
+use IO::String;
+use JSON;
+use Lemonldap::NG::Portal::Main::Constants
+  qw(PE_BADOLDPASSWORD PE_PASSWORD_MISMATCH PE_PP_MUST_SUPPLY_OLD_PASSWORD);
+
+require 't/test-lib.pm';
+
+my $res;
+
+init(
+    {
+        logLevel                 => 'error',
+        passwordDB               => 'Demo',
+        portalRequireOldPassword => 1,
+    }
+);
+
+# Try yo authenticate
+# -------------------
+ok(
+    $res = &client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        length => 23
+    ),
+    'Auth query'
+);
+ok( $res->[0] == 200, 'Response is 200' ) or explain( $res->[0], 200 );
+my $cookies = getCookies($res);
+my $id;
+ok( $id = $cookies->{lemonldap}, 'Get cookie' )
+  or explain( $res, 'Set-Cookie: something' );
+count(3);
+
+# Test mismatch pwd
+ok(
+    $res = &client->_post(
+        '/',
+        IO::String->new('oldpassword=dwho&newpassword=test&confirmpassword=t'),
+        cookie => "lemonldap=$id",
+        accept => 'application/json',
+        length => 51
+    ),
+    'Password mismatch'
+);
+ok( $res->[0] == 400, 'Response is 400' ) or explain( $res->[0], 400 );
+my $json;
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_PASSWORD_MISMATCH, 'Response is PE_PASSWORD_MISMATCH' )
+  or explain( $json, "error => 34" );
+count(3);
+
+# Test missing old pwd
+ok(
+    $res = &client->_post(
+        '/',
+        IO::String->new('newpassword=test&confirmpassword=test'),
+        cookie => "lemonldap=$id",
+        accept => 'application/json',
+        length => 37
+    ),
+    'Missing old password'
+);
+ok( $res->[0] == 400, 'Response is 400' ) or explain( $res->[0], 400 );
+my $json;
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok(
+    $json->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD,
+    'Response is PE_PP_MUST_SUPPLY_OLD_PASSWORD'
+) or explain( $json, "error => 27" );
+count(3);
+
+# Test bad old pwd
+ok(
+    $res = &client->_post(
+        '/',
+        IO::String->new('oldpassword=dd&newpassword=test&confirmpassword=test'),
+        cookie => "lemonldap=$id",
+        accept => 'application/json',
+        length => 52
+    ),
+    'Bad old password'
+);
+ok( $res->[0] == 400, 'Response is 400' ) or explain( $res->[0], 400 );
+my $json;
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok( $json->{error} == PE_BADOLDPASSWORD, 'Response is PE_BADOLDPASSWORD' )
+  or explain( $json, "error => 27" );
+count(3);
+
+# Test logout
+logout($id);
+
+#print STDERR Dumper($res);
+
+clean_sessions();
+
+done_testing( count() );