Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 8bbbecf5bbcc9062714b62520e0dbf9ffc28e668 / . / t / plugin / auth-oauth.t
blob: d67837fed6fd23223656d51ec0df3fa23e03917e [file] [log] [blame]
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]1use Mojo::Base -strict;
2use Test::More;
3use Test::Mojo;
4use Mojo::File qw/path/;
5use Data::Dumper;
6
7
8#####################
9# Start Fake server #
10#####################
11my $mount_point = '/api/';
12$ENV{KALAMAR_API} = $mount_point;
13
14my $t = Test::Mojo->new('Kalamar' => {
15 Kalamar => {
16 plugins => ['Auth']
17 },
18 'Kalamar-Auth' => {
19 client_id => 2,
20 client_secret => 'k414m4r-s3cr3t',
21 oauth2 => 1
22 }
23});
24
25# Mount fake backend
26# Get the fixture path
27my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
28my $fake_backend = $t->app->plugin(
29 Mount => {
30 $mount_point =>
31 $fixtures_path->child('mock.pl')
32 }
33);
34# Configure fake backend
35$fake_backend->pattern->defaults->{app}->log($t->app->log);
36
37$t->get_ok('/api')
38 ->status_is(200)
39 ->content_is('Fake server available');
40
41$t->get_ok('/?q=Baum')
42 ->status_is(200)
43 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
44 ->text_like('#total-results', qr/\d+$/)
45 ->content_like(qr/\"authorized\"\:null/)
46 ->element_exists_not('div.button.top a')
47 ->element_exists_not('aside.active')
48 ->element_exists_not('aside.off')
49 ;
50
51$t->get_ok('/')
52 ->status_is(200)
53 ->element_exists('form[action=/user/login] input[name=handle_or_email]')
54 ->element_exists('aside.active')
55 ->element_exists_not('aside.off')
56 ;
57
58$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
59 ->status_is(302)
60 ->header_is('Location' => '/');
61
62$t->get_ok('/')
63 ->status_is(200)
64 ->element_exists('div.notify-error')
65 ->text_is('div.notify-error', 'Bad CSRF token')
66 ->element_exists('input[name=handle_or_email][value=test]')
67 ->element_exists_not('div.button.top a')
68 ;
69
70$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
71 ->status_is(302)
72 ->header_is('Location' => '/');
73
74my $csrf = $t->get_ok('/')
75 ->status_is(200)
76 ->element_exists('div.notify-error')
77 ->text_is('div.notify-error', 'Bad CSRF token')
78 ->element_exists_not('div.button.top a')
79 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
80 ;
81
82$t->post_ok('/user/login' => form => {
83 handle_or_email => 'test',
84 pwd => 'ldaperr',
85 csrf_token => $csrf
86})
87 ->status_is(302)
88 ->content_is('')
89 ->header_is('Location' => '/');
90
91$csrf = $t->get_ok('/')
92 ->status_is(200)
93 ->element_exists('div.notify-error')
94 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
95 ->element_exists('input[name=handle_or_email][value=test]')
96 ->element_exists_not('div.button.top a')
97 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
98 ;
99
100$t->post_ok('/user/login' => form => {
101 handle_or_email => 'test',
102 pwd => 'unknown',
103 csrf_token => $csrf
104})
105 ->status_is(302)
106 ->content_is('')
107 ->header_is('Location' => '/');
108
109$csrf = $t->get_ok('/')
110 ->status_is(200)
111 ->element_exists('div.notify-error')
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame^]112 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]113 ->element_exists('input[name=handle_or_email][value=test]')
114 ->element_exists_not('div.button.top a')
115 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
116 ;
117
118$t->post_ok('/user/login' => form => {
119 handle_or_email => 'test',
120 pwd => 'pass',
121 csrf_token => $csrf
122})
123 ->status_is(302)
124 ->content_is('')
125 ->header_is('Location' => '/');
126
127$t->get_ok('/')
128 ->status_is(200)
129 ->element_exists_not('div.notify-error')
130 ->element_exists('div.notify-success')
131 ->text_is('div.notify-success', 'Login successful')
132 ->element_exists('aside.off')
133 ->element_exists_not('aside.active')
134 ;
135
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]136# Now the user is logged in and should be able to
137# search with authorization
138$t->get_ok('/?q=Baum')
139 ->status_is(200)
140 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
141 ->text_like('#total-results', qr/\d+$/)
142 ->element_exists_not('div.notify-error')
143 ->content_like(qr/\"authorized\"\:\"yes\"/)
144 ->element_exists('div.button.top a')
145 ->element_exists('div.button.top a.logout[title~="test"]')
146 ;
147
148# Logout
149$t->get_ok('/user/logout')
150 ->status_is(302)
151 ->header_is('Location' => '/');
152
153$t->get_ok('/')
154 ->status_is(200)
155 ->element_exists_not('div.notify-error')
156 ->element_exists('div.notify-success')
157 ->text_is('div.notify-success', 'Logout successful')
158 ;
159
160$t->get_ok('/?q=Baum')
161 ->status_is(200)
162 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
163 ->text_like('#total-results', qr/\d+$/)
164 ->content_like(qr/\"authorized\"\:null/)
165 ;
166
167# Get redirect
168my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
169 ->status_is(200)
170 ->element_exists_not('div.notify-error')
171 ->tx->res->dom->at('input[name=fwd]')->attr('value')
172 ;
173
174is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
175
176$t->post_ok('/user/login' => form => {
177 handle_or_email => 'test',
178 pwd => 'pass',
179 csrf_token => $csrf,
180 fwd => 'http://bad.example.com/test'
181})
182 ->status_is(302)
183 ->header_is('Location' => '/');
184
185$t->get_ok('/')
186 ->status_is(200)
187 ->element_exists('div.notify-error')
188 ->element_exists_not('div.notify-success')
189 ->text_is('div.notify-error', 'Redirect failure')
190 ;
191
192$t->post_ok('/user/login' => form => {
193 handle_or_email => 'test',
194 pwd => 'pass',
195 csrf_token => $csrf,
196 fwd => $fwd
197})
198 ->status_is(302)
199 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
200
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame^]201$t->get_ok('/?q=Baum&ql=poliqarp')
202 ->status_is(200)
203 ->element_exists_not('div.notify-error')
204 ->element_exists('div.notify-success')
205 ->text_is('div.notify-success', 'Login successful')
206 ;
207
208$t->app->routes->get(
209 '/user/refresh' => sub {
210 my $c = shift;
211
212 my $old_auth = $c->auth->token;
213 my $refresh = $c->chi('user')->get("refr_$old_auth");
214
215 $c->auth->refresh_token($refresh)->then(
216 sub {
217 my $new_auth = $c->auth->token;
218 $c->notify(success => $new_auth . ' vs. ' . $old_auth);
219 }
220 )->catch(
221 sub {
222
223 # Notify the user on login failure
224 unless (@_) {
225 $c->notify(error => $c->loc('Auth_refreshFail'));
226 }
227
228 # There are known errors
229 foreach (@_) {
230 if (ref $_ eq 'HASH') {
231 my $err = ($_->{code} ? $_->{code} . ': ' : '') .
232 $_->{message};
233 $c->notify(error => $err);
234 }
235 else {
236 $c->notify(error => $_);
237 }
238 };
239 }
240 )->finally(
241 sub {
242 return $c->redirect_to('index');
243 }
244 )->wait;
245 }
246);
247
248$t->get_ok('/user/refresh')
249 ->status_is(302)
250 ->header_is('Location' => '/');
251
252$t->get_ok('/')
253 ->status_is(200)
254 ->element_exists_not('div.notify-error')
255 ->element_exists('div.notify-success')
256 ->text_like('div.notify-success', qr!Bearer abcde vs\. Bearer .{6,}!)
257 ;
258
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]259
260done_testing;
261__END__
262
263
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame^]264
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]265# Login mit falschem Nutzernamen:
266# 400 und:
267{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
268