Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 2980f2429ad80f2bdd8582209fd4b0e4af702552 / . / t / plugin / auth-oauth.t
blob: 2769515fbe58dac72266b734c5616836b835a8fa [file] [log] [blame]
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]1use Mojo::Base -strict;
2use Test::More;
3use Test::Mojo;
4use Mojo::File qw/path/;
5use Data::Dumper;
6
7
8#####################
9# Start Fake server #
10#####################
11my $mount_point = '/api/';
12$ENV{KALAMAR_API} = $mount_point;
13
14my $t = Test::Mojo->new('Kalamar' => {
15 Kalamar => {
16 plugins => ['Auth']
17 },
18 'Kalamar-Auth' => {
19 client_id => 2,
20 client_secret => 'k414m4r-s3cr3t',
21 oauth2 => 1
22 }
23});
24
25# Mount fake backend
26# Get the fixture path
27my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
28my $fake_backend = $t->app->plugin(
29 Mount => {
30 $mount_point =>
31 $fixtures_path->child('mock.pl')
32 }
33);
34# Configure fake backend
35$fake_backend->pattern->defaults->{app}->log($t->app->log);
36
37$t->get_ok('/api')
38 ->status_is(200)
39 ->content_is('Fake server available');
40
41$t->get_ok('/?q=Baum')
42 ->status_is(200)
43 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
44 ->text_like('#total-results', qr/\d+$/)
45 ->content_like(qr/\"authorized\"\:null/)
46 ->element_exists_not('div.button.top a')
47 ->element_exists_not('aside.active')
48 ->element_exists_not('aside.off')
49 ;
50
51$t->get_ok('/')
52 ->status_is(200)
53 ->element_exists('form[action=/user/login] input[name=handle_or_email]')
54 ->element_exists('aside.active')
55 ->element_exists_not('aside.off')
56 ;
57
58$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
59 ->status_is(302)
60 ->header_is('Location' => '/');
61
62$t->get_ok('/')
63 ->status_is(200)
64 ->element_exists('div.notify-error')
65 ->text_is('div.notify-error', 'Bad CSRF token')
66 ->element_exists('input[name=handle_or_email][value=test]')
67 ->element_exists_not('div.button.top a')
68 ;
69
70$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
71 ->status_is(302)
72 ->header_is('Location' => '/');
73
74my $csrf = $t->get_ok('/')
75 ->status_is(200)
76 ->element_exists('div.notify-error')
77 ->text_is('div.notify-error', 'Bad CSRF token')
78 ->element_exists_not('div.button.top a')
79 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
80 ;
81
82$t->post_ok('/user/login' => form => {
83 handle_or_email => 'test',
84 pwd => 'ldaperr',
85 csrf_token => $csrf
86})
87 ->status_is(302)
88 ->content_is('')
89 ->header_is('Location' => '/');
90
91$csrf = $t->get_ok('/')
92 ->status_is(200)
93 ->element_exists('div.notify-error')
94 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
95 ->element_exists('input[name=handle_or_email][value=test]')
96 ->element_exists_not('div.button.top a')
97 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
98 ;
99
100$t->post_ok('/user/login' => form => {
101 handle_or_email => 'test',
102 pwd => 'unknown',
103 csrf_token => $csrf
104})
105 ->status_is(302)
106 ->content_is('')
107 ->header_is('Location' => '/');
108
109$csrf = $t->get_ok('/')
110 ->status_is(200)
111 ->element_exists('div.notify-error')
112 ->text_is('div.notify-error', 'Access denied')
113 ->element_exists('input[name=handle_or_email][value=test]')
114 ->element_exists_not('div.button.top a')
115 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
116 ;
117
118$t->post_ok('/user/login' => form => {
119 handle_or_email => 'test',
120 pwd => 'pass',
121 csrf_token => $csrf
122})
123 ->status_is(302)
124 ->content_is('')
125 ->header_is('Location' => '/');
126
127$t->get_ok('/')
128 ->status_is(200)
129 ->element_exists_not('div.notify-error')
130 ->element_exists('div.notify-success')
131 ->text_is('div.notify-success', 'Login successful')
132 ->element_exists('aside.off')
133 ->element_exists_not('aside.active')
134 ;
135
136
137# Now the user is logged in and should be able to
138# search with authorization
139$t->get_ok('/?q=Baum')
140 ->status_is(200)
141 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
142 ->text_like('#total-results', qr/\d+$/)
143 ->element_exists_not('div.notify-error')
144 ->content_like(qr/\"authorized\"\:\"yes\"/)
145 ->element_exists('div.button.top a')
146 ->element_exists('div.button.top a.logout[title~="test"]')
147 ;
148
149# Logout
150$t->get_ok('/user/logout')
151 ->status_is(302)
152 ->header_is('Location' => '/');
153
154$t->get_ok('/')
155 ->status_is(200)
156 ->element_exists_not('div.notify-error')
157 ->element_exists('div.notify-success')
158 ->text_is('div.notify-success', 'Logout successful')
159 ;
160
161$t->get_ok('/?q=Baum')
162 ->status_is(200)
163 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
164 ->text_like('#total-results', qr/\d+$/)
165 ->content_like(qr/\"authorized\"\:null/)
166 ;
167
168# Get redirect
169my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
170 ->status_is(200)
171 ->element_exists_not('div.notify-error')
172 ->tx->res->dom->at('input[name=fwd]')->attr('value')
173 ;
174
175is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
176
177$t->post_ok('/user/login' => form => {
178 handle_or_email => 'test',
179 pwd => 'pass',
180 csrf_token => $csrf,
181 fwd => 'http://bad.example.com/test'
182})
183 ->status_is(302)
184 ->header_is('Location' => '/');
185
186$t->get_ok('/')
187 ->status_is(200)
188 ->element_exists('div.notify-error')
189 ->element_exists_not('div.notify-success')
190 ->text_is('div.notify-error', 'Redirect failure')
191 ;
192
193$t->post_ok('/user/login' => form => {
194 handle_or_email => 'test',
195 pwd => 'pass',
196 csrf_token => $csrf,
197 fwd => $fwd
198})
199 ->status_is(302)
200 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
201
202
203done_testing;
204__END__
205
206
207# Login mit falschem Nutzernamen:
208# 400 und:
209{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
210