Add unit test for #2189
This commit is contained in:
parent
e9c05a63b2
commit
ceb01796cd
175
lemonldap-ng-portal/t/79-2F-Yubikey-from-Session.t
Normal file
175
lemonldap-ng-portal/t/79-2F-Yubikey-from-Session.t
Normal file
|
@ -0,0 +1,175 @@
|
|||
use lib 'inc';
|
||||
use Test::More;
|
||||
use strict;
|
||||
use IO::String;
|
||||
use Plack::Request;
|
||||
use JSON qw/from_json to_json/;
|
||||
|
||||
require 't/test-lib.pm';
|
||||
require 't/test-yubikey.pm';
|
||||
|
||||
SKIP: {
|
||||
eval "use Auth::Yubikey_WebClient";
|
||||
if ($@) {
|
||||
skip 'Auth::Yubikey_WebClient not found', 0;
|
||||
}
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
yubikey2fActivation => 1,
|
||||
yubikey2fClientID => "myid",
|
||||
yubikey2fSecretKey => "cG9uZXk=",
|
||||
yubikey2fFromSessionAttribute => "yubikey",
|
||||
yubikey2fSelfRegistration => 1,
|
||||
authentication => 'Demo',
|
||||
userDB => 'Same',
|
||||
'demoExportedVars' => {
|
||||
'cn' => 'cn',
|
||||
'mail' => 'mail',
|
||||
'uid' => 'uid',
|
||||
'_2fDevices' => '_2fDevices',
|
||||
'yubikey' => 'yubikey',
|
||||
},
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
# dwho has an userdb-provisionned yubikey and a registered one
|
||||
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{dwho}->{yubikey} =
|
||||
"ccccccdddwho";
|
||||
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{dwho}->{_2fDevices} =
|
||||
to_json( [ {
|
||||
"_yubikey" => "zzzzzzzzdwho",
|
||||
"epoch" => "1548016213",
|
||||
"name" => "MyYubikey",
|
||||
"type" => "UBK",
|
||||
},
|
||||
]
|
||||
);
|
||||
|
||||
# rtyler only has a registered yubikey
|
||||
$Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{rtyler}->{_2fDevices} =
|
||||
to_json( [ {
|
||||
"_yubikey" => "ccccccrtyler",
|
||||
"epoch" => "1548016213",
|
||||
"name" => "MyYubikey",
|
||||
"type" => "UBK",
|
||||
},
|
||||
]
|
||||
);
|
||||
|
||||
my $res;
|
||||
|
||||
# Try to authenticate
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho'),
|
||||
length => 23,
|
||||
accept => 'application/json',
|
||||
),
|
||||
'Authenticate as dwho'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/yubikey2fcheck?skin=bootstrap',
|
||||
'token', 'code' );
|
||||
|
||||
# Authenticate with registered OTP should fail because dwho is externally provisionned
|
||||
$query =~ s/code=/code=zzzzzzzzdwho10000000000000000000/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/yubikey2fcheck',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Post code'
|
||||
);
|
||||
count(1);
|
||||
|
||||
expectPortalError( $res, 96, "Bad OTP code" );
|
||||
|
||||
# Try to authenticate again
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=dwho&password=dwho'),
|
||||
length => 23,
|
||||
accept => 'application/json',
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/yubikey2fcheck?skin=bootstrap',
|
||||
'token', 'code' );
|
||||
|
||||
# Authenticate with good OTP
|
||||
$query =~ s/code=/code=ccccccdddwho10000000000000000000/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/yubikey2fcheck',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Post code'
|
||||
);
|
||||
count(1);
|
||||
my $id = expectCookie($res);
|
||||
|
||||
# Authenticate as a user that only has a self registered OTP
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=rtyler&password=rtyler'),
|
||||
length => 27,
|
||||
accept => 'application/json',
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
|
||||
my ( $host, $url, $query ) =
|
||||
expectForm( $res, undef, '/yubikey2fcheck?skin=bootstrap',
|
||||
'token', 'code' );
|
||||
|
||||
# Authenticate with good OTP for rtyler
|
||||
$query =~ s/code=/code=ccccccrtyler10000000000000000000/;
|
||||
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/yubikey2fcheck',
|
||||
IO::String->new($query),
|
||||
length => length($query),
|
||||
accept => 'text/html',
|
||||
),
|
||||
'Post code'
|
||||
);
|
||||
count(1);
|
||||
my $id = expectCookie($res);
|
||||
|
||||
# This user has no UBK, the activation rule should not trigger
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
'/',
|
||||
IO::String->new('user=msmith&password=msmith'),
|
||||
length => 27,
|
||||
accept => 'application/json',
|
||||
),
|
||||
'Auth query'
|
||||
);
|
||||
count(1);
|
||||
$id = expectCookie($res);
|
||||
|
||||
}
|
||||
|
||||
clean_sessions();
|
||||
|
||||
done_testing( count() );
|
||||
|
Loading…
Reference in New Issue
Block a user