Append unit test (#2325)

doc/sources/admin/newlocationwarning.rst

@@ -1,5 +1,7 @@
+|image0|
+
 New Location Warning Plugin
-=================
+===========================
 
 Presentation
 ------------
@@ -29,4 +31,7 @@ Just enable it in the Manager (section ``General Parameters`` > ``Advanced param
 
    Following variables are available in:
 
-   \* Warning email body => ``$newLocationIP``, ``$newLocationDate``
+   \* Warning email body => ``$newLocationIP``, ``$newLocationDate``
+
+.. |image0| image:: /documentation/beta.png
+   :width: 100px

lemonldap-ng-portal/MANIFEST

@@ -120,6 +120,7 @@ lib/Lemonldap/NG/Portal/Plugins/GrantSession.pm
 lib/Lemonldap/NG/Portal/Plugins/History.pm
 lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm
 lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm
+lib/Lemonldap/NG/Portal/Plugins/NewLocationWarning.pm
 lib/Lemonldap/NG/Portal/Plugins/Notifications.pm
 lib/Lemonldap/NG/Portal/Plugins/PublicPages.pm
 lib/Lemonldap/NG/Portal/Plugins/Refresh.pm
@@ -470,6 +471,7 @@ site/templates/common/mail_certificateReset.tpl
 site/templates/common/mail_confirm.tpl
 site/templates/common/mail_footer.tpl
 site/templates/common/mail_header.tpl
+site/templates/common/mail_new_location_warning.tpl
 site/templates/common/mail_password.tpl
 site/templates/common/mail_register_confirm.tpl
 site/templates/common/mail_register_done.tpl
@@ -670,6 +672,7 @@ t/61-CrowdSec-warn.t
 t/61-CrowdSec.t
 t/61-ForceAuthn.t
 t/61-GrantSession.t
+t/61-NewLocationWarning.t
 t/61-Session-ActivityTimeout.t
 t/61-Session-Timeout.t
 t/62-Refresh-plugin.t

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/NewLocationWarning.pm

@@ -13,7 +13,7 @@ extends qw(
 );
 
 # Entrypoint
-use constant endAuth => 'check';
+use constant afterData => 'check';
 
 sub init {
     my ($self) = @_;
@@ -29,7 +29,6 @@ sub init {
             '"NewLocationWarning" plugin enabled WITHOUT "History" plugin');
         return 0;
     }
-
     return 1;
 }
 
@@ -38,14 +37,21 @@ sub check {
     my $successLogin = $req->sessionInfo->{_loginHistory}->{successLogin};
     my $failedLogin  = $req->sessionInfo->{_loginHistory}->{failedLogin};
     my $ipSource     = $req->env->{ipAddr};
+    $self->logger->debug("Source IP: $ipSource");
 
     my @successIPs =
-      map { $_->{ipAddr} eq $ipSource ? $_->{ipAddr} : () } @$successLogin;
+      map { $_->{ipAddr} ne $ipSource ? $_->{ipAddr} : () } @$successLogin;
     my @failedIPs =
-      map { $_->{ipAddr} eq $ipSource ? $_->{ipAddr} : () } @$failedLogin;
+      map { $_->{ipAddr} ne $ipSource ? $_->{ipAddr} : () } @$failedLogin;
     my @IPs = ( @successIPs, @failedIPs );
-
-    return scalar @IPs ? $self->_sendMail($req) : PE_OK;
+    if ( scalar @IPs ) {
+        $self->logger->warn("New location found: $ipSource");
+        return $self->_sendMail($req);
+    }
+    else {
+        $self->logger->debug('Known location or first connection');
+        return PE_OK;
+    }
 }
 
 sub _sendMail {

lemonldap-ng-portal/site/templates/common/mail_new_location_warning.tpl

@@ -3,9 +3,9 @@
 <p>
 <span trspan="hello">Hello</span> <TMPL_VAR NAME="session_cn" ESCAPE=HTML>,<br />
 <br />
-<a href="<TMPL_VAR NAME="url" ESCAPE=HTML>" style="text-decoration:none;color:orange;">
+<h3>Your <a href="<TMPL_VAR NAME="url" ESCAPE=HTML>" style="text-decoration:none;color:orange;"> account was signed in to from a new location.</h3>
 <span trspan="host">Host</span> <b><TMPL_VAR NAME="host"></b></br>
-<span trspan="date">Date</span> <b><TMPL_VAR NAME="newLocationDate"></b>
+<span trspan="date">Date</span> <b><TMPL_VAR NAME="date"></b>
 </a>
 </p>
 

lemonldap-ng-portal/t/61-NewLocationWarning.t

@@ -0,0 +1,133 @@
+use Test::More;
+use strict;
+use IO::String;
+
+BEGIN {
+    eval {
+        require 't/test-lib.pm';
+        require 't/smtp.pm';
+    };
+}
+
+my $res;
+my $maintests = 12;
+
+SKIP: {
+    eval 'require Email::Sender::Simple;';
+    if ($@) {
+        skip 'Missing dependencies', $maintests;
+    }
+
+    my $client = LLNG::Manager::Test->new( {
+            ini => {
+                logLevel             => 'error',
+                useSafeJail          => 1,
+                authentication       => 'Demo',
+                userDB               => 'Same',
+                passwordDB           => 'Demo',
+                captcha_mail_enabled => 0,
+                portalMainLogo       => 'common/logos/logo_llng_old.png',
+                newLocationWarning   => 1,
+                loginHistoryEnabled  => 1
+            }
+        }
+    );
+
+    ## Simple access
+    ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
+    my ( $host, $url, $query ) =
+      expectForm( $res, '#', undef, 'user', 'password' );
+
+    ## Authentication #1 with IP #1 (Test 1)
+    ok(
+        $res = $client->_post(
+            '/',
+            IO::String->new('user=dwho&password=dwho'),
+            length => 23,
+            accept => 'text/html',
+        ),
+        'First auth query'
+    );
+    my $id = expectCookie($res);
+    $client->logout($id);
+
+    ## Authentication #2 with IP #1 (Test 2)
+    ok(
+        $res = $client->_post(
+            '/',
+            IO::String->new('user=dwho&password=dwho'),
+            length => 23,
+            accept => 'text/html',
+        ),
+        'Second auth query'
+    );
+    $id = expectCookie($res);
+    expectRedirection( $res, 'http://auth.example.com/' );
+    $client->logout($id);
+
+    ## Authentication #3 with IP #2 (Test 3)
+    ok(
+        $res = $client->_post(
+            '/',
+            IO::String->new('user=dwho&password=dwho'),
+            length => 23,
+            accept => 'text/html',
+            ip     => '127.0.0.2',
+        ),
+        'Third auth query'
+    );
+    $id = expectCookie($res);
+    expectRedirection( $res, 'http://auth.example.com/' );
+    $client->logout($id);
+    like(
+        mail(),
+qr#<h3>Your <a href="" style="text-decoration:none;color:orange;"> account was signed in to from a new location.</h3>
+#, ' Mail sent (Good password)'
+    );
+
+    ## Authentication #4 with IP #1 wrong password (Test 4)
+    ok(
+        $res = $client->_post(
+            '/',
+            IO::String->new('user=dwho&password=ohwd'),
+            length => 23,
+            accept => 'text/html',
+        ),
+        'Fourth auth query'
+    );
+    ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span>/, ' Bad credential' )
+      or print STDERR Dumper( $res->[2]->[0] );
+
+    ## Authentication #5 with IP #2 (Test 5)
+    ok(
+        $res = $client->_post(
+            '/',
+            IO::String->new('user=dwho&password=ohwd'),
+            length => 23,
+            accept => 'text/html',
+            ip     => '127.0.0.3',
+        ),
+        'Fifth auth query'
+    );
+    ok( $res->[2]->[0] =~ /<span trmsg="5"><\/span>/, ' Bad credential' )
+      or print STDERR Dumper( $res->[2]->[0] );
+    like(
+        mail(),
+qr#<h3>Your <a href="" style="text-decoration:none;color:orange;"> account was signed in to from a new location.</h3>
+#, ' Mail sent (Wrong password)'
+    );
+    like(
+        mail(),
+        qr#<span>Host</span> <b>auth.example.com</b>#,
+        ' Mail sent (Host found)'
+    );
+    like(
+        mail(),
+        qr#<span>Date</span> <b>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}</b>#,
+        ' Mail sent (Date found)'
+    );
+}
+
+count($maintests);
+clean_sessions();
+done_testing( count() );