Blame - t/plugin/auth.t - KorAP/Kalamar

blob: db19a36d1682c6da6adc8b9e868068709fafa7e2 [file] [log] [blame]

Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	1	use Mojo::Base -strict;
Akron	be9d5b3	2017-04-05 20:48:24 +0200	[diff] [blame]	2	use Test::More;
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	3	use Test::Mojo;
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	4	use Mojo::File qw/path/;
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	5	use Data::Dumper;
				6
Akron	3239663	2018-10-11 17:08:37 +0200	[diff] [blame]	7
				8	#####################
				9	# Start Fake server #
				10	#####################
Akron	63d963b	2019-07-05 15:35:51 +0200	[diff] [blame]	11	my $mount_point = '/realapi/';
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	12	$ENV{KALAMAR_API} = $mount_point;
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	13
Akron	864c293	2018-11-16 17:18:55 +0100	[diff] [blame]	14	my $t = Test::Mojo->new('Kalamar' => {
				15	Kalamar => {
Akron	7fb78d6	2021-06-10 12:51:13 +0200	[diff] [blame]	16	plugins => ['Auth'],
				17	},
				18	'Kalamar-Auth' => {
				19	jwt => 1
Akron	864c293	2018-11-16 17:18:55 +0100	[diff] [blame]	20	}
				21	});
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	22
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	23	# Mount fake backend
				24	# Get the fixture path
Akron	864c293	2018-11-16 17:18:55 +0100	[diff] [blame]	25	my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	26	my $fake_backend = $t->app->plugin(
				27	Mount => {
				28	$mount_point =>
Akron	73f3608	2018-10-25 15:34:59 +0200	[diff] [blame]	29	$fixtures_path->child('mock.pl')
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	30	}
				31	);
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	32	# Configure fake backend
				33	$fake_backend->pattern->defaults->{app}->log($t->app->log);
				34
Akron	bc6b3f2	2021-01-13 14:53:12 +0100	[diff] [blame]	35	my $q = qr!(?:\"\|")!;
				36
Akron	63d963b	2019-07-05 15:35:51 +0200	[diff] [blame]	37	$t->get_ok('/realapi/v1.0')
Akron	0e1ed24	2018-10-11 13:22:00 +0200	[diff] [blame]	38	->status_is(200)
				39	->content_is('Fake server available');
Akron	7d75ee3	2017-05-02 13:42:41 +0200	[diff] [blame]	40
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	41	$t->get_ok('/?q=Baum')
				42	->status_is(200)
				43	->text_like('h1 span', qr/KorAP: Find .Baum./i)
				44	->text_like('#total-results', qr/\d+$/)
Akron	bc6b3f2	2021-01-13 14:53:12 +0100	[diff] [blame]	45	->content_like(qr/${q}authorized${q}:null/)
Akron	c82b1bc	2018-11-18 18:06:14 +0100	[diff] [blame]	46	->element_exists_not('div.button.top a')
Akron	2d01d29	2018-11-23 11:17:35 +0100	[diff] [blame]	47	->element_exists_not('aside.active')
				48	->element_exists_not('aside.off')
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	49	;
				50
Akron	be9d5b3	2017-04-05 20:48:24 +0200	[diff] [blame]	51	$t->get_ok('/')
Akron	a9c8b0e	2018-11-16 20:20:28 +0100	[diff] [blame]	52	->status_is(200)
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	53	->element_exists('form[action=/user/login] input[name=handle_or_email]')
Akron	2d01d29	2018-11-23 11:17:35 +0100	[diff] [blame]	54	->element_exists('aside.active')
				55	->element_exists_not('aside.off')
Akron	a9c8b0e	2018-11-16 20:20:28 +0100	[diff] [blame]	56	;
Akron	be9d5b3	2017-04-05 20:48:24 +0200	[diff] [blame]	57
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	58	$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
Akron	741b2b1	2017-04-13 22:15:59 +0200	[diff] [blame]	59	->status_is(302)
				60	->header_is('Location' => '/');
				61
				62	$t->get_ok('/')
				63	->status_is(200)
				64	->element_exists('div.notify-error')
Akron	3d67306	2019-01-29 15:54:16 +0100	[diff] [blame]	65	->text_is('div.notify-error', 'Bad CSRF token')
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	66	->element_exists('input[name=handle_or_email][value=test]')
Akron	c82b1bc	2018-11-18 18:06:14 +0100	[diff] [blame]	67	->element_exists_not('div.button.top a')
Akron	741b2b1	2017-04-13 22:15:59 +0200	[diff] [blame]	68	;
Akron	be9d5b3	2017-04-05 20:48:24 +0200	[diff] [blame]	69
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	70	$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
Akron	e5ef4e0	2017-04-19 17:07:52 +0200	[diff] [blame]	71	->status_is(302)
				72	->header_is('Location' => '/');
				73
Akron	15158e0	2018-03-19 12:42:46 +0100	[diff] [blame]	74	my $csrf = $t->get_ok('/')
				75	->status_is(200)
				76	->element_exists('div.notify-error')
				77	->text_is('div.notify-error', 'Bad CSRF token')
Akron	c82b1bc	2018-11-18 18:06:14 +0100	[diff] [blame]	78	->element_exists_not('div.button.top a')
Akron	15158e0	2018-03-19 12:42:46 +0100	[diff] [blame]	79	->tx->res->dom->at('input[name=csrf_token]')->attr('value')
				80	;
				81
Akron	d7ed34b	2018-10-22 18:42:28 +0200	[diff] [blame]	82	$t->post_ok('/user/login' => form => {
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	83	handle_or_email => 'test',
Akron	3d67306	2019-01-29 15:54:16 +0100	[diff] [blame]	84	pwd => 'ldaperr',
				85	csrf_token => $csrf
				86	})
				87	->status_is(302)
				88	->content_is('')
				89	->header_is('Location' => '/');
				90
				91	$csrf = $t->get_ok('/')
				92	->status_is(200)
				93	->element_exists('div.notify-error')
				94	->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	95	->element_exists('input[name=handle_or_email][value=test]')
Akron	3d67306	2019-01-29 15:54:16 +0100	[diff] [blame]	96	->element_exists_not('div.button.top a')
				97	->tx->res->dom->at('input[name=csrf_token]')->attr('value')
				98	;
				99
				100	$t->post_ok('/user/login' => form => {
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	101	handle_or_email => 'test',
Akron	3d67306	2019-01-29 15:54:16 +0100	[diff] [blame]	102	pwd => 'unknown',
				103	csrf_token => $csrf
				104	})
				105	->status_is(302)
				106	->content_is('')
				107	->header_is('Location' => '/');
				108
				109	$csrf = $t->get_ok('/')
				110	->status_is(200)
				111	->element_exists('div.notify-error')
				112	->text_is('div.notify-error', 'Access denied')
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	113	->element_exists('input[name=handle_or_email][value=test]')
Akron	3d67306	2019-01-29 15:54:16 +0100	[diff] [blame]	114	->element_exists_not('div.button.top a')
				115	->tx->res->dom->at('input[name=csrf_token]')->attr('value')
				116	;
				117
				118	$t->post_ok('/user/login' => form => {
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	119	handle_or_email => 'test',
Akron	d7ed34b	2018-10-22 18:42:28 +0200	[diff] [blame]	120	pwd => 'pass',
				121	csrf_token => $csrf
				122	})
Akron	15158e0	2018-03-19 12:42:46 +0100	[diff] [blame]	123	->status_is(302)
Akron	864c293	2018-11-16 17:18:55 +0100	[diff] [blame]	124	->content_is('')
Akron	15158e0	2018-03-19 12:42:46 +0100	[diff] [blame]	125	->header_is('Location' => '/');
				126
Akron	e5ef4e0	2017-04-19 17:07:52 +0200	[diff] [blame]	127	$t->get_ok('/')
				128	->status_is(200)
				129	->element_exists_not('div.notify-error')
				130	->element_exists('div.notify-success')
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	131	->text_is('div.notify-success', 'Login successful')
Akron	2d01d29	2018-11-23 11:17:35 +0100	[diff] [blame]	132	->element_exists('aside.off')
				133	->element_exists_not('aside.active')
Akron	1d09b53	2021-06-15 18:18:25 +0200	[diff] [blame]	134	->element_exists_not('aside.settings')
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	135	;
				136
				137	# Now the user is logged in and should be able to
				138	# search with authorization
				139	$t->get_ok('/?q=Baum')
				140	->status_is(200)
				141	->text_like('h1 span', qr/KorAP: Find .Baum./i)
				142	->text_like('#total-results', qr/\d+$/)
				143	->element_exists_not('div.notify-error')
Akron	bc6b3f2	2021-01-13 14:53:12 +0100	[diff] [blame]	144	->content_like(qr/${q}authorized${q}:${q}test${q}/)
Akron	c82b1bc	2018-11-18 18:06:14 +0100	[diff] [blame]	145	->element_exists('div.button.top a')
				146	->element_exists('div.button.top a.logout[title~="test"]')
Akron	e5ef4e0	2017-04-19 17:07:52 +0200	[diff] [blame]	147	;
				148
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	149	# Logout
				150	$t->get_ok('/user/logout')
				151	->status_is(302)
				152	->header_is('Location' => '/');
				153
				154	$t->get_ok('/')
				155	->status_is(200)
				156	->element_exists_not('div.notify-error')
				157	->element_exists('div.notify-success')
				158	->text_is('div.notify-success', 'Logout successful')
				159	;
				160
				161	$t->get_ok('/?q=Baum')
				162	->status_is(200)
				163	->text_like('h1 span', qr/KorAP: Find .Baum./i)
				164	->text_like('#total-results', qr/\d+$/)
Akron	bc6b3f2	2021-01-13 14:53:12 +0100	[diff] [blame]	165	->content_like(qr/${q}authorized${q}:null/)
Akron	bc213c0	2017-04-20 16:45:55 +0200	[diff] [blame]	166	;
				167
Akron	429aeda	2018-03-19 16:02:29 +0100	[diff] [blame]	168	# Get redirect
				169	my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
				170	->status_is(200)
				171	->element_exists_not('div.notify-error')
				172	->tx->res->dom->at('input[name=fwd]')->attr('value')
				173	;
				174
				175	is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
				176
				177	$t->post_ok('/user/login' => form => {
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	178	handle_or_email => 'test',
Akron	429aeda	2018-03-19 16:02:29 +0100	[diff] [blame]	179	pwd => 'pass',
				180	csrf_token => $csrf,
				181	fwd => 'http://bad.example.com/test'
				182	})
				183	->status_is(302)
				184	->header_is('Location' => '/');
				185
				186	$t->get_ok('/')
				187	->status_is(200)
				188	->element_exists('div.notify-error')
				189	->element_exists_not('div.notify-success')
				190	->text_is('div.notify-error', 'Redirect failure')
				191	;
				192
				193	$t->post_ok('/user/login' => form => {
Akron	9fa7cc5	2022-05-12 11:17:20 +0200	[diff] [blame]	194	handle_or_email => 'test',
Akron	429aeda	2018-03-19 16:02:29 +0100	[diff] [blame]	195	pwd => 'pass',
				196	csrf_token => $csrf,
				197	fwd => $fwd
				198	})
				199	->status_is(302)
				200	->header_is('Location' => '/?q=Baum&ql=poliqarp');
				201
				202
Akron	be9d5b3	2017-04-05 20:48:24 +0200	[diff] [blame]	203	done_testing;
				204	__END__
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	205
				206
Akron	1b0c265	2017-04-27 15:28:49 +0200	[diff] [blame]	207	# Login mit falschem Nutzernamen:
				208	# 400 und:
				209	{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
				210
Akron	741b2b1	2017-04-13 22:15:59 +0200	[diff] [blame]	211
				212
Akron	e8235be	2016-06-27 11:02:18 +0200	[diff] [blame]	213	ok(!$c->user->get('details'), 'User not logged in');
				214
				215	# Login with user credentials
				216	ok($c->user->login('kustvakt', 'kustvakt2015'), 'Login with demo user');
				217	is($c->stash('user'), 'kustvakt', 'Kustvakt is logged in');
				218	like($c->stash('auth'), qr/^api_token /, 'Kustvakt is logged in');
				219
				220	my $details = $c->user->get('details');
				221	is($details->{email}, 'kustvakt@ids-mannheim.de', 'Email');
				222	is($details->{firstName}, 'Kustvakt', 'Firstname');
				223	is($details->{lastName}, 'KorAP', 'Lastname');
				224	is($details->{country}, 'Germany', 'Country');
				225	is($details->{address}, 'Mannheim', 'Address');
				226	is($details->{username}, 'kustvakt', 'Username');
				227	is($details->{institution}, 'IDS Mannheim', 'Institution');
				228
				229	my $settings = $c->user->get('settings');
				230	is($settings->{username}, 'kustvakt', 'Username');
				231
				232	# ok($c->user->set(details => { firstName => 'Me' }), 'Set first name');
				233	#ok($c->user->set(details => {
				234	# firstName => 'Akron',
				235	# lastName => 'Fuxfell'
				236	#}), 'Set first name');
				237
				238	# diag Dumper $c->user->get('info');
				239
				240	ok(1,'Fine');
				241
				242	done_testing;
				243	__END__