Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 0a4d36e416f49f1093d0b4f58b31996846b5f5fc / . / t / plugin / auth.t
blob: f5351de19761bb50794c7a411ae1efc40f12f159 [file] [log] [blame]
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]1use Mojo::Base -strict;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]2use Test::More;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]3use Test::Mojo;
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]4use Mojo::File qw/path/;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]5use Data::Dumper;
6
Akron32396632018-10-11 17:08:37 +0200[diff] [blame]7
8#####################
9# Start Fake server #
10#####################
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]11my $mount_point = '/realapi/';
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]12$ENV{KALAMAR_API} = $mount_point;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]13
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]14my $t = Test::Mojo->new('Kalamar' => {
15 Kalamar => {
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]16 plugins => ['Auth']
17 }
18});
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]19
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]20# Mount fake backend
21# Get the fixture path
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]22my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]23my $fake_backend = $t->app->plugin(
24 Mount => {
25 $mount_point =>
Akron73f36082018-10-25 15:34:59 +0200[diff] [blame]26 $fixtures_path->child('mock.pl')
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]27 }
28);
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]29# Configure fake backend
30$fake_backend->pattern->defaults->{app}->log($t->app->log);
31
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]32my $q = qr!(?:\"|")!;
33
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]34$t->get_ok('/realapi/v1.0')
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]35 ->status_is(200)
36 ->content_is('Fake server available');
Akron7d75ee32017-05-02 13:42:41 +0200[diff] [blame]37
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]38$t->get_ok('/?q=Baum')
39 ->status_is(200)
40 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
41 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]42 ->content_like(qr/${q}authorized${q}:null/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]43 ->element_exists_not('div.button.top a')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]44 ->element_exists_not('aside.active')
45 ->element_exists_not('aside.off')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]46 ;
47
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]48$t->get_ok('/')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]49 ->status_is(200)
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]50 ->element_exists('form[action=/user/login] input[name=handle]')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]51 ->element_exists('aside.active')
52 ->element_exists_not('aside.off')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]53 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]54
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]55$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' })
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]56 ->status_is(302)
57 ->header_is('Location' => '/');
58
59$t->get_ok('/')
60 ->status_is(200)
61 ->element_exists('div.notify-error')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]62 ->text_is('div.notify-error', 'Bad CSRF token')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]63 ->element_exists('input[name=handle][value=test]')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]64 ->element_exists_not('div.button.top a')
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]65 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]66
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]67$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'pass' })
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]68 ->status_is(302)
69 ->header_is('Location' => '/');
70
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]71my $csrf = $t->get_ok('/')
72 ->status_is(200)
73 ->element_exists('div.notify-error')
74 ->text_is('div.notify-error', 'Bad CSRF token')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]75 ->element_exists_not('div.button.top a')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]76 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
77 ;
78
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]79$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]80 handle => 'test',
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]81 pwd => 'ldaperr',
82 csrf_token => $csrf
83})
84 ->status_is(302)
85 ->content_is('')
86 ->header_is('Location' => '/');
87
88$csrf = $t->get_ok('/')
89 ->status_is(200)
90 ->element_exists('div.notify-error')
91 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]92 ->element_exists('input[name=handle][value=test]')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]93 ->element_exists_not('div.button.top a')
94 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
95 ;
96
97$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]98 handle => 'test',
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]99 pwd => 'unknown',
100 csrf_token => $csrf
101})
102 ->status_is(302)
103 ->content_is('')
104 ->header_is('Location' => '/');
105
106$csrf = $t->get_ok('/')
107 ->status_is(200)
108 ->element_exists('div.notify-error')
109 ->text_is('div.notify-error', 'Access denied')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]110 ->element_exists('input[name=handle][value=test]')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]111 ->element_exists_not('div.button.top a')
112 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
113 ;
114
115$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]116 handle => 'test',
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]117 pwd => 'pass',
118 csrf_token => $csrf
119})
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]120 ->status_is(302)
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]121 ->content_is('')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]122 ->header_is('Location' => '/');
123
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]124$t->get_ok('/')
125 ->status_is(200)
126 ->element_exists_not('div.notify-error')
127 ->element_exists('div.notify-success')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]128 ->text_is('div.notify-success', 'Login successful')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]129 ->element_exists('aside.off')
130 ->element_exists_not('aside.active')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]131 ;
132
133# Now the user is logged in and should be able to
134# search with authorization
135$t->get_ok('/?q=Baum')
136 ->status_is(200)
137 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
138 ->text_like('#total-results', qr/\d+$/)
139 ->element_exists_not('div.notify-error')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]140 ->content_like(qr/${q}authorized${q}:${q}test${q}/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]141 ->element_exists('div.button.top a')
142 ->element_exists('div.button.top a.logout[title~="test"]')
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]143 ;
144
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]145# Logout
146$t->get_ok('/user/logout')
147 ->status_is(302)
148 ->header_is('Location' => '/');
149
150$t->get_ok('/')
151 ->status_is(200)
152 ->element_exists_not('div.notify-error')
153 ->element_exists('div.notify-success')
154 ->text_is('div.notify-success', 'Logout successful')
155 ;
156
157$t->get_ok('/?q=Baum')
158 ->status_is(200)
159 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
160 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]161 ->content_like(qr/${q}authorized${q}:null/)
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]162 ;
163
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]164# Get redirect
165my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
166 ->status_is(200)
167 ->element_exists_not('div.notify-error')
168 ->tx->res->dom->at('input[name=fwd]')->attr('value')
169 ;
170
171is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
172
173$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]174 handle => 'test',
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]175 pwd => 'pass',
176 csrf_token => $csrf,
177 fwd => 'http://bad.example.com/test'
178})
179 ->status_is(302)
180 ->header_is('Location' => '/');
181
182$t->get_ok('/')
183 ->status_is(200)
184 ->element_exists('div.notify-error')
185 ->element_exists_not('div.notify-success')
186 ->text_is('div.notify-error', 'Redirect failure')
187 ;
188
189$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]190 handle => 'test',
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]191 pwd => 'pass',
192 csrf_token => $csrf,
193 fwd => $fwd
194})
195 ->status_is(302)
196 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
197
198
199
200
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]201done_testing;
202__END__
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]203
204
Akron1b0c2652017-04-27 15:28:49 +0200[diff] [blame]205# Login mit falschem Nutzernamen:
206# 400 und:
207{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
208
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]209
210
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]211ok(!$c->user->get('details'), 'User not logged in');
212
213# Login with user credentials
214ok($c->user->login('kustvakt', 'kustvakt2015'), 'Login with demo user');
215is($c->stash('user'), 'kustvakt', 'Kustvakt is logged in');
216like($c->stash('auth'), qr/^api_token /, 'Kustvakt is logged in');
217
218my $details = $c->user->get('details');
219is($details->{email}, 'kustvakt@ids-mannheim.de', 'Email');
220is($details->{firstName}, 'Kustvakt', 'Firstname');
221is($details->{lastName}, 'KorAP', 'Lastname');
222is($details->{country}, 'Germany', 'Country');
223is($details->{address}, 'Mannheim', 'Address');
224is($details->{username}, 'kustvakt', 'Username');
225is($details->{institution}, 'IDS Mannheim', 'Institution');
226
227my $settings = $c->user->get('settings');
228is($settings->{username}, 'kustvakt', 'Username');
229
230# ok($c->user->set(details => { firstName => 'Me' }), 'Set first name');
231#ok($c->user->set(details => {
232# firstName => 'Akron',
233# lastName => 'Fuxfell'
234#}), 'Set first name');
235
236# diag Dumper $c->user->get('info');
237
238ok(1,'Fine');
239
240done_testing;
241__END__