Update unit tests for #2596

2021-08-26 15:12:00 +02:00 · 2021-08-26 15:12:00 +02:00 · e041eb46bc
parent a8cb7b756b
commit e041eb46bc
2 changed files with 93 additions and 150 deletions
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-gateway.t
@ -1,150 +0,0 @@
-use lib 'inc';
-use Test::More;    # skip_all => 'CAS is in rebuild';
-use strict;
-use IO::String;
-use LWP::UserAgent;
-use LWP::Protocol::PSGI;
-use MIME::Base64;
-
-BEGIN {
-    require 't/test-lib.pm';
-}
-
-my $debug = 'error';
-my ( $issuer, $sp, $res );
-
-eval { require XML::Simple };
-plan skip_all => "Missing dependencies: $@" if ($@);
-
-# Redefine LWP methods for tests
-LWP::Protocol::PSGI->register(
-    sub {
-        my $req = Plack::Request->new(@_);
-        ok( $req->uri =~ m#http://auth.((?:id|s)p).com([^\?]*)(?:\?(.*))?$#,
-            'SOAP request' );
-        my $host  = $1;
-        my $url   = $2;
-        my $query = $3;
-        my $res;
-        my $client = ( $host eq 'idp' ? $issuer : $sp );
-        if ( $req->method eq 'POST' ) {
-            my $s = $req->content;
-            ok(
-                $res = $client->_post(
-                    $url, IO::String->new($s),
-                    length => length($s),
-                    query  => $query,
-                    type   => 'application/xml',
-                ),
-                "Execute POST request to $url"
-            );
-        }
-        else {
-            ok(
-                $res = $client->_get(
-                    $url,
-                    type  => 'application/xml',
-                    query => $query,
-                ),
-                "Execute request to $url"
-            );
-        }
-        expectOK($res);
-        ok( getHeader( $res, 'Content-Type' ) =~ m#xml#, 'Content is XML' )
-          or explain( $res->[1], 'Content-Type => application/xml' );
-        count(3);
-        return $res;
-    }
-);
-
-$issuer = register( 'issuer', \&issuer );
-$sp     = register( 'sp',     \&sp );
-
-# Simple SP access
-ok(
-    $res = $sp->_get(
-        '/', accept => 'text/html',
-    ),
-    'Unauth SP request'
-);
-count(1);
-ok( expectCookie( $res, 'llngcasserver' ) eq 'idp', 'Get CAS server cookie' );
-count(1);
-expectRedirection( $res,
-    'http://auth.idp.com/cas/login?service=http%3A%2F%2Fauth.sp.com%2F' );
-
-# Query IdP
-switch ('issuer');
-ok(
-    $res = $issuer->_get(
-        '/cas/login',
-        query  => 'service=http://auth.sp.com/&gateway=true',
-        accept => 'text/html'
-    ),
-    'Query CAS server'
-);
-count(1);
-my ($query) = expectRedirection( $res, qr#^http://auth.sp.com/# );
-
-# Back to SP
-switch ('sp');
-ok(
-    $res = $sp->_get(
-        '/',
-        query  => $query,
-        accept => 'text/html',
-        cookie => "llngcasserver=idp",
-    ),
-    'Query SP with ticket'
-);
-count(1);
-
-clean_sessions();
-done_testing( count() );
-
-sub issuer {
-    return LLNG::Manager::Test->new( {
-            ini => {
-                logLevel               => $debug,
-                domain                 => 'idp.com',
-                portal                 => 'http://auth.idp.com',
-                authentication         => 'Demo',
-                userDB                 => 'Same',
-                issuerDBCASActivation  => 1,
-                casAttr                => 'uid',
-                casAttributes          => { cn => 'cn', uid => 'uid', },
-                casAccessControlPolicy => 'none',
-                multiValuesSeparator   => ';',
-            }
-        }
-    );
-}
-
-sub sp {
-    return LLNG::Manager::Test->new( {
-            ini => {
-                logLevel                   => $debug,
-                domain                     => 'sp.com',
-                portal                     => 'http://auth.sp.com',
-                authentication             => 'CAS',
-                userDB                     => 'CAS',
-                restSessionServer          => 1,
-                issuerDBCASActivation      => 0,
-                multiValuesSeparator       => ';',
-                casSrvMetaDataExportedVars => {
-                    idp => {
-                        cn   => 'cn',
-                        mail => 'mail',
-                        uid  => 'uid',
-                    }
-                },
-                casSrvMetaDataOptions => {
-                    idp => {
-                        casSrvMetaDataOptionsUrl => 'http://auth.idp.com/cas',
-                        casSrvMetaDataOptionsGateway => 0,
-                    }
-                },
-            },
-        }
-    );
-}
--- a/lemonldap-ng-portal/t/32-CAS-Gateway.t
+++ b/lemonldap-ng-portal/t/32-CAS-Gateway.t
@ -0,0 +1,93 @@
+use lib 'inc';
+use Test::More;
+use strict;
+use IO::String;
+use LWP::UserAgent;
+use LWP::Protocol::PSGI;
+use MIME::Base64;
+
+BEGIN {
+    require 't/test-lib.pm';
+}
+
+my $debug = 'error';
+my ( $issuer, $res );
+
+plan skip_all => "Missing dependencies: $@" if ($@);
+
+# Access control "None"
+ok( $issuer = issuer('none'), 'Issuer portal' );
+count(1);
+
+# Gateway to known URL is ok
+$res = gatewayRequest( $issuer, "http://auth.sp.com/somewhere" );
+expectRedirection( $res, 'http://auth.sp.com/somewhere' );
+
+# Gateway to unknown URL is ok
+$res = gatewayRequest( $issuer, "http://auth.unknown.com/somewhere" );
+expectRedirection( $res, 'http://auth.unknown.com/somewhere' );
+
+# Access control "Error"
+ok( $issuer = issuer('error'), 'Issuer portal' );
+count(1);
+
+# Gateway to known URL is ok
+$res = gatewayRequest( $issuer, "http://auth.sp.com/somewhere" );
+expectRedirection( $res, 'http://auth.sp.com/somewhere' );
+
+# Gateway to unknown URL is denied
+$res = gatewayRequest( $issuer, "http://auth.unknown.com/somewhere" );
+expectPortalError( $res, 68 );
+
+# Access control "Fake ticket"
+ok( $issuer = issuer('faketicket'), 'Issuer portal' );
+count(1);
+
+# Gateway to known URL is ok
+$res = gatewayRequest( $issuer, "http://auth.sp.com/somewhere" );
+expectRedirection( $res, 'http://auth.sp.com/somewhere' );
+
+# Gateway to unknown URL is denied
+$res = gatewayRequest( $issuer, "http://auth.unknown.com/somewhere" );
+expectPortalError( $res, 68 );
+
+clean_sessions();
+done_testing( count() );
+
+sub gatewayRequest {
+    my ( $issuer, $url ) = @_;
+    return $issuer->_get(
+        '/cas/login',
+        query => buildForm( {
+                gateway => "true",
+                service => $url,
+
+            }
+        ),
+        accept => 'text/html',
+    );
+}
+
+sub issuer {
+    my ($policy) = @_;
+    return LLNG::Manager::Test->new( {
+            ini => {
+                logLevel              => $debug,
+                domain                => 'idp.com',
+                portal                => 'http://auth.idp.com',
+                authentication        => 'Demo',
+                userDB                => 'Same',
+                issuerDBCASActivation => 1,
+                casAttr               => 'uid',
+                casAppMetaDataOptions => {
+                    sp2 => {
+                        casAppMetaDataOptionsService => 'http://auth.sp.com/',
+                        casAppMetaDataOptionsRule    => "0",
+                    },
+                },
+                casAccessControlPolicy => $policy,
+                multiValuesSeparator   => ';',
+            }
+        }
+    );
+}