blob: bd1dee873e50e3d0b96494ee88220a9a9dacdd17 [file] [log] [blame]
use Mojo::Base -strict;
use Test::More;
use Test::Mojo;
use Mojo::File qw/path/;
use Data::Dumper;
# Start Fake server #
my $mount_point = '/api/';
$ENV{KALAMAR_API} = $mount_point;
my $t = Test::Mojo->new('Kalamar' => {
Kalamar => {
plugins => ['Auth']
'Kalamar-Auth' => {
client_id => 2,
client_secret => 'k414m4r-s3cr3t',
oauth2 => 1
# Mount fake backend
# Get the fixture path
my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
my $fake_backend = $t->app->plugin(
Mount => {
$mount_point =>
# Configure fake backend
->content_is('Fake server available');
->text_like('h1 span', qr/KorAP: Find .Baum./i)
->text_like('#total-results', qr/\d+$/)
->element_exists_not(' a')
->element_exists('form[action=/user/login] input[name=handle_or_email]')
$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
->header_is('Location' => '/');
->text_is('div.notify-error', 'Bad CSRF token')
->element_exists_not(' a')
$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
->header_is('Location' => '/');
my $csrf = $t->get_ok('/')
->text_is('div.notify-error', 'Bad CSRF token')
->element_exists_not(' a')
$t->post_ok('/user/login' => form => {
handle_or_email => 'test',
pwd => 'ldaperr',
csrf_token => $csrf
->header_is('Location' => '/');
$csrf = $t->get_ok('/')
->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
->element_exists_not(' a')
$t->post_ok('/user/login' => form => {
handle_or_email => 'test',
pwd => 'unknown',
csrf_token => $csrf
->header_is('Location' => '/');
$csrf = $t->get_ok('/')
->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
->element_exists_not(' a')
$t->post_ok('/user/login' => form => {
handle_or_email => 'test',
pwd => 'pass',
csrf_token => $csrf
->header_is('Location' => '/');
->text_is('div.notify-success', 'Login successful')
# Now the user is logged in and should be able to
# search with authorization
->text_like('h1 span', qr/KorAP: Find .Baum./i)
->text_like('#total-results', qr/\d+$/)
->element_exists(' a')
->element_exists(' a.logout[title~="test"]')
# Logout
->header_is('Location' => '/');
->text_is('div.notify-success', 'Logout successful')
->text_like('h1 span', qr/KorAP: Find .Baum./i)
->text_like('#total-results', qr/\d+$/)
# Get redirect
my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
$t->post_ok('/user/login' => form => {
handle_or_email => 'test',
pwd => 'pass',
csrf_token => $csrf,
fwd => ''
->header_is('Location' => '/');
->text_is('div.notify-error', 'Redirect failure')
$t->post_ok('/user/login' => form => {
handle_or_email => 'test',
pwd => 'pass',
csrf_token => $csrf,
fwd => $fwd
->header_is('Location' => '/?q=Baum&ql=poliqarp');
->text_is('div.notify-success', 'Login successful')
'/user/refresh' => sub {
my $c = shift;
my $old_auth = $c->auth->token;
my $refresh = $c->chi('user')->get("refr_$old_auth");
sub {
my $new_auth = $c->auth->token;
$c->notify(success => $new_auth . ' vs. ' . $old_auth);
sub {
# Notify the user on login failure
unless (@_) {
$c->notify(error => $c->loc('Auth_refreshFail'));
# There are known errors
foreach (@_) {
if (ref $_ eq 'HASH') {
my $err = ($_->{code} ? $_->{code} . ': ' : '') .
$c->notify(error => $err);
else {
$c->notify(error => $_);
sub {
return $c->redirect_to('index');
->header_is('Location' => '/');
->text_like('div.notify-success', qr!Bearer abcde vs\. Bearer .{6,}!)
# Test before_korap_request_hook
my $app = $t->app;
my $c = $app->build_controller;
my $tx = $app->build_tx('GET', '');
# Emit Hook to alter request
before_korap_request => ($c, $tx)
ok(!$tx->req->headers->authorization, 'No authorization');
# Set token
# Emit Hook to alter request
before_korap_request => ($c, $tx)
is($tx->req->headers->authorization, 'abcd', 'authorization');
# Override authorization in header
# Emit Hook to alter request
before_korap_request => ($c, $tx)
is($tx->req->headers->authorization, 'xyz', 'authorization');