diff --git a/_example/conf/lmConf-1.json b/_example/conf/lmConf-1.json
index f9738e4f7..8f31fd436 100644
--- a/_example/conf/lmConf-1.json
+++ b/_example/conf/lmConf-1.json
@@ -119,10 +119,6 @@
"namespace" : "lemonldap-ng-sessions"
},
"locationRules" : {
- "auth.__DNSDOMAIN__" : {
- "(?#checkUser)/checkuser" : "$uid eq \"dwho\"",
- "default" : "deny"
- },
"manager.__DNSDOMAIN__" : {
"(?#Configuration)^/(manager\\.html|conf/)" : "$uid eq \"dwho\"",
"(?#Notifications)/notifications" : "$uid eq \"dwho\" or $uid eq \"rtyler\"",
diff --git a/lemonldap-ng-portal/t/67-CheckUser.t b/lemonldap-ng-portal/t/67-CheckUser.t
new file mode 100644
index 000000000..929c845ca
--- /dev/null
+++ b/lemonldap-ng-portal/t/67-CheckUser.t
@@ -0,0 +1,164 @@
+use Test::More;
+use strict;
+use IO::String;
+
+BEGIN {
+ require 't/test-lib.pm';
+}
+
+my $res;
+
+my $client = LLNG::Manager::Test->new(
+ { ini => {
+ logLevel => 'error',
+ authentication => 'Demo',
+ userDB => 'Same',
+ loginHistoryEnabled => 0,
+ brutForceProtection => 0,
+ portalMainLogo => 'common/logos/logo_llng_old.png',
+ checkUser => 1,
+ checkUserDisplayPersistentInfo => 1,
+ checkUserDisplayEmptyValues => 1,
+ }
+ }
+);
+
+## Try to authenticate
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=rtyler&password=rtyler'),
+ length => 27,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+
+my $id = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+ok( $res = $client->_get(
+ '/checkuser',
+ cookie => "lemonldap=$id",
+ accept => 'text/html'
+ ),
+ 'Try to access /checkuser'
+);
+count(1);
+
+ok( $res->[2]->[0] =~ m%
[2]->[0], 'custom Main logo not found"' );
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="accessDenied"' )
+ or explain( $res->[2]->[0], 'trspan="accessDenied"' );
+count(2);
+$client->logout($id);
+
+## Try to authenticate
+ok( $res = $client->_post(
+ '/',
+ IO::String->new('user=dwho&password=dwho'),
+ length => 23,
+ accept => 'text/html',
+ ),
+ 'Auth query'
+);
+count(1);
+
+$id = expectCookie($res);
+expectRedirection( $res, 'http://auth.example.com/' );
+
+# CheckUser form -> granted
+# ------------------------
+ok( $res = $client->_get(
+ '/checkuser',
+ cookie => "lemonldap=$id",
+ accept => 'text/html'
+ ),
+ 'CheckUser form',
+);
+count(1);
+my ( $host, $url, $query )
+ = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="checkUser"' )
+ or explain( $res->[2]->[0], 'trspan="checkUser"' );
+count(1);
+
+$query =~ s/user=dwho/user=rtyler/;
+$query =~ s/url=/url=http%3A%2F%2Ftest1.example.com/;
+
+ok( $res = $client->_post(
+ '/checkuser',
+ IO::String->new($query),
+ cookie => "lemonldap=$id",
+ length => length($query),
+ accept => 'text/html',
+ ),
+ 'POST checkuser'
+);
+count(1);
+
+( $host, $url, $query )
+ = expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="checkUser"' )
+ or explain( $res->[2]->[0], 'trspan="checkUser"' );
+count(1);
+
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="checkUser"' )
+ or explain( $res->[2]->[0], 'trspan="checkUser"' );
+ok( $res->[2]->[0]
+ =~ m%
%,
+ 'Found trspan="allowed"'
+) or explain( $res->[2]->[0], 'trspan="allowed"' );
+ok( $res->[2]->[0] =~ m%%, 'Found trspan="headers"' )
+ or explain( $res->[2]->[0], 'trspan="headers"' );
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="groups_sso"' )
+ or explain( $res->[2]->[0], 'trspan="groups_sso"' );
+ok( $res->[2]->[0] =~ m%%, 'Found trspan="macros"' )
+ or explain( $res->[2]->[0], 'trspan="macros"' );
+ok( $res->[2]->[0] =~ m%%,
+ 'Found trspan="attributes"' )
+ or explain( $res->[2]->[0], 'trspan="attributes"' );
+ok( $res->[2]->[0] =~ m%Auth-User | %,
+ 'Found Auth-User' )
+ or explain( $res->[2]->[0], 'Header Key: Auth-User' );
+ok( $res->[2]->[0] =~ m%rtyler | %,
+ 'Found rtyler' )
+ or explain( $res->[2]->[0], 'Header Value: rtyler' );
+ok( $res->[2]->[0] =~ m%su | %, 'Found su' )
+ or explain( $res->[2]->[0], 'SSO Groups: su' );
+ok( $res->[2]->[0] =~ m%_whatToTrace | %,
+ 'Found _whatToTrace' )
+ or explain( $res->[2]->[0], 'Macro Key _whatToTrace' );
+ok( $res->[2]->[0] =~ m%uid | %, 'Found uid' )
+ or explain( $res->[2]->[0], 'Macro Value uid' );
+count(11);
+
+$query =~ s/user=dwho/user=msmith/;
+$query
+ =~ s/url=http%3A%2F%2Ftest1.example.com/url=http%3A%2F%2Fmanager.example.com%2Fmanager.html/;
+
+ok( $res = $client->_post(
+ '/checkuser',
+ IO::String->new($query),
+ cookie => "lemonldap=$id",
+ length => length($query),
+ accept => 'text/html',
+ ),
+ 'POST checkuser'
+);
+ok( $res->[2]->[0]
+ =~ m%
%,
+ 'Found trspan="forbidden"'
+) or explain( $res->[2]->[0], 'trspan="forbidden"' );
+count(2);
+
+$client->logout($id);
+clean_sessions();
+
+done_testing( count() );
\ No newline at end of file
diff --git a/lemonldap-ng-portal/t/lmConf-1.json b/lemonldap-ng-portal/t/lmConf-1.json
index 70827672f..77b03060c 100644
--- a/lemonldap-ng-portal/t/lmConf-1.json
+++ b/lemonldap-ng-portal/t/lmConf-1.json
@@ -31,9 +31,13 @@
"LockDirectory": "t/sessions/lock",
"generateModule": "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
},
- "groups": {},
+ "groups": { "su":"$uid eq \"rtyler\"" },
"key": "qwertyui",
"locationRules": {
+ "auth.example.com" : {
+ "(?#checkUser)/checkuser" : "$uid eq \"dwho\"",
+ "default" : "deny"
+ },
"manager.example.com": {
"(?#Configuration)^/(manager\\.html|conf/)": "$uid eq \"dwho\"",
"(?#Notifications)^/notifications": "$uid eq \"dwho\" or $uid eq \"rtyler\"",