Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 013c39f7fc48ab1455d8f9b3f40169e497811bea / . / t / plugin / auth.t
blob: 1d1a375181f447eb7b35c02a443beada9ff7dc18 [file] [log] [blame]
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]1use Mojo::Base -strict;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]2use Test::More;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]3use Test::Mojo;
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]4use Mojo::File qw/path/;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]5use Data::Dumper;
6
Akron32396632018-10-11 17:08:37 +0200[diff] [blame]7
8#####################
9# Start Fake server #
10#####################
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]11my $mount_point = '/realapi/';
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]12$ENV{KALAMAR_API} = $mount_point;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]13
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]14my $t = Test::Mojo->new('Kalamar' => {
15 Kalamar => {
Akron7fb78d62021-06-10 12:51:13 +0200[diff] [blame]16 plugins => ['Auth'],
17 },
18 'Kalamar-Auth' => {
19 jwt => 1
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]20 }
21});
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]22
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]23# Mount fake backend
24# Get the fixture path
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]25my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]26my $fake_backend = $t->app->plugin(
27 Mount => {
28 $mount_point =>
Akron73f36082018-10-25 15:34:59 +0200[diff] [blame]29 $fixtures_path->child('mock.pl')
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]30 }
31);
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]32# Configure fake backend
33$fake_backend->pattern->defaults->{app}->log($t->app->log);
34
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]35my $q = qr!(?:\"|")!;
36
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]37$t->get_ok('/realapi/v1.0')
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]38 ->status_is(200)
39 ->content_is('Fake server available');
Akron7d75ee32017-05-02 13:42:41 +0200[diff] [blame]40
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]41$t->get_ok('/?q=Baum')
42 ->status_is(200)
43 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
44 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]45 ->content_like(qr/${q}authorized${q}:null/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]46 ->element_exists_not('div.button.top a')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]47 ->element_exists_not('aside.active')
48 ->element_exists_not('aside.off')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]49 ;
50
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]51$t->get_ok('/')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]52 ->status_is(200)
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]53 ->element_exists('form[action=/user/login] input[name=handle]')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]54 ->element_exists('aside.active')
55 ->element_exists_not('aside.off')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]56 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]57
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]58$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' })
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]59 ->status_is(302)
60 ->header_is('Location' => '/');
61
62$t->get_ok('/')
63 ->status_is(200)
64 ->element_exists('div.notify-error')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]65 ->text_is('div.notify-error', 'Bad CSRF token')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]66 ->element_exists('input[name=handle][value=test]')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]67 ->element_exists_not('div.button.top a')
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]68 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]69
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]70$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'pass' })
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]71 ->status_is(302)
72 ->header_is('Location' => '/');
73
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]74my $csrf = $t->get_ok('/')
75 ->status_is(200)
76 ->element_exists('div.notify-error')
77 ->text_is('div.notify-error', 'Bad CSRF token')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]78 ->element_exists_not('div.button.top a')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]79 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
80 ;
81
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]82$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]83 handle => 'test',
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]84 pwd => 'ldaperr',
85 csrf_token => $csrf
86})
87 ->status_is(302)
88 ->content_is('')
89 ->header_is('Location' => '/');
90
91$csrf = $t->get_ok('/')
92 ->status_is(200)
93 ->element_exists('div.notify-error')
94 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]95 ->element_exists('input[name=handle][value=test]')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]96 ->element_exists_not('div.button.top a')
97 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
98 ;
99
100$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]101 handle => 'test',
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]102 pwd => 'unknown',
103 csrf_token => $csrf
104})
105 ->status_is(302)
106 ->content_is('')
107 ->header_is('Location' => '/');
108
109$csrf = $t->get_ok('/')
110 ->status_is(200)
111 ->element_exists('div.notify-error')
112 ->text_is('div.notify-error', 'Access denied')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]113 ->element_exists('input[name=handle][value=test]')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]114 ->element_exists_not('div.button.top a')
115 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
116 ;
117
118$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]119 handle => 'test',
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]120 pwd => 'pass',
121 csrf_token => $csrf
122})
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]123 ->status_is(302)
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]124 ->content_is('')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]125 ->header_is('Location' => '/');
126
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]127$t->get_ok('/')
128 ->status_is(200)
129 ->element_exists_not('div.notify-error')
130 ->element_exists('div.notify-success')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]131 ->text_is('div.notify-success', 'Login successful')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]132 ->element_exists('aside.off')
133 ->element_exists_not('aside.active')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]134 ;
135
136# Now the user is logged in and should be able to
137# search with authorization
138$t->get_ok('/?q=Baum')
139 ->status_is(200)
140 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
141 ->text_like('#total-results', qr/\d+$/)
142 ->element_exists_not('div.notify-error')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]143 ->content_like(qr/${q}authorized${q}:${q}test${q}/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]144 ->element_exists('div.button.top a')
145 ->element_exists('div.button.top a.logout[title~="test"]')
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]146 ;
147
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]148# Logout
149$t->get_ok('/user/logout')
150 ->status_is(302)
151 ->header_is('Location' => '/');
152
153$t->get_ok('/')
154 ->status_is(200)
155 ->element_exists_not('div.notify-error')
156 ->element_exists('div.notify-success')
157 ->text_is('div.notify-success', 'Logout successful')
158 ;
159
160$t->get_ok('/?q=Baum')
161 ->status_is(200)
162 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
163 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]164 ->content_like(qr/${q}authorized${q}:null/)
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]165 ;
166
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]167# Get redirect
168my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
169 ->status_is(200)
170 ->element_exists_not('div.notify-error')
171 ->tx->res->dom->at('input[name=fwd]')->attr('value')
172 ;
173
174is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
175
176$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]177 handle => 'test',
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]178 pwd => 'pass',
179 csrf_token => $csrf,
180 fwd => 'http://bad.example.com/test'
181})
182 ->status_is(302)
183 ->header_is('Location' => '/');
184
185$t->get_ok('/')
186 ->status_is(200)
187 ->element_exists('div.notify-error')
188 ->element_exists_not('div.notify-success')
189 ->text_is('div.notify-error', 'Redirect failure')
190 ;
191
192$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]193 handle => 'test',
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]194 pwd => 'pass',
195 csrf_token => $csrf,
196 fwd => $fwd
197})
198 ->status_is(302)
199 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
200
201
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]202done_testing;
203__END__
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]204
205
Akron1b0c2652017-04-27 15:28:49 +0200[diff] [blame]206# Login mit falschem Nutzernamen:
207# 400 und:
208{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
209
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]210
211
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]212ok(!$c->user->get('details'), 'User not logged in');
213
214# Login with user credentials
215ok($c->user->login('kustvakt', 'kustvakt2015'), 'Login with demo user');
216is($c->stash('user'), 'kustvakt', 'Kustvakt is logged in');
217like($c->stash('auth'), qr/^api_token /, 'Kustvakt is logged in');
218
219my $details = $c->user->get('details');
220is($details->{email}, 'kustvakt@ids-mannheim.de', 'Email');
221is($details->{firstName}, 'Kustvakt', 'Firstname');
222is($details->{lastName}, 'KorAP', 'Lastname');
223is($details->{country}, 'Germany', 'Country');
224is($details->{address}, 'Mannheim', 'Address');
225is($details->{username}, 'kustvakt', 'Username');
226is($details->{institution}, 'IDS Mannheim', 'Institution');
227
228my $settings = $c->user->get('settings');
229is($settings->{username}, 'kustvakt', 'Username');
230
231# ok($c->user->set(details => { firstName => 'Me' }), 'Set first name');
232#ok($c->user->set(details => {
233# firstName => 'Akron',
234# lastName => 'Fuxfell'
235#}), 'Set first name');
236
237# diag Dumper $c->user->get('info');
238
239ok(1,'Fine');
240
241done_testing;
242__END__