Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 86e63a9fb59eb21fd03b16ffcf801e9aa9b981a1 / . / t / plugin / auth.t
blob: b2089a1eff91133fb384fb73c2ce2a1929a734d8 [file] [log] [blame]
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]1use Mojo::Base -strict;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]2use Test::More;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]3use Test::Mojo;
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]4use Mojo::File qw/path/;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]5use Data::Dumper;
6
Akron32396632018-10-11 17:08:37 +0200[diff] [blame]7
8#####################
9# Start Fake server #
10#####################
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]11my $mount_point = '/api/';
12$ENV{KALAMAR_API} = $mount_point;
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]13
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]14my $t = Test::Mojo->new('Kalamar' => {
15 Kalamar => {
16 auth_support => 1,
17 plugins => ['Auth']
18 }
19});
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]20
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]21# Mount fake backend
22# Get the fixture path
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]23my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]24my $fake_backend = $t->app->plugin(
25 Mount => {
26 $mount_point =>
Akron73f36082018-10-25 15:34:59 +0200[diff] [blame]27 $fixtures_path->child('mock.pl')
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]28 }
29);
Akron0e1ed242018-10-11 13:22:00 +0200[diff] [blame]30# Configure fake backend
31$fake_backend->pattern->defaults->{app}->log($t->app->log);
32
33$t->get_ok('/api')
34 ->status_is(200)
35 ->content_is('Fake server available');
Akron7d75ee32017-05-02 13:42:41 +0200[diff] [blame]36
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]37$t->get_ok('/?q=Baum')
38 ->status_is(200)
39 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
40 ->text_like('#total-results', qr/\d+$/)
41 ->content_like(qr/\"authorized\"\:null/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]42 ->element_exists_not('div.button.top a')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]43 ->element_exists_not('aside.active')
44 ->element_exists_not('aside.off')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]45 ;
46
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]47$t->get_ok('/')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]48 ->status_is(200)
49 ->element_exists('form[action=/user/login] input[name=handle_or_email]')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]50 ->element_exists('aside.active')
51 ->element_exists_not('aside.off')
Akrona9c8b0e2018-11-16 20:20:28 +0100[diff] [blame]52 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]53
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]54$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
55 ->status_is(302)
56 ->header_is('Location' => '/');
57
58$t->get_ok('/')
59 ->status_is(200)
60 ->element_exists('div.notify-error')
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]61 ->text_is('div.notify-error', 'Bad CSRF token')
Akron2e3d3772017-04-14 16:20:40 +0200[diff] [blame]62 ->element_exists('input[name=handle_or_email][value=test]')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]63 ->element_exists_not('div.button.top a')
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]64 ;
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]65
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]66$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
67 ->status_is(302)
68 ->header_is('Location' => '/');
69
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]70my $csrf = $t->get_ok('/')
71 ->status_is(200)
72 ->element_exists('div.notify-error')
73 ->text_is('div.notify-error', 'Bad CSRF token')
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]74 ->element_exists_not('div.button.top a')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]75 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
76 ;
77
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]78$t->post_ok('/user/login' => form => {
79 handle_or_email => 'test',
Akron3d673062019-01-29 15:54:16 +0100[diff] [blame]80 pwd => 'ldaperr',
81 csrf_token => $csrf
82})
83 ->status_is(302)
84 ->content_is('')
85 ->header_is('Location' => '/');
86
87$csrf = $t->get_ok('/')
88 ->status_is(200)
89 ->element_exists('div.notify-error')
90 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
91 ->element_exists('input[name=handle_or_email][value=test]')
92 ->element_exists_not('div.button.top a')
93 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
94 ;
95
96$t->post_ok('/user/login' => form => {
97 handle_or_email => 'test',
98 pwd => 'unknown',
99 csrf_token => $csrf
100})
101 ->status_is(302)
102 ->content_is('')
103 ->header_is('Location' => '/');
104
105$csrf = $t->get_ok('/')
106 ->status_is(200)
107 ->element_exists('div.notify-error')
108 ->text_is('div.notify-error', 'Access denied')
109 ->element_exists('input[name=handle_or_email][value=test]')
110 ->element_exists_not('div.button.top a')
111 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
112 ;
113
114$t->post_ok('/user/login' => form => {
115 handle_or_email => 'test',
Akrond7ed34b2018-10-22 18:42:28 +0200[diff] [blame]116 pwd => 'pass',
117 csrf_token => $csrf
118})
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]119 ->status_is(302)
Akron864c2932018-11-16 17:18:55 +0100[diff] [blame]120 ->content_is('')
Akron15158e02018-03-19 12:42:46 +0100[diff] [blame]121 ->header_is('Location' => '/');
122
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]123$t->get_ok('/')
124 ->status_is(200)
125 ->element_exists_not('div.notify-error')
126 ->element_exists('div.notify-success')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]127 ->text_is('div.notify-success', 'Login successful')
Akron2d01d292018-11-23 11:17:35 +0100[diff] [blame]128 ->element_exists('aside.off')
129 ->element_exists_not('aside.active')
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]130 ;
131
132# Now the user is logged in and should be able to
133# search with authorization
134$t->get_ok('/?q=Baum')
135 ->status_is(200)
136 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
137 ->text_like('#total-results', qr/\d+$/)
138 ->element_exists_not('div.notify-error')
139 ->content_like(qr/\"authorized\"\:\"test\"/)
Akronc82b1bc2018-11-18 18:06:14 +0100[diff] [blame]140 ->element_exists('div.button.top a')
141 ->element_exists('div.button.top a.logout[title~="test"]')
Akrone5ef4e02017-04-19 17:07:52 +0200[diff] [blame]142 ;
143
Akronbc213c02017-04-20 16:45:55 +0200[diff] [blame]144# Logout
145$t->get_ok('/user/logout')
146 ->status_is(302)
147 ->header_is('Location' => '/');
148
149$t->get_ok('/')
150 ->status_is(200)
151 ->element_exists_not('div.notify-error')
152 ->element_exists('div.notify-success')
153 ->text_is('div.notify-success', 'Logout successful')
154 ;
155
156$t->get_ok('/?q=Baum')
157 ->status_is(200)
158 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
159 ->text_like('#total-results', qr/\d+$/)
160 ->content_like(qr/\"authorized\"\:null/)
161 ;
162
Akron429aeda2018-03-19 16:02:29 +0100[diff] [blame]163# Get redirect
164my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
165 ->status_is(200)
166 ->element_exists_not('div.notify-error')
167 ->tx->res->dom->at('input[name=fwd]')->attr('value')
168 ;
169
170is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
171
172$t->post_ok('/user/login' => form => {
173 handle_or_email => 'test',
174 pwd => 'pass',
175 csrf_token => $csrf,
176 fwd => 'http://bad.example.com/test'
177})
178 ->status_is(302)
179 ->header_is('Location' => '/');
180
181$t->get_ok('/')
182 ->status_is(200)
183 ->element_exists('div.notify-error')
184 ->element_exists_not('div.notify-success')
185 ->text_is('div.notify-error', 'Redirect failure')
186 ;
187
188$t->post_ok('/user/login' => form => {
189 handle_or_email => 'test',
190 pwd => 'pass',
191 csrf_token => $csrf,
192 fwd => $fwd
193})
194 ->status_is(302)
195 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
196
197
198
199
Akronbe9d5b32017-04-05 20:48:24 +0200[diff] [blame]200done_testing;
201__END__
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]202
203
Akron1b0c2652017-04-27 15:28:49 +0200[diff] [blame]204# Login mit falschem Nutzernamen:
205# 400 und:
206{"errors":[[2022,"LDAP Authentication failed due to unknown user or password!"]]}
207
Akron741b2b12017-04-13 22:15:59 +0200[diff] [blame]208
209
Akrone8235be2016-06-27 11:02:18 +0200[diff] [blame]210ok(!$c->user->get('details'), 'User not logged in');
211
212# Login with user credentials
213ok($c->user->login('kustvakt', 'kustvakt2015'), 'Login with demo user');
214is($c->stash('user'), 'kustvakt', 'Kustvakt is logged in');
215like($c->stash('auth'), qr/^api_token /, 'Kustvakt is logged in');
216
217my $details = $c->user->get('details');
218is($details->{email}, 'kustvakt@ids-mannheim.de', 'Email');
219is($details->{firstName}, 'Kustvakt', 'Firstname');
220is($details->{lastName}, 'KorAP', 'Lastname');
221is($details->{country}, 'Germany', 'Country');
222is($details->{address}, 'Mannheim', 'Address');
223is($details->{username}, 'kustvakt', 'Username');
224is($details->{institution}, 'IDS Mannheim', 'Institution');
225
226my $settings = $c->user->get('settings');
227is($settings->{username}, 'kustvakt', 'Username');
228
229# ok($c->user->set(details => { firstName => 'Me' }), 'Set first name');
230#ok($c->user->set(details => {
231# firstName => 'Akron',
232# lastName => 'Fuxfell'
233#}), 'Set first name');
234
235# diag Dumper $c->user->get('info');
236
237ok(1,'Fine');
238
239done_testing;
240__END__