From ff61b49fd9bb5d25d1ae4dc69375edaf85cfb0af Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Mon, 1 Feb 2016 20:10:28 +0000
Subject: [PATCH] Full PSGI test

---
 lemonldap-ng-handler/MANIFEST                 |  2 +
 .../t/60-Lemonldap-NG-Handler-PSGI.t          | 61 ++++++++++++++++++-
 lemonldap-ng-handler/t/lmConf-1.js            |  5 +-
 ...2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545 |  1 +
 ...962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock |  0
 5 files changed, 64 insertions(+), 5 deletions(-)
 create mode 100644 lemonldap-ng-handler/t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
 create mode 100644 lemonldap-ng-handler/t/sessions/lock/Apache-Session-f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock

diff --git a/lemonldap-ng-handler/MANIFEST b/lemonldap-ng-handler/MANIFEST
index ba363fe11..6d09ce686 100644
--- a/lemonldap-ng-handler/MANIFEST
+++ b/lemonldap-ng-handler/MANIFEST
@@ -48,4 +48,6 @@ t/52-Lemonldap-NG-Handler-AuthBasic.t
 t/60-Lemonldap-NG-Handler-PSGI.t
 t/99-pod.t
 t/lmConf-1.js
+t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
+t/sessions/lock/Apache-Session-f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock
 t/test-psgi-lib.pm
diff --git a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
index d197d8deb..fc3a17c1d 100644
--- a/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
+++ b/lemonldap-ng-handler/t/60-Lemonldap-NG-Handler-PSGI.t
@@ -3,15 +3,16 @@
 use Test::More;
 use JSON;
 use Data::Dumper;
-use MIME::Base64
+use MIME::Base64;
 
-  require 't/test-psgi-lib.pm';
+require 't/test-psgi-lib.pm';
 
 init('Lemonldap::NG::Handler::PSGI');
 
 my $res;
 
-ok( $res = $client->_get('/'), 'Get http://test1.example.com/' );
+# Unauthentified query
+ok( $res = $client->_get('/'), 'Unauthentified query' );
 ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
 ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
 my %h = @{ $res->[1] };
@@ -28,4 +29,58 @@ ok(
 
 count(4);
 
+# Authentified queries
+# --------------------
+
+# Authorizated query
+ok(
+    $res = $client->_get(
+        '/',
+        undef,
+        undef,
+'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
+    ),
+    'Authentified query'
+);
+ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
+
+count(2);
+
+# Denied query
+ok(
+    $res = $client->_get(
+        '/deny',
+        undef,
+        undef,
+'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
+    ),
+    'Denied query'
+);
+ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
+
+count(2);
+
+# Bad cookie
+ok(
+    $res = $client->_get(
+        '/deny',
+        undef,
+        'manager.example.com',
+'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
+    ),
+    'Bad cookie'
+);
+ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
+unlink('t/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock');
+
+count(2);
+
 done_testing( count() );
+
+sub Lemonldap::NG::Handler::PSGI::router {
+    my ( $self, $req ) = @_;
+    ok( $req->{HTTP_AUTH_USER} eq 'dwho', 'Header is given to app' )
+      or explain( $req->{HTTP_REMOTE_USER}, 'dwho' );
+    count(1);
+    return [ 200, [ 'Content-Type', 'text/plain' ], ['Hello'] ];
+}
diff --git a/lemonldap-ng-handler/t/lmConf-1.js b/lemonldap-ng-handler/t/lmConf-1.js
index b3dc2a22a..fe9eecd9e 100644
--- a/lemonldap-ng-handler/t/lmConf-1.js
+++ b/lemonldap-ng-handler/t/lmConf-1.js
@@ -25,8 +25,8 @@
   },
   "globalStorage": "Apache::Session::File",
   "globalStorageOptions": {
-    "Directory": "t/tmp",
-    "LockDirectory": "t/tmp/lock",
+    "Directory": "t/sessions",
+    "LockDirectory": "t/sessions/lock",
     "generateModule": "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
   },
   "groups": {},
@@ -40,6 +40,7 @@
     },
     "test1.example.com": {
       "^/logout": "logout_sso",
+      "^/deny": "deny",
       "default": "accept"
     },
     "test2.example.com": {
diff --git a/lemonldap-ng-handler/t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545 b/lemonldap-ng-handler/t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
new file mode 100644
index 000000000..b6ce7cc7a
--- /dev/null
+++ b/lemonldap-ng-handler/t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
@@ -0,0 +1 @@
+{"updateTime":"20160201202726","_timezone":"1","_session_kind":"SSO","_passwordDB":"Demo","startTime":"20160201202726","ipAddr":"127.0.0.1","UA":"Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4","_user":"dwho","_userDB":"Demo","_lastAuthnUTime":1454354846,"uid":"dwho","_issuerDB":"Null","_url":"http://manager.example.com:19876/%5Bobject%20Object%5DaHR0cDovL21hbmFnZXIuZXhhbXBsZS5jb206MTk4NzYvIy9jb25mcy9sYXRlc3Q=","_session_id":"f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545","authenticationLevel":1,"_whatToTrace":"dwho","_auth":"Demo","_utime":1454354846,"loginHistory":{"successLogin":[{"ipAddr":"127.0.0.1","_utime":1454354846}]},"cn":"Doctor Who","mail":"dwho@badwolf.org"}
\ No newline at end of file
diff --git a/lemonldap-ng-handler/t/sessions/lock/Apache-Session-f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock b/lemonldap-ng-handler/t/sessions/lock/Apache-Session-f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock
new file mode 100644
index 000000000..e69de29bb