lemonldap-ng/lemonldap-ng-portal/t/78-2F-UpgradeOnly-without-2F.t

use Test::More;
use strict;
use IO::String;
use Data::Dumper;

require 't/test-lib.pm';
my $maintests = 5;

SKIP: {
    eval { require Crypt::U2F::Server; require Authen::U2F::Tester };
    if ( $@ or $Crypt::U2F::Server::VERSION < 0.42 ) {
        skip 'Missing libraries', $maintests;
    }

    use_ok('Lemonldap::NG::Common::FormEncode');
    my $res;

    my $client = LLNG::Manager::Test->new( {
            ini => {
                logLevel       => 'error',
                sfOnlyUpgrade  => 1,
                u2fActivation  => 1,
                u2fAuthnLevel  => 5,
                authentication => 'Demo',
                userDB         => 'Same',
                'vhostOptions' => {
                    'test1.example.com' => {
                        'vhostAuthnLevel' => 3
                    },
                },
            }
        }
    );

    # CASE 1: no 2F available
    # -----------------------
    my $query = 'user=rtyler&password=rtyler';
    ok(
        $res = $client->_post(
            '/',
            IO::String->new($query),
            length => length($query),
            accept => 'text/html',
        ),
        'Auth query'
    );
    my $id = expectCookie($res);

    # After attempting to access test1,
    # the handler sends up back to /upgradesession
    # --------------------------------------------
    ok(
        $res = $client->_get(
            '/upgradesession',
            query  => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29t',
            accept => 'text/html',
            cookie => "lemonldap=$id",
        ),
        'Upgrade session query'
    );

    ( my $host, my $url, $query ) =
      expectForm( $res, undef, '/upgradesession', 'confirm', 'url' );

    # Accept session upgrade
    # ----------------------

    ok(
        $res = $client->_post(
            '/upgradesession',
            IO::String->new($query),
            length => length($query),
            accept => 'text/html',
            cookie => "lemonldap=$id",
        ),
        'Accept session upgrade query'
    );

    expectCookie( $res, 'lemonldappdata' );

    # A message warns the user that they do not have any 2FA available
    expectPortalError( $res, 103 );

    $query = 'user=rtyler&password=rtyler';
    ok(
        $res = $client->_post(
            '/upgradesession',
            IO::String->new($query),
            length => length($query),
            accept => 'text/html',
            cookie => "lemonldap=$id",
        ),
        'Accept session upgrade query'
    );
    expectRedirection( $res, 'http://auth.example.com/' );
    $client->logout($id);
}

count($maintests);
clean_sessions();

done_testing( count() );