012b41b2b1
|
||
|---|---|---|
| .. | ||
| gpghome | ||
| lib | ||
| sessions | ||
| sessions2 | ||
| testslapd | ||
| 01-AuthDemo.t | ||
| 01-BuildUrl.t | ||
| 01-CSP-and-CORS-headers.t | ||
| 01-EnablePasswordDisplay.t | ||
| 01-Handler-redirection-and-URL-check-by-portal.t | ||
| 01-Reject-Hashes-in-URL.t | ||
| 01-Unauth-Logout.t | ||
| 01-WebAuthn-Registration.t | ||
| 01-WebAuthn.t | ||
| 01-pdata.t | ||
| 02-Password-Demo-Hook.t | ||
| 02-Password-Demo-Local-Ppolicy.t | ||
| 02-Password-Demo-Local-SpeChars-Ppolicy.t | ||
| 02-Password-Demo-Local-noPpolicy.t | ||
| 02-Password-Demo.t | ||
| 03-ConfTimeout.t | ||
| 03-SessionTimeout.t | ||
| 03-XSS-protection.t | ||
| 04-language-selection.t | ||
| 10-AuthCustom.t | ||
| 19-Auth-Null.t | ||
| 20-Auth-DBI-utf8.t | ||
| 20-Auth-and-password-DBI-dynamic-hash.t | ||
| 20-Auth-and-password-DBI.t | ||
| 21-Auth-LDAP-Policy-Combination.t | ||
| 21-Auth-LDAP-Policy-only.t | ||
| 21-Auth-LDAP-Policy.t | ||
| 21-Auth-LDAP-attributes.t | ||
| 21-Auth-and-password-LDAP.t | ||
| 22-Auth-and-password-AD.t | ||
| 23-Auth-and-password-REST.t | ||
| 24-AuthApache.t | ||
| 24-AuthKerberos.t | ||
| 25-AuthSlave-with-Choice.t | ||
| 25-AuthSlave-with-Credentials.t | ||
| 26-AuthRadius.t | ||
| 26-AuthRemote.t | ||
| 27-AuthProxy-with-choice.t | ||
| 27-AuthProxy.t | ||
| 28-AuthChoice-Custom.t | ||
| 28-AuthChoice-Slave-rememberAuthChoice.t | ||
| 28-AuthChoice-and-password.t | ||
| 28-AuthChoice-with-captcha.t | ||
| 28-AuthChoice-with-info.t | ||
| 28-AuthChoice-with-over.t | ||
| 28-AuthChoice-with-rules.t | ||
| 28-AuthChoice-with-token.t | ||
| 29-AuthGPG.t | ||
| 29-AuthSSL.t | ||
| 30-Auth-ResolutionRule.t | ||
| 30-Auth-SAML-with-choice.t | ||
| 30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t | ||
| 30-Auth-and-issuer-SAML-Metadata.t | ||
| 30-Auth-and-issuer-SAML-NameID.t | ||
| 30-Auth-and-issuer-SAML-POST-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-POST-Missing-SLO.t | ||
| 30-Auth-and-issuer-SAML-POST.t | ||
| 30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-Redirect-MultipleSP-Missing-SLO.t | ||
| 30-Auth-and-issuer-SAML-Redirect-MultipleSP.t | ||
| 30-Auth-and-issuer-SAML-Redirect-With-Info.t | ||
| 30-Auth-and-issuer-SAML-Redirect.t | ||
| 30-CDC.t | ||
| 30-SAML-Head-to-Tail-POST.t | ||
| 30-SAML-Macros.t | ||
| 30-SAML-POST-Logout-when-expired.t | ||
| 30-SAML-POST-Logout-when-removed.t | ||
| 30-SAML-POST-with-2F-UpgradeOnly.t | ||
| 30-SAML-POST-with-2F-and-Notification.t | ||
| 30-SAML-POST-with-Notification.t | ||
| 30-SAML-ReAuth-with-Cmb-Kerberos.t | ||
| 30-SAML-ReAuth-with-choice.t | ||
| 30-SAML-ReAuth.t | ||
| 30-SAML-RelayState.t | ||
| 30-SAML-SP-rule.t | ||
| 31-Auth-and-issuer-CAS-Logout-20.t | ||
| 31-Auth-and-issuer-CAS-Logout-30.t | ||
| 31-Auth-and-issuer-CAS-XSS-on-logout.t | ||
| 31-Auth-and-issuer-CAS-declared-app-multiple-urls.t | ||
| 31-Auth-and-issuer-CAS-declared-app-userattr.t | ||
| 31-Auth-and-issuer-CAS-declared-app.t | ||
| 31-Auth-and-issuer-CAS-declared-apps.t | ||
| 31-Auth-and-issuer-CAS-default.t | ||
| 31-Auth-and-issuer-CAS-proxied.t | ||
| 31-Auth-and-issuer-CAS-with-choice-and-cancel.t | ||
| 31-Auth-and-issuer-CAS-with-choice.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-jwt-userinfo.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-public_client.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-with-info.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-with-none-alg.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code.t | ||
| 32-Auth-and-issuer-OIDC-hybrid.t | ||
| 32-Auth-and-issuer-OIDC-implicit-no-token.t | ||
| 32-Auth-and-issuer-OIDC-implicit.t | ||
| 32-Auth-and-issuer-OIDC-sorted.t | ||
| 32-CAS-10.t | ||
| 32-CAS-Gateway.t | ||
| 32-CAS-Hooks.t | ||
| 32-CAS-Macros.t | ||
| 32-CAS-Prefix.t | ||
| 32-CAS-Proxy.t | ||
| 32-CAS-Security.t | ||
| 32-OIDC-ClaimTypes.t | ||
| 32-OIDC-ClientCredentials-Grant.t | ||
| 32-OIDC-Code-Flow-with-2F-UpgradeOnly.t | ||
| 32-OIDC-Code-Flow-with-2F.t | ||
| 32-OIDC-Grant-Type-OAuth2-Handler-Rules.t | ||
| 32-OIDC-Grant-Type-Rules.t | ||
| 32-OIDC-Hooks.t | ||
| 32-OIDC-Logout-from-RP-bypass-confirm.t | ||
| 32-OIDC-Logout-redirect-uri-not-allowed.t | ||
| 32-OIDC-Macro.t | ||
| 32-OIDC-Offline-Session.t | ||
| 32-OIDC-Password-Grant-with-Bruteforce-and-Choice.t | ||
| 32-OIDC-Password-Grant.t | ||
| 32-OIDC-RP-rule.t | ||
| 32-OIDC-Refresh-Token.t | ||
| 32-OIDC-Register.t | ||
| 32-OIDC-Token-Introspection.t | ||
| 32-OIDC-Token-Security.t | ||
| 33-Auth-and-issuer-OpenID2.t | ||
| 34-Auth-Proxy-and-REST-Server.t | ||
| 34-Auth-Proxy-and-REST-sessions.t | ||
| 34-Auth-Proxy-and-SOAP-Server.t | ||
| 35-My-session.t | ||
| 35-REST-auth-password-server.t | ||
| 35-REST-config-backend.t | ||
| 35-REST-export-password.t | ||
| 35-REST-sessions-with-AuthBasic-handler.t | ||
| 35-REST-sessions-with-REST-server.t | ||
| 35-SOAP-config-backend.t | ||
| 35-SOAP-sessions-with-SOAP-server.t | ||
| 36-Combination-Custom.t | ||
| 36-Combination-Kerberos-or-Demo.t | ||
| 36-Combination-Password.t | ||
| 36-Combination-with-Choice.t | ||
| 36-Combination-with-TOTP.t | ||
| 36-Combination-with-over.t | ||
| 36-Combination-with-token.t | ||
| 36-Combination.t | ||
| 37-CAS-App-to-SAML-IdP-POST-with-WAYF.t | ||
| 37-CAS-App-to-SAML-IdP-POST.t | ||
| 37-Issuer-Timeout.t | ||
| 37-Logout-from-2-chained-SAML-SP-SOAP.t | ||
| 37-Logout-from-OIDC-RP-to-SAML-IDP-Redirect.t | ||
| 37-Logout-from-OIDC-RP-to-SAML-IDP-SOAP.t | ||
| 37-Logout-from-OIDC-RP-to-SAML-SP.t | ||
| 37-OIDC-RP-to-SAML-IdP-GET-with-WAYF.t | ||
| 37-OIDC-RP-to-SAML-IdP-GET.t | ||
| 37-OIDC-RP-to-SAML-IdP-POST.t | ||
| 37-SAML-SP-GET-to-OIDC-OP.t | ||
| 37-SAML-SP-GET-to-SAML-with-Logout.t | ||
| 37-SAML-SP-POST-to-CAS-server-with-Choice.t | ||
| 37-SAML-SP-POST-to-CAS-server.t | ||
| 37-SAML-SP-POST-to-OIDC-OP.t | ||
| 38-No-persistent-session.t | ||
| 40-Notifications-Explorer-JSON-File.t | ||
| 40-Notifications-Explorer-XML-File.t | ||
| 40-Notifications-JSON-DBI.t | ||
| 40-Notifications-JSON-File-with-token.t | ||
| 40-Notifications-JSON-File.t | ||
| 40-Notifications-JSON-LDAP.t | ||
| 40-Notifications-JSON-Server.t | ||
| 40-Notifications-XML-DBI.t | ||
| 40-Notifications-XML-File.t | ||
| 40-Notifications-XML-Server.t | ||
| 41-Captcha-old-api.t | ||
| 41-Captcha.t | ||
| 41-Token-with-global-storage.t | ||
| 41-Token.t | ||
| 42-Register-Custom.t | ||
| 42-Register-Demo-with-CustomBody.t | ||
| 42-Register-Demo-with-captcha.t | ||
| 42-Register-Demo-with-token.t | ||
| 42-Register-Demo.t | ||
| 42-Register-LDAP.t | ||
| 42-Register-Security.t | ||
| 43-MailPasswordReset-Choice.t | ||
| 43-MailPasswordReset-Combination-LDAP.t | ||
| 43-MailPasswordReset-Combination.t | ||
| 43-MailPasswordReset-DBI.t | ||
| 43-MailPasswordReset-Hook.t | ||
| 43-MailPasswordReset-LDAP.t | ||
| 43-MailPasswordReset-with-captcha.t | ||
| 43-MailPasswordReset-with-token.t | ||
| 43-MailPasswordReset.t | ||
| 44-CertificateResetByMail-Demo.t | ||
| 44-CertificateResetByMail-LDAP.t | ||
| 50-IssuerGet.t | ||
| 56-CheckDevOps-with-Download.t | ||
| 56-CheckDevOps.t | ||
| 57-GlobalLogout-with-Double-cookies-Single-session.t | ||
| 57-GlobalLogout-with-Double-cookies.t | ||
| 57-GlobalLogout-without-Timer.t | ||
| 57-GlobalLogout.t | ||
| 57-LogoutForward.t | ||
| 57-LogoutForward2153.t | ||
| 58-DecryptValue-with-custom-function.t | ||
| 58-DecryptValue-with-internal-function.t | ||
| 59-Double-cookies-Refresh-and-Logout.t | ||
| 59-Double-cookies-for-Double-sessions.t | ||
| 59-Double-cookies-for-a-Single-session.t | ||
| 59-Secured-cookie-Refresh-and-Logout.t | ||
| 60-Status.t | ||
| 61-AdaptativeAuthenticationLevel.t | ||
| 61-BruteForceProtection-with-Incremental-lockTimes-and-TOTP.t | ||
| 61-BruteForceProtection-with-Incremental-lockTimes.t | ||
| 61-BruteForceProtection.t | ||
| 61-CrowdSec-warn.t | ||
| 61-CrowdSec.t | ||
| 61-ForceAuthn.t | ||
| 61-GrantSession.t | ||
| 61-NewLocationWarning-Custom.t | ||
| 61-NewLocationWarning.t | ||
| 61-Session-ActivityTimeout.t | ||
| 61-Session-Timeout.t | ||
| 62-Refresh-plugin.t | ||
| 62-SingleSession-with-History.t | ||
| 62-SingleSession-with-Rules.t | ||
| 62-SingleSession.t | ||
| 62-UpgradeSession-disabled.t | ||
| 62-UpgradeSession.t | ||
| 63-History.t | ||
| 64-StayConnected-with-2F-and-History.t | ||
| 64-StayConnected-with-History.t | ||
| 64-StayConnected-with-rule.t | ||
| 64-StayConnected-without-fingerprint-checking.t | ||
| 65-AutoSignin.t | ||
| 65-CheckState.t | ||
| 66-CDA-PSGI-Try.t | ||
| 66-CDA-already-auth.t | ||
| 66-CDA-wildcard.t | ||
| 66-CDA-with-REST.t | ||
| 66-CDA-with-SOAP.t | ||
| 66-CDA-with-doubleCookies.t | ||
| 66-CDA.t | ||
| 67-CheckUser-with-Global-token.t | ||
| 67-CheckUser-with-Impersonation-and-Macros.t | ||
| 67-CheckUser-with-UnrestrictedUser.t | ||
| 67-CheckUser-with-hidden-attributes.t | ||
| 67-CheckUser-with-history.t | ||
| 67-CheckUser-with-issuer-SAML-POST.t | ||
| 67-CheckUser-with-rules.t | ||
| 67-CheckUser-with-token.t | ||
| 67-CheckUser.t | ||
| 68-ContextSwitching-with-2F-allowed.t | ||
| 68-ContextSwitching-with-2F.t | ||
| 68-ContextSwitching-with-Impersonation.t | ||
| 68-ContextSwitching-with-Logout.t | ||
| 68-ContextSwitching-with-TOTP-and-Notification.t | ||
| 68-ContextSwitching-with-UnrestrictedUser.t | ||
| 68-ContextSwitching.t | ||
| 68-FindUser-with-BadChoice-and-token.t | ||
| 68-FindUser-with-Choice-and-token.t | ||
| 68-FindUser-with-Combination.t | ||
| 68-FindUser-with-DBI.t | ||
| 68-FindUser-with-Demo-and-captcha.t | ||
| 68-FindUser-with-Demo-and-required-params.t | ||
| 68-FindUser-with-Demo-and-token.t | ||
| 68-FindUser-with-Demo.t | ||
| 68-FindUser-with-LDAP.t | ||
| 68-FindUser-with-REST.t | ||
| 68-FindUser-with-UpgradeSession.t | ||
| 68-FindUser-without-Impersonation.t | ||
| 68-FindUser-without-attribute.t | ||
| 68-Impersonation-with-2F.t | ||
| 68-Impersonation-with-Custom-Plugin.t | ||
| 68-Impersonation-with-History.t | ||
| 68-Impersonation-with-TOTP.t | ||
| 68-Impersonation-with-UnrestrictedUser.t | ||
| 68-Impersonation-with-doubleCookies.t | ||
| 68-Impersonation-with-filtered-merge.t | ||
| 68-Impersonation-with-merge.t | ||
| 68-Impersonation.t | ||
| 70-2F-TOTP-8-with-global-storage.t | ||
| 70-2F-TOTP-and-U2F-with-TTL-and-JSON.t | ||
| 70-2F-TOTP-encryption.t | ||
| 70-2F-TOTP-with-History-and-Refresh.t | ||
| 70-2F-TOTP-with-LDAP.t | ||
| 70-2F-TOTP-with-Range.t | ||
| 70-2F-TOTP-with-TTL-and-JSON.t | ||
| 70-2F-TOTP-with-TTL-and-XML.t | ||
| 70-2F-TOTP-with-TTL.t | ||
| 71-2F-U2F-with-History.t | ||
| 71-2F-U2F-with-TTL-and-msg.t | ||
| 71-2F-U2F-with-TTL.t | ||
| 71-2F-U2F.t | ||
| 72-2F-REST-CodeActivation-Resend.t | ||
| 72-2F-REST-with-History.t | ||
| 73-2F-UTOTP-TOTP-and-U2F-with-History.t | ||
| 73-2F-UTOTP-TOTP-and-U2F.t | ||
| 73-2F-UTOTP-TOTP-only-with-History.t | ||
| 73-2F-UTOTP-TOTP-only.t | ||
| 74-2F-Required-Issuer-Timeouts.t | ||
| 74-2F-Required.t | ||
| 75-2F-Registers.t | ||
| 76-2F-Ext-with-BruteForce.t | ||
| 76-2F-Ext-with-CodeActivation-Resend.t | ||
| 76-2F-Ext-with-CodeActivation.t | ||
| 76-2F-Ext-with-GrantSession.t | ||
| 76-2F-Ext-with-History.t | ||
| 77-2F-Extra.t | ||
| 77-2F-Mail-SessionKey.t | ||
| 77-2F-Mail-with-global-storage.t | ||
| 77-2F-Mail.t | ||
| 78-2F-Upgrade-Many.t | ||
| 78-2F-Upgrade.t | ||
| 78-2F-UpgradeOnly-with-forceFlag.t | ||
| 78-2F-UpgradeOnly-without-2F.t | ||
| 78-2F-UpgradeOnly.t | ||
| 79-2F-Yubikey-from-Session.t | ||
| 79-2F-Yubikey.t | ||
| 90-Translations.t | ||
| 91-Handler-cache-cleaned.t | ||
| 91-Memory-Leak.t | ||
| 99-Bad-logLevel.t | ||
| 99-Dont-load-Dumper.t | ||
| 99-pod.t | ||
| AfterDataCustomPlugin.pm | ||
| CaptchaOldApi.pm | ||
| CasHookPlugin.pm | ||
| Custom.pm | ||
| HistoryPlugin.pm | ||
| OidcHookPlugin.pm | ||
| PasswordHookPlugin.pm | ||
| README.md | ||
| SamlHookPlugin.pm | ||
| lmConf-1.json | ||
| oidc-lib.pm | ||
| pdata.pm | ||
| saml-lib.pm | ||
| sendCode.pl | ||
| sendOTP.pl | ||
| separate-handler.pm | ||
| smtp.pm | ||
| test-ldap.pm | ||
| test-lib.pm | ||
| test-psgi.pm | ||
| test-yubikey.pm | ||
| vrfyOTP.pl | ||
README.md
NAME
test-lib.pm - Test framework for LLNG portal
SYNOPSIS
use Test::More;
use strict;
use IO::String;
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
#...
}
}
);
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23
),
'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
clean_sessions();
done_testing( count() );
DESCRIPTION
This test library permits to simulate browser navigation.
Functions
In these functions, $res is the result of a LLNG::Manager::Test::_get() or
LLNG::Manager::Test::_post() call (see below).
count($inc)
Returns number of tests done. Increment test number if an argument is given
explain( $result, $expected_result )
Used to display error if test fails:
ok( $res->[0] == 302, 'Get redirection' ) or
explain( $res->[0], 302 );
clean_sessions()
Clean sessions created during tests
expectRedirection( $res, $location )
Verify that request result is a redirection to $location. $location can be:
-
a string: location must match exactly
-
a regexp: location must match this regexp. In this case, the list of matching strings are returned. Example:
my( $uri, $query ) = expectRedirection( $res, qr#http://host(/[^\?]*)?(.*)$# );
expectAutoPost(@args)
Same behaviour as expectForm() but verify also that form method is post.
TODO: verify javascript
expectForm( $res, $hostRe, $uriRe, @requiredFields )
Verify form in HTML result and return ( $host, $uri, $query, $method ):
- verify that a GET/POST form exists
- if a $hostRe regexp is given, verify that form target matches and populates $host. Skipped if $hostRe eq "#"
- if a $uriRe regexp is given, verify that form target matches and populates $uri
- if @requiredFields exists, verify that each element is an input name
- build form-url-encoded string looking at parameters/values and store it in $query
expectAuthenticatedAs($user)
Verify that result has a Lm-Remote-User header and value is $user
expectOK($res)
Verify that returned code is 200
expectBadRequest($res)
Verify that returned code is 400. Note that it works only for Ajax request (see below).
expectReject( $res, $code )
Verify that returned code is 401 and JSON result contains error:"$code".
Note that it works only for Ajax request (see below).
expectCookie( $res, $cookieName )
Check if a Set-Cookie exists and set a cookie named $cookieName. Return
its value.
exceptCspFormOK( $res, $host )
Verify that Content-Security-Policy header allows to connect to $host.
getCookies($res)
Returns an hash ref with names => values of cookies set by server.
getHeader( $res, $hname )
Returns value of first header named $hname in $res response.
getRedirection($res)
Returns value of Location header.
getUser($res)
Returns value of Lm-Remote-User header.
LLNG::Manager::Test Class
Accessors
- app: built application
- class: class to test (default Lemonldap::NG::Portal::Main)
- p: portal object
- ini: initialization parameters ($defaultIni values + given parameters)
Methods
logout($id)
Launch a /?logout=1 request an test:
- if response is 200
- if cookie 'lemonldap' and 'lemonldappdata' have no value
- if a GET request with previous cookie value ($i) is rejected
_get( $path, %args )
Simulates a GET requests to $path. Accepted arguments:
- accept: accepted content, default to Ajax request. Use 'text/html'
to test content (to launch a
expectForm()for example). - cookie: full cookie string
- custom: additional headers (hash ref only)
- ip: remote address. Default to 127.0.0.1
- method: default to GET. Only GET/DELETE values are acceptable
(use
_post()if you want to launch a POST/PUT request) - query: query string
- referer
- remote_user: REMOTE_USER header value
_post( $path, $body, %args )
Same as _get except that a body is required. $body must be a file handle.
Example with IO::String:
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23
),
'Auth query'
);
_delete( $path, %args )
Call _get() with method set to DELETE.
_put( $path, $body, %args )
Call _post() with method set to PUT