Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 1 | use Mojo::Base -strict; |
| 2 | use Test::More; |
| 3 | use Test::Mojo; |
| 4 | use Mojo::File qw/path/; |
| 5 | use utf8; |
| 6 | |
| 7 | my $t = Test::Mojo->new('Kalamar' => { |
| 8 | Kalamar => { |
| 9 | plugins => ['Auth'] |
Akron | 7fb78d6 | 2021-06-10 12:51:13 +0200 | [diff] [blame] | 10 | }, |
| 11 | 'Kalamar-Auth' => { |
| 12 | client_id => 2, |
| 13 | client_secret => 'k414m4r-s3cr3t', |
| 14 | oauth2 => 1 |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 15 | } |
| 16 | }); |
| 17 | |
| 18 | $t->app->mode('production'); |
| 19 | |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 20 | my $q = qr!(?:\"|")!; |
| 21 | |
Akron | e208d30 | 2020-11-28 11:14:50 +0100 | [diff] [blame] | 22 | $t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' }) |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 23 | ->status_is(302) |
| 24 | ->header_is('Location' => '/'); |
| 25 | |
| 26 | $t->get_ok('/') |
| 27 | ->status_is(200) |
| 28 | ->element_exists('link[rel=stylesheet][href^=/css/kalamar-]') |
| 29 | ->element_exists('script[src^=/js/kalamar-]') |
| 30 | ->element_exists('div.notify-error') |
| 31 | ->text_is('div.notify-error', 'Bad CSRF token') |
Akron | e208d30 | 2020-11-28 11:14:50 +0100 | [diff] [blame] | 32 | ->element_exists('input[name=handle][value=test]') |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 33 | ->element_exists_not('div.button.top a') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 34 | ->attr_is('body','data-korap-url','') |
Akron | 1bee5a4 | 2021-01-13 17:44:18 +0100 | [diff] [blame] | 35 | ->header_exists_not('Strict-Transport-Security') |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 36 | ; |
| 37 | |
| 38 | is('kalamar',$t->app->sessions->cookie_name); |
| 39 | ok(!$t->app->sessions->secure); |
| 40 | |
| 41 | $t = Test::Mojo->new('Kalamar' => { |
| 42 | Kalamar => { |
| 43 | plugins => ['Auth'], |
| 44 | https_only => 1 |
Akron | 7fb78d6 | 2021-06-10 12:51:13 +0200 | [diff] [blame] | 45 | }, |
| 46 | 'Kalamar-Auth' => { |
| 47 | client_id => 2, |
| 48 | client_secret => 'k414m4r-s3cr3t', |
| 49 | oauth2 => 1 |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 50 | } |
| 51 | }); |
| 52 | |
Akron | e208d30 | 2020-11-28 11:14:50 +0100 | [diff] [blame] | 53 | $t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' }) |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 54 | ->status_is(302) |
Akron | 1bee5a4 | 2021-01-13 17:44:18 +0100 | [diff] [blame] | 55 | ->header_is('Location' => '/') |
| 56 | ->header_is('Strict-Transport-Security', 'max-age=3600; includeSubDomains') |
| 57 | ; |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 58 | |
| 59 | $t->get_ok('/') |
| 60 | ->status_is(200) |
| 61 | ->element_exists_not('div.notify-error') |
| 62 | ; |
| 63 | |
| 64 | is('kalamar',$t->app->sessions->cookie_name); |
| 65 | ok($t->app->sessions->secure); |
| 66 | |
| 67 | $t = Test::Mojo->new('Kalamar' => { |
| 68 | Kalamar => { |
| 69 | plugins => ['Auth'], |
| 70 | proxy_prefix => '/korap/test', |
| 71 | https_only => 1 |
Akron | 7fb78d6 | 2021-06-10 12:51:13 +0200 | [diff] [blame] | 72 | }, |
| 73 | 'Kalamar-Auth' => { |
| 74 | client_id => 2, |
| 75 | client_secret => 'k414m4r-s3cr3t', |
| 76 | oauth2 => 1 |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 77 | } |
| 78 | }); |
| 79 | |
| 80 | $t->app->mode('production'); |
| 81 | |
| 82 | $t->get_ok('/') |
| 83 | ->status_is(200) |
| 84 | ->element_exists('link[rel=stylesheet][href^=/korap/test/css/kalamar-]') |
| 85 | ->element_exists('script[src^=/korap/test/js/kalamar-]') |
| 86 | ; |
| 87 | |
| 88 | is('kalamar-koraptest',$t->app->sessions->cookie_name); |
| 89 | ok($t->app->sessions->secure); |
| 90 | |
Akron | e208d30 | 2020-11-28 11:14:50 +0100 | [diff] [blame] | 91 | $t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' }) |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 92 | ->status_is(302) |
| 93 | ->header_is('Location' => '/'); |
| 94 | |
| 95 | # Session can't be used |
| 96 | $t->get_ok('/') |
| 97 | ->status_is(200) |
| 98 | ->element_exists_not('div.notify-error') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 99 | ->attr_is('body','data-korap-url','/korap/test') |
Akron | 0c4cd22 | 2019-07-19 16:33:34 +0200 | [diff] [blame] | 100 | ; |
| 101 | |
| 102 | |
| 103 | done_testing(); |