8f5fbb077e
In some federations, SLO endpoints are not published, yet SP are still able to initiate logouts. This used to cause an error on the portal, this commit changes the error into a warning in logs. The user remains on the portal and sees a normal logout message. |
||
|---|---|---|
| .. | ||
| gpghome | ||
| lib/Lemonldap/NG/Portal/Auth | ||
| sessions | ||
| sessions2 | ||
| testslapd | ||
| 01-AuthDemo.t | ||
| 01-pdata.t | ||
| 02-Password-Demo.t | ||
| 03-XSS-protection.t | ||
| 19-Auth-Null.t | ||
| 20-Auth-and-password-DBI-dynamic-hash.t | ||
| 20-Auth-and-password-DBI.t | ||
| 20-Auth-DBI-utf8.t | ||
| 21-Auth-and-password-LDAP.t | ||
| 21-Auth-LDAP-Policy.t | ||
| 21-Auth-LDAP-utf8.t | ||
| 22-Auth-and-password-AD.t | ||
| 23-Auth-and-password-REST.t | ||
| 24-AuthApache.t | ||
| 24-AuthKerberos.t | ||
| 25-AuthSlave.t | ||
| 26-AuthRemote.t | ||
| 27-AuthProxy.t | ||
| 28-AuthChoice-and-password.t | ||
| 28-AuthChoice-with-rules.t | ||
| 29-AuthGPG.t | ||
| 29-AuthSSL.t | ||
| 30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t | ||
| 30-Auth-and-issuer-SAML-Metadata.t | ||
| 30-Auth-and-issuer-SAML-POST-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-POST-Missing-SLO.t | ||
| 30-Auth-and-issuer-SAML-POST.t | ||
| 30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t | ||
| 30-Auth-and-issuer-SAML-Redirect.t | ||
| 30-Auth-SAML-with-choice.t | ||
| 30-CDC.t | ||
| 30-SAML-Head-to-Tail-POST.t | ||
| 30-SAML-ReAuth-with-choice.t | ||
| 30-SAML-ReAuth.t | ||
| 30-SAML-SP-rule.t | ||
| 31-Auth-and-issuer-CAS-declared-app.t | ||
| 31-Auth-and-issuer-CAS-default.t | ||
| 31-Auth-and-issuer-CAS-gateway.t | ||
| 31-Auth-and-issuer-CAS-proxied.t | ||
| 31-Auth-and-issuer-CAS-with-choice-and-cancel.t | ||
| 31-Auth-and-issuer-CAS-with-choice.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t | ||
| 32-Auth-and-issuer-OIDC-authorization_code.t | ||
| 32-Auth-and-issuer-OIDC-hybrid.t | ||
| 32-Auth-and-issuer-OIDC-implicit.t | ||
| 32-OIDC-RP-rule.t | ||
| 33-Auth-and-issuer-OpenID2.t | ||
| 34-Auth-Proxy-and-REST-Server.t | ||
| 34-Auth-Proxy-and-SOAP-Server.t | ||
| 35-My-session.t | ||
| 35-REST-config-backend.t | ||
| 35-REST-sessions-with-REST-server.t | ||
| 35-SOAP-config-backend.t | ||
| 35-SOAP-sessions-with-SOAP-server.t | ||
| 36-Combination-Kerberos-or-Demo.t | ||
| 36-Combination-with-over.t | ||
| 36-Combination-with-token.t | ||
| 36-Combination.t | ||
| 37-CAS-App-to-SAML-IdP-POST.t | ||
| 37-Logout-from-OIDC-RP-to-SAML-SP.t | ||
| 37-OIDC-RP-to-SAML-IdP-GET.t | ||
| 37-OIDC-RP-to-SAML-IdP-POST.t | ||
| 37-SAML-SP-GET-to-OIDC-OP.t | ||
| 37-SAML-SP-POST-to-CAS-server-with-Choice.t | ||
| 37-SAML-SP-POST-to-CAS-server.t | ||
| 37-SAML-SP-POST-to-OIDC-OP.t | ||
| 40-Notifications-JSON-DBI.t | ||
| 40-Notifications-JSON-File-with-token.t | ||
| 40-Notifications-JSON-File.t | ||
| 40-Notifications-JSON-Server.t | ||
| 40-Notifications-XML-DBI.t | ||
| 40-Notifications-XML-File.t | ||
| 40-Notifications-XML-Server.t | ||
| 41-Captcha.t | ||
| 41-Token.t | ||
| 42-Register-Demo-with-captcha.t | ||
| 42-Register-Demo-with-token.t | ||
| 42-Register-Demo.t | ||
| 42-Register-LDAP.t | ||
| 43-MailPasswordReset-Choice.t | ||
| 43-MailPasswordReset-DBI.t | ||
| 43-MailPasswordReset-LDAP.t | ||
| 43-MailPasswordReset-with-captcha.t | ||
| 43-MailPasswordReset-with-token.t | ||
| 43-MailPasswordReset.t | ||
| 50-IssuerGet.t | ||
| 60-Status.t | ||
| 61-BruteForceProtection.t | ||
| 61-ForceAuthn.t | ||
| 61-GrantSession.t | ||
| 61-Session-ActivityTimeout.t | ||
| 61-Session-Timeout.t | ||
| 62-SingleSession.t | ||
| 63-History.t | ||
| 64-StayConnected.t | ||
| 65-AutoSignin.t | ||
| 66-CDA-already-auth.t | ||
| 66-CDA-with-REST.t | ||
| 66-CDA-with-SOAP.t | ||
| 66-CDA.t | ||
| 67-CheckUser-with-token.t | ||
| 67-CheckUser.t | ||
| 68-Impersonation-with-merge.t | ||
| 68-Impersonation.t | ||
| 70-2F-TOTP_8.t | ||
| 70-2F-TOTP-with-History.t | ||
| 70-2F-TOTP.t | ||
| 71-2F-U2F-with-History.t | ||
| 71-2F-U2F.t | ||
| 72-2F-REST-with-HISTORY.t | ||
| 73-2F-UTOTP-TOTP-and-U2F-with-History.t | ||
| 73-2F-UTOTP-TOTP-and-U2F.t | ||
| 73-2F-UTOTP-TOTP-only-with-History.t | ||
| 73-2F-UTOTP-TOTP-only.t | ||
| 74-2F-Required.t | ||
| 75-2F-Registers.t | ||
| 76-2F-Ext-with-BruteForce.t | ||
| 76-2F-Ext-with-CodeActivation.t | ||
| 76-2F-Ext-with-GrantSession.t | ||
| 76-2F-Ext-with-History.t | ||
| 77-2F-Mail.t | ||
| 90-Translations.t | ||
| 99-pod.t | ||
| lmConf-1.json | ||
| pdata.pm | ||
| README.md | ||
| saml-lib.pm | ||
| sendCode.pl | ||
| sendOTP.pl | ||
| smtp.pm | ||
| test-ldap.pm | ||
| test-lib.pm | ||
| test-psgi.pm | ||
| vrfyOTP.pl | ||
NAME
test-lib.pm - Test framework for LLNG portal
SYNOPSIS
use Test::More;
use strict;
use IO::String;
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
#...
}
}
);
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23
),
'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
clean_sessions();
done_testing( count() );
DESCRIPTION
This test library permits to simulate browser navigation.
Functions
In these functions, $res is the result of a LLNG::Manager::Test::_get() or
LLNG::Manager::Test::_post() call (see below).
count($inc)
Returns number of tests done. Increment test number if an argument is given
explain( $result, $expected_result )
Used to display error if test fails:
ok( $res->[0] == 302, 'Get redirection' ) or
explain( $res->[0], 302 );
clean_sessions()
Clean sessions created during tests
expectRedirection( $res, $location )
Verify that request result is a redirection to $location. $location can be:
-
a string: location must match exactly
-
a regexp: location must match this regexp. In this case, the list of matching strings are returned. Example:
my( $uri, $query ) = expectRedirection( $res, qr#http://host(/[^\?]*)?(.*)$# );
expectAutoPost(@args)
Same behaviour as expectForm() but verify also that form method is post.
TODO: verify javascript
expectForm( $res, $hostRe, $uriRe, @requiredFields )
Verify form in HTML result and return ( $host, $uri, $query, $method ):
- verify that a GET/POST form exists
- if a $hostRe regexp is given, verify that form target matches and populates $host. Skipped if $hostRe eq "#"
- if a $uriRe regexp is given, verify that form target matches and populates $uri
- if @requiredFields exists, verify that each element is an input name
- build form-url-encoded string looking at parameters/values and store it in $query
expectAuthenticatedAs($user)
Verify that result has a Lm-Remote-User header and value is $user
expectOK($res)
Verify that returned code is 200
expectBadRequest($res)
Verify that returned code is 400. Note that it works only for Ajax request (see below).
expectReject( $res, $code )
Verify that returned code is 401 and JSON result contains error:"$code".
Note that it works only for Ajax request (see below).
expectCookie( $res, $cookieName )
Check if a Set-Cookie exists and set a cookie named $cookieName. Return
its value.
exceptCspFormOK( $res, $host )
Verify that Content-Security-Policy header allows to connect to $host.
getCookies($res)
Returns an hash ref with names => values of cookies set by server.
getHeader( $res, $hname )
Returns value of first header named $hname in $res response.
getRedirection($res)
Returns value of Location header.
getUser($res)
Returns value of Lm-Remote-User header.
LLNG::Manager::Test Class
Accessors
- app: built application
- class: class to test (default Lemonldap::NG::Portal::Main)
- p: portal object
- ini: initialization parameters ($defaultIni values + given parameters)
Methods
logout($id)
Launch a /?logout=1 request an test:
- if response is 200
- if cookie 'lemonldap' and 'lemonldappdata' have no value
- if a GET request with previous cookie value ($i) is rejected
_get( $path, %args )
Simulates a GET requests to $path. Accepted arguments:
- accept: accepted content, default to Ajax request. Use 'text/html'
to test content (to launch a
expectForm()for example). - cookie: full cookie string
- custom: additional headers (hash ref only)
- ip: remote address. Default to 127.0.0.1
- method: default to GET. Only GET/DELETE values are acceptable
(use
_post()if you want to launch a POST/PUT request) - query: query string
- referer
- remote_user: REMOTE_USER header value
_post( $path, $body, %args )
Same as _get except that a body is required. $body must be a file handle.
Example with IO::String:
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=dwho'),
length => 23
),
'Auth query'
);
_delete( $path, %args )
Call _get() with method set to DELETE.
_put( $path, $body, %args )
Call _post() with method set to PUT