dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Captcha for registration (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2017-01-27 05:51:19 +00:00
parent 0c80f00603
commit c718eceb53
4 changed files with 135 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO-2.0.md
View File

@ -1,3 +1,4 @@
* Doc for token/captcha
* login history
* Create "csp" in doc
* Test for Zero

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/Register.pm
View File

@ -90,7 +90,7 @@ sub init {
# RUNNIG METHODS
# Main request
# Handle register requests
sub register {
my ( $self, $req ) = @_;
@ -183,13 +183,7 @@ sub _register {
}
# Check captcha
unless (
$self->captcha->validateCaptcha(
$req->datas->{token},
$req->datas->{captcha}
)
)
{
unless ( $self->captcha->validateCaptcha( $token, $captcha ) ) {
$self->p->userNotice('Captcha failed: wrong code');
# Set captcha or token

131
lemonldap-ng-portal/t/41-Register-Demo-with-captcha.t Normal file
View File

@ -0,0 +1,131 @@
use Test::More;
use strict;
use IO::String;
BEGIN {
require MIME::Lite;
require 't/test-lib.pm';
}
my ( $res, $user, $pwd );
my $mailSend = 0;
my $client = LLNG::Manager::Test->new(
{
ini => {
logLevel => 'error',
useSafeJail => 1,
portalDisplayRegister => 1,
registerDB => 'Demo',
captcha_register_enabled => 1,
}
}
);
# Test normal first access
# ------------------------
ok(
$res = $client->_get( '/register', accept => 'text/html' ),
'Unauth JSON request',
);
count(1);
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'firstname', 'lastname', 'mail' );
ok(
$query =~
s/^.*token=([^&]+).*$/token=$1&firstname=foo&lastname=bar&mail=foobar%40badwolf.org/,
'Token found'
);
my $token;
ok( $token = $1, ' Token value is defined' );
ok( $res->[2]->[0] =~ m#<img src="data:image/png;base64#,
' Captcha image inserted' );
count(3);
# Try to get captcha value
my ( $ts, $captcha );
ok( $ts = $client->p->getApacheSession($token), ' Found token session' );
ok( $captcha = $ts->data->{captcha}, ' Found captcha value' );
count(2);
$query .= "&captcha=$captcha";
ok(
$res = $client->_post(
'/register',
IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Ask to create account'
);
count(1);
expectOK($res);
# $query is set by MIME::Lite::send below
ok( $query =~ /register_token=/, 'Found register_token' );
count(1);
ok(
$res = $client->_get( '/register', query => $query, accept => 'text/html' ),
'Push register_token'
);
expectOK($res);
count(1);
# $user/$pwd are set by MIME::Lite::send below
ok( $user eq 'fbar', 'Get good login' );
count(1);
# Try to authenticate
$query = '&user=fbar&password=fbar';
ok(
$res = $client->_post(
'/', IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Try to authenticate'
);
count(1);
expectCookie($res);
clean_sessions();
done_testing( count() );
no warnings 'redefine';
my $mail2 = 0;
sub MIME::Lite::send {
my ($mail) = @_;
pass('Mail sent');
ok( $mail->header_as_string =~ /foobar\@badwolf.org/s, 'Found dest' )
or explain( $mail->header_as_string, 'To: foobar@badwolf.org' );
count(2);
unless ($mail2) {
$mailSend = 1;
ok(
$mail->body_as_string =~
m#a href="http://auth.example.com/register\?(.*?)"#,
'Found link'
);
count(1);
$query = $1;
$mail2++;
}
else {
$mailSend = 2;
ok(
$mail->body_as_string =~
m#yourLoginIs.+?<b>(\w+)</b>.*?pwdIs.+?<b>(.*?)</b>#s,
'Get login/pwd'
);
( $user, $pwd ) = ( $1, $2 );
count(1);
}
}

2
lemonldap-ng-portal/t/41-Register-Demo-with-token.t
View File

@ -13,7 +13,7 @@ my $mailSend = 0;
my $client = LLNG::Manager::Test->new(
{
ini => {
logLevel => 'debug',
logLevel => 'error',
useSafeJail => 1,
portalDisplayRegister => 1,
registerDB => 'Demo',