Fix unit test (bad tidy?)

2020-05-24 01:12:08 +02:00 · 2020-05-24 01:12:08 +02:00 · dc00b94589
parent bb9e03d1e5
commit dc00b94589
1 changed files with 296 additions and 0 deletions
--- a/lemonldap-ng-portal/t/30-SAML-POST-Logout-when-expired.t
+++ b/lemonldap-ng-portal/t/30-SAML-POST-Logout-when-expired.t
@ -0,0 +1,296 @@
+use lib 'inc';
+use Test::More;
+use strict;
+use IO::String;
+use LWP::UserAgent;
+use LWP::Protocol::PSGI;
+use MIME::Base64;
+
+BEGIN {
+    require 't/test-lib.pm';
+    require 't/saml-lib.pm';
+}
+
+my $maintests = 14;
+my $debug     = 'error';
+my $timeout   = 72000;
+my ( $issuer, $sp, $res );
+
+# Redefine LWP methods for tests
+LWP::Protocol::PSGI->register(
+    sub {
+        my $req = Plack::Request->new(@_);
+        fail('POST should not launch SOAP requests');
+        count(1);
+        return [ 500, [], [] ];
+    }
+);
+
+SKIP: {
+    eval "use Lasso";
+    if ($@) {
+        skip 'Lasso not found', $maintests;
+    }
+
+    # Initialization
+    $issuer = register( 'issuer', \&issuer );
+    $sp     = register( 'sp',     \&sp );
+
+    # Simple SP access
+    my $res;
+    ok(
+        $res = $sp->_get(
+            '/', accept => 'text/html',
+        ),
+        'Unauth SP request'
+    );
+    expectOK($res);
+    my ( $host, $url, $s ) =
+      expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
+        'SAMLRequest' );
+
+    # Push SAML request to IdP
+    switch ('issuer');
+    ok(
+        $res = $issuer->_post(
+            $url,
+            IO::String->new($s),
+            accept => 'text/html',
+            length => length($s)
+        ),
+        'Post SAML request to IdP'
+    );
+    expectOK($res);
+    my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
+
+    # Try to authenticate with an unauthorized user to IdP
+    $s = "user=dwho&password=dwho&$s";
+    ok(
+        $res = $issuer->_post(
+            $url,
+            IO::String->new($s),
+            accept => 'text/html',
+            cookie => $pdata,
+            length => length($s),
+        ),
+        'Post authentication'
+    );
+    ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
+      or print STDERR Dumper( $res->[2]->[0] );
+
+    # Simple SP access
+    ok(
+        $res = $sp->_get(
+            '/', accept => 'text/html',
+        ),
+        'Unauth SP request'
+    );
+    expectOK($res);
+    ( $host, $url, $s ) =
+      expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
+        'SAMLRequest' );
+
+    # Push SAML request to IdP
+    ok(
+        $res = $issuer->_post(
+            $url,
+            IO::String->new($s),
+            accept => 'text/html',
+            length => length($s)
+        ),
+        'Post SAML request to IdP'
+    );
+    expectOK($res);
+    $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
+
+    # Try to authenticate with an authorized user to IdP
+    $s = "user=french&password=french&$s";
+    ok(
+        $res = $issuer->_post(
+            $url,
+            IO::String->new($s),
+            accept => 'text/html',
+            cookie => $pdata,
+            length => length($s),
+        ),
+        'Post authentication'
+    );
+    my $idpId = expectCookie($res);
+
+    # Expect pdata to be cleared
+    $pdata = expectCookie( $res, 'lemonldappdata' );
+    ok( $pdata !~ 'issuerRequestsaml', 'SAML request cleared from pdata' );
+
+    ( $host, $url, $s ) =
+      expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
+        'SAMLResponse' );
+
+    # Post SAML response to SP
+    switch ('sp');
+    ok(
+        $res = $sp->_post(
+            $url, IO::String->new($s),
+            accept => 'text/html',
+            length => length($s),
+        ),
+        'Post SAML response to SP'
+    );
+
+    # Verify authentication on SP
+    expectRedirection( $res, 'http://auth.sp.com' );
+    my $spId = expectCookie($res);
+
+    ok( $res = $sp->_get( '/', cookie => "lemonldap=$spId" ), 'Get / on SP' );
+    expectOK($res);
+    expectAuthenticatedAs( $res, 'fa@badwolf.org@idp' );
+
+    # Logout initiated by SP
+    ok(
+        $res = $sp->_get(
+            '/',
+            query  => 'logout',
+            cookie => "lemonldap=$spId",
+            accept => 'text/html'
+        ),
+        'Query SP for logout'
+    );
+    ( $host, $url, $s ) =
+      expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
+        'SAMLRequest' );
+
+    # Jump ahead in time
+    Time::Fake->offset( "+" . ( $timeout * 1.5 ) . "s" );
+
+    # Push SAML logout request to IdP
+    switch ('issuer');
+    ok(
+        $res = $issuer->_post(
+            $url,
+            IO::String->new($s),
+            accept => 'text/html',
+            cookie => "lemonldap=$idpId",
+            length => length($s)
+        ),
+        'Post SAML logout request to IdP'
+    );
+    ( $host, $url, $s ) =
+      expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogoutReturn',
+        'SAMLResponse' );
+
+    # Post SAML response to SP
+    switch ('sp');
+    ok(
+        $res = $sp->_post(
+            $url, IO::String->new($s),
+            accept => 'text/html',
+            length => length($s),
+        ),
+        'Post SAML response to SP'
+    );
+    ok( $res->[2]->[0] =~ /trmsg="56"/, 'Found SLO error' );
+}
+
+count($maintests);
+clean_sessions();
+done_testing( count() );
+
+sub issuer {
+    return LLNG::Manager::Test->new( {
+            ini => {
+                timeout                => $timeout,
+                logLevel               => $debug,
+                domain                 => 'idp.com',
+                portal                 => 'http://auth.idp.com',
+                authentication         => 'Demo',
+                userDB                 => 'Same',
+                issuerDBSAMLActivation => 1,
+                issuerDBSAMLRule       => '$uid eq "french"',
+                samlSPMetaDataOptions  => {
+                    'sp.com' => {
+                        samlSPMetaDataOptionsEncryptionMode           => 'none',
+                        samlSPMetaDataOptionsSignSSOMessage           => 1,
+                        samlSPMetaDataOptionsSignSLOMessage           => 1,
+                        samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
+                        samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
+                    }
+                },
+                samlSPMetaDataExportedAttributes => {
+                    'sp.com' => {
+                        cn =>
+'1;cn;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+                        uid =>
+'1;uid;urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+                    }
+                },
+                samlOrganizationDisplayName => "IDP",
+                samlOrganizationName        => "IDP",
+                samlOrganizationURL         => "http://www.idp.com/",
+                samlServicePrivateKeyEnc    => saml_key_idp_private_enc,
+                samlServicePrivateKeySig    => saml_key_idp_private_sig,
+                samlServicePublicKeyEnc     => saml_key_idp_public_enc,
+                samlServicePublicKeySig     => saml_key_idp_public_sig,
+                samlSPMetaDataXML           => {
+                    "sp.com" => {
+                        samlSPMetaDataXML =>
+                          samlSPMetaDataXML( 'sp', 'HTTP-POST' )
+                    },
+                },
+            }
+        }
+    );
+}
+
+sub sp {
+    return LLNG::Manager::Test->new( {
+            ini => {
+                logLevel                          => $debug,
+                timeout                           => $timeout,
+                domain                            => 'sp.com',
+                portal                            => 'http://auth.sp.com',
+                authentication                    => 'SAML',
+                userDB                            => 'Same',
+                issuerDBSAMLActivation            => 0,
+                restSessionServer                 => 1,
+                samlIDPMetaDataExportedAttributes => {
+                    idp => {
+                        mail => "0;mail;;",
+                        uid  => "1;uid",
+                        cn   => "0;cn"
+                    }
+                },
+                samlIDPMetaDataOptions => {
+                    idp => {
+                        samlIDPMetaDataOptionsEncryptionMode => 'none',
+                        samlIDPMetaDataOptionsSSOBinding     => 'post',
+                        samlIDPMetaDataOptionsSLOBinding     => 'post',
+                        samlIDPMetaDataOptionsSignSSOMessage => 1,
+                        samlIDPMetaDataOptionsSignSLOMessage => 1,
+                        samlIDPMetaDataOptionsCheckSSOMessageSignature => 1,
+                        samlIDPMetaDataOptionsCheckSLOMessageSignature => 1,
+                        samlIDPMetaDataOptionsForceUTF8                => 1,
+                    }
+                },
+                samlIDPMetaDataExportedAttributes => {
+                    idp => {
+                        "uid" => "0;uid;;",
+                        "cn"  => "1;cn;;",
+                    },
+                },
+                samlIDPMetaDataXML => {
+                    idp => {
+                        samlIDPMetaDataXML =>
+                          samlIDPMetaDataXML( 'idp', 'HTTP-POST' )
+                    }
+                },
+                samlOrganizationDisplayName => "SP",
+                samlOrganizationName        => "SP",
+                samlOrganizationURL         => "http://www.sp.com",
+                samlServicePublicKeySig     => saml_key_sp_public_sig,
+                samlServicePrivateKeyEnc    => saml_key_sp_private_enc,
+                samlServicePrivateKeySig    => saml_key_sp_private_sig,
+                samlServicePublicKeyEnc     => saml_key_sp_public_enc,
+                samlSPSSODescriptorAuthnRequestsSigned => 1,
+            },
+        }
+    );
+}