Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / ad011bbaea6b1772bffe333ce3b732d32f3a1126 / . / t / plugin / auth-oauth.t
blob: 1159964a92ef7557f29f81f781758a99597b52ca [file] [log] [blame]
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]1use Mojo::Base -strict;
2use Test::More;
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]3use Test::Mojo::WithRoles 'Session';
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]4use Mojo::File qw/path/;
5use Data::Dumper;
6
7
8#####################
9# Start Fake server #
10#####################
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]11my $mount_point = '/realapi/';
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]12$ENV{KALAMAR_API} = $mount_point;
13
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]14my $t = Test::Mojo::WithRoles->new('Kalamar' => {
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]15 Kalamar => {
16 plugins => ['Auth']
17 },
18 'Kalamar-Auth' => {
19 client_id => 2,
20 client_secret => 'k414m4r-s3cr3t',
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]21 oauth2 => 1,
22 experimental_client_registration => 1
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]23 }
24});
25
26# Mount fake backend
27# Get the fixture path
28my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
29my $fake_backend = $t->app->plugin(
30 Mount => {
31 $mount_point =>
32 $fixtures_path->child('mock.pl')
33 }
34);
35# Configure fake backend
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]36my $fake_backend_app = $fake_backend->pattern->defaults->{app};
37
38# Set general app logger for simplicity
39$fake_backend_app->log($t->app->log);
40
41my $access_token = $fake_backend_app->get_token('access_token');
42my $refresh_token = $fake_backend_app->get_token('refresh_token');
43my $access_token_2 = $fake_backend_app->get_token('access_token_2');
44my $refresh_token_2 = $fake_backend_app->get_token('refresh_token_2');
45
46# Some routes to modify the session
47# This expires the session
48$t->app->routes->get('/x/expire')->to(
49 cb => sub {
50 my $c = shift;
51 $c->session(auth_exp => 0);
52 return $c->render(text => 'okay')
53 }
54);
55
56# This expires the session and removes the refresh token
57$t->app->routes->get('/x/expire-no-refresh')->to(
58 cb => sub {
59 my $c = shift;
60 $c->session(auth_exp => 0);
61 delete $c->session->{auth_r};
62 return $c->render(text => 'okay')
63 }
64);
65
66# This sets an invalid token
67$t->app->routes->get('/x/invalid')->to(
68 cb => sub {
69 my $c = shift;
70 $c->session(auth_exp => time + 1000);
71 $c->session(auth_r => $refresh_token_2);
72 $c->session(auth => 'Bearer inv4lid');
73 return $c->render(text => 'okay')
74 }
75);
76
77
78# This sets an invalid token
79$t->app->routes->get('/x/invalid-no-refresh')->to(
80 cb => sub {
81 my $c = shift;
82 $c->session(auth_exp => time + 1000);
83 delete $c->session->{auth_r};
84 $c->session(auth => 'Bearer inv4lid');
85 return $c->render(text => 'okay')
86 }
87);
88
89# This sets an invalid refresh token
90$t->app->routes->get('/x/expired-with-wrong-refresh')->to(
91 cb => sub {
92 my $c = shift;
93 $c->session(auth_exp => 0);
94 $c->session(auth => 'Bearer inv4lid');
95 $c->session(auth_r => 'inv4lid');
96 return $c->render(text => 'okay')
97 }
98);
99
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]100my $q = qr!(?:\"|")!;
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]101
Akron63d963b2019-07-05 15:35:51 +0200[diff] [blame]102$t->get_ok('/realapi/v1.0')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]103 ->status_is(200)
104 ->content_is('Fake server available');
105
106$t->get_ok('/?q=Baum')
107 ->status_is(200)
108 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
109 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]110 ->content_like(qr/${q}authorized${q}:null/)
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]111 ->element_exists_not('div.button.top a')
112 ->element_exists_not('aside.active')
113 ->element_exists_not('aside.off')
114 ;
115
116$t->get_ok('/')
117 ->status_is(200)
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]118 ->element_exists('form[action=/user/login] input[name=handle]')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]119 ->element_exists('aside.active')
120 ->element_exists_not('aside.off')
121 ;
122
Akron3e0fdc12020-05-15 16:17:21 +0200[diff] [blame]123# Test for bug with long password
124$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]125 handle => 'test',
Akron3e0fdc12020-05-15 16:17:21 +0200[diff] [blame]126 pwd => 'kjskjhndkjndqknaskjnakjdnkjdankajdnkjdsankjdsakjdfkjahzroiuqzriudjoijdmlamdlkmdsalkmdl' })
127 ->status_is(302)
128 ->header_is('Location' => '/');
129
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]130$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'fail' })
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]131 ->status_is(302)
132 ->header_is('Location' => '/');
133
134$t->get_ok('/')
135 ->status_is(200)
136 ->element_exists('div.notify-error')
137 ->text_is('div.notify-error', 'Bad CSRF token')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]138 ->element_exists('input[name=handle][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]139 ->element_exists_not('div.button.top a')
140 ;
141
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]142$t->post_ok('/user/login' => form => { handle => 'test', pwd => 'pass' })
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]143 ->status_is(302)
144 ->header_is('Location' => '/');
145
146my $csrf = $t->get_ok('/')
147 ->status_is(200)
148 ->element_exists('div.notify-error')
149 ->text_is('div.notify-error', 'Bad CSRF token')
150 ->element_exists_not('div.button.top a')
151 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
152 ;
153
154$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]155 handle => 'test',
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]156 pwd => 'ldaperr',
157 csrf_token => $csrf
158})
159 ->status_is(302)
160 ->content_is('')
161 ->header_is('Location' => '/');
162
163$csrf = $t->get_ok('/')
164 ->status_is(200)
165 ->element_exists('div.notify-error')
166 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]167 ->element_exists('input[name=handle][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]168 ->element_exists_not('div.button.top a')
Akron3b3c7af2020-05-15 16:23:55 +0200[diff] [blame]169 ->element_exists_not('div.notify-success')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]170 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
171 ;
172
173$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]174 handle => 'test',
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]175 pwd => 'unknown',
176 csrf_token => $csrf
177})
178 ->status_is(302)
179 ->content_is('')
180 ->header_is('Location' => '/');
181
182$csrf = $t->get_ok('/')
183 ->status_is(200)
184 ->element_exists('div.notify-error')
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame]185 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]186 ->element_exists('input[name=handle][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]187 ->element_exists_not('div.button.top a')
188 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
189 ;
190
191$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]192 handle => 'test',
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]193 pwd => 'pass',
194 csrf_token => $csrf
195})
196 ->status_is(302)
197 ->content_is('')
198 ->header_is('Location' => '/');
199
200$t->get_ok('/')
201 ->status_is(200)
202 ->element_exists_not('div.notify-error')
203 ->element_exists('div.notify-success')
204 ->text_is('div.notify-success', 'Login successful')
205 ->element_exists('aside.off')
206 ->element_exists_not('aside.active')
207 ;
208
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]209# Now the user is logged in and should be able to
210# search with authorization
211$t->get_ok('/?q=Baum')
212 ->status_is(200)
Akron4cefe1f2019-09-04 10:11:28 +0200[diff] [blame]213 ->session_has('/auth')
214 ->session_is('/auth', 'Bearer ' . $access_token)
215 ->session_is('/auth_r', $refresh_token)
216 ->session_is('/user', 'test')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]217 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
218 ->text_like('#total-results', qr/\d+$/)
219 ->element_exists_not('div.notify-error')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]220 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]221 ->element_exists('div.button.top a')
222 ->element_exists('div.button.top a.logout[title~="test"]')
223 ;
224
Akron27031aa2020-04-28 14:57:10 +0200[diff] [blame]225$t->get_ok('/?q=Paum')
226 ->status_is(200)
227 ->text_like('h1 span', qr/KorAP: Find .Paum./i)
228 ->text_is('#total-results', '')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]229 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akron27031aa2020-04-28 14:57:10 +0200[diff] [blame]230 ->element_exists_not('p.hint')
231 ;
232
233
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]234# Logout
235$t->get_ok('/user/logout')
236 ->status_is(302)
Akron4cefe1f2019-09-04 10:11:28 +0200[diff] [blame]237 ->session_hasnt('/auth')
238 ->session_hasnt('/auth_r')
239 ->session_hasnt('/user')
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]240 ->header_is('Location' => '/');
241
242$t->get_ok('/')
243 ->status_is(200)
244 ->element_exists_not('div.notify-error')
245 ->element_exists('div.notify-success')
246 ->text_is('div.notify-success', 'Logout successful')
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]247 ->element_exists("input[name=handle]")
248 ->element_exists("input[name=handle][value=test]")
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]249 ;
250
251$t->get_ok('/?q=Baum')
252 ->status_is(200)
253 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
254 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]255 ->content_like(qr/${q}authorized${q}:null/)
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]256 ;
257
Akron27031aa2020-04-28 14:57:10 +0200[diff] [blame]258$t->get_ok('/?q=Paum')
259 ->status_is(200)
260 ->text_like('h1 span', qr/KorAP: Find .Paum./i)
261 ->text_is('#total-results', '')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]262 ->content_like(qr/${q}authorized${q}:null/)
Akron27031aa2020-04-28 14:57:10 +0200[diff] [blame]263 ->text_is('p.hint', 'Maybe you need to log in first?')
264 ;
265
266
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]267# Get redirect
268my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
269 ->status_is(200)
270 ->element_exists_not('div.notify-error')
271 ->tx->res->dom->at('input[name=fwd]')->attr('value')
272 ;
273
274is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
275
276$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]277 handle => 'test',
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]278 pwd => 'pass',
279 csrf_token => $csrf,
280 fwd => 'http://bad.example.com/test'
281})
282 ->status_is(302)
283 ->header_is('Location' => '/');
284
285$t->get_ok('/')
286 ->status_is(200)
287 ->element_exists('div.notify-error')
288 ->element_exists_not('div.notify-success')
289 ->text_is('div.notify-error', 'Redirect failure')
290 ;
291
292$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]293 handle => 'test',
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]294 pwd => 'pass',
295 csrf_token => $csrf,
296 fwd => $fwd
297})
298 ->status_is(302)
299 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
300
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame]301$t->get_ok('/?q=Baum&ql=poliqarp')
302 ->status_is(200)
303 ->element_exists_not('div.notify-error')
304 ->element_exists('div.notify-success')
305 ->text_is('div.notify-success', 'Login successful')
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]306 ->session_has('/auth')
307 ->session_is('/auth', 'Bearer ' . $access_token)
308 ->session_is('/auth_r', $refresh_token)
309 ->header_isnt('X-Kalamar-Cache', 'true')
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame]310 ;
311
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]312# Expire the session
313# (makes the token be marked as expired - though it isn't serverside)
314$t->get_ok('/x/expire')
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame]315 ->status_is(200)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]316 ->content_is('okay')
317 ;
318
319## It may be a problem, but the cache is still valid
320$t->get_ok('/?q=Baum')
321 ->status_is(200)
322 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
323 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]324 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]325 ->header_is('X-Kalamar-Cache', 'true')
326 ;
327
328# Query without partial cache (unfortunately) (but no total results)
329$t->get_ok('/?q=baum&cutoff=true')
330 ->status_is(200)
331 ->session_is('/auth', 'Bearer ' . $access_token_2)
332 ->session_is('/auth_r', $refresh_token_2)
333 ->text_is('#error','')
334 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
335 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
336 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]337 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]338 ->header_isnt('X-Kalamar-Cache', 'true')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]339 ->content_like(qr!${q}cutOff${q}:true!)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]340 ->element_exists_not('#total-results')
341 ;
342
343# Expire the session and remove the refresh option
344$t->get_ok('/x/expire-no-refresh')
345 ->status_is(200)
346 ->content_is('okay')
347 ;
348
349$t->app->defaults(no_cache => 1);
350
351
352$t->get_ok('/x/invalid-no-refresh')
353 ->status_is(200)
354 ->content_is('okay')
355 ;
356
357# Query without cache
358# The token is invalid and can't be refreshed!
359$t->get_ok('/?q=baum&cutoff=true')
Akron3c390c42020-03-30 09:06:21 +0200[diff] [blame]360 ->status_is(400)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]361 ->session_hasnt('/auth')
362 ->session_hasnt('/auth_r')
363 ->text_is('#error','')
364 ->text_is('div.notify-error','Access token invalid')
365 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
366 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
367 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]368 ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]369 ->header_isnt('X-Kalamar-Cache', 'true')
370 ->element_exists('p.no-results')
371 ;
372
373$t->get_ok('/x/invalid')
374 ->status_is(200)
375 ->content_is('okay')
376 ;
377
378# Query without cache
379# The token is invalid and can't be refreshed!
380$t->get_ok('/?q=baum&cutoff=true')
381 ->status_is(200)
382 ->session_is('/auth', 'Bearer ' . $access_token_2)
383 ->session_is('/auth_r', $refresh_token_2)
384 ->text_is('#error','')
385 ->element_exists_not('div.notify-error','Access token invalid')
386 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
387 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
388 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]389 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]390 ->header_isnt('X-Kalamar-Cache', 'true')
391 ->element_exists_not('p.no-results')
Akron8bbbecf2019-07-01 18:57:30 +0200[diff] [blame]392 ;
393
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]394
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]395$t->get_ok('/x/expired-with-wrong-refresh')
396 ->status_is(200)
397 ->content_is('okay')
398 ;
Akron4796e002019-07-05 10:13:15 +0200[diff] [blame]399
Akron4796e002019-07-05 10:13:15 +0200[diff] [blame]400
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]401# The token is invalid and can't be refreshed!
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]402$csrf = $t->get_ok('/?q=baum&cutoff=true')
Akron3c390c42020-03-30 09:06:21 +0200[diff] [blame]403 ->status_is(400)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]404 ->session_hasnt('/auth')
405 ->session_hasnt('/auth_r')
406 ->text_is('#error','')
407 ->text_is('div.notify-error','Refresh token is expired')
408 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
Akronbc6b3f22021-01-13 14:53:12 +0100[diff] [blame]409 ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]410 ->element_exists('p.no-results')
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]411 ->tx->res->dom->at('input[name="csrf_token"]')
412 ->attr('value')
Akroncdfd9d52019-07-23 11:35:00 +0200[diff] [blame]413 ;
Akron4796e002019-07-05 10:13:15 +0200[diff] [blame]414
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]415# Login:
416$t->post_ok('/user/login' => form => {
Akrone208d302020-11-28 11:14:50 +0100[diff] [blame]417 handle => 'test',
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]418 pwd => 'pass',
419 csrf_token => $csrf
420})
421 ->status_is(302)
422 ->content_is('')
423 ->header_is('Location' => '/');
424
425$t->get_ok('/')
426 ->status_is(200)
427 ->element_exists_not('div.notify-error')
428 ->element_exists('div.notify-success')
429 ->text_is('div.notify-success', 'Login successful')
430 ->element_exists('aside.off')
431 ->element_exists_not('aside.active')
432 ;
433
434$t->get_ok('/settings/oauth')
435 ->text_is('form.form-table legend', 'Register new client application')
436 ->attr_is('form.oauth-register','action', '/settings/oauth/register')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]437 ->element_exists('ul.client-list')
438 ->element_exists_not('ul.client-list > li')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]439 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
440 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
441 ->header_is('Pragma','no-cache')
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]442 ;
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]443
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]444$csrf = $t->post_ok('/settings/oauth/register' => form => {
445 name => 'MyApp',
446 type => 'PUBLIC',
447 desc => 'This is my application'
448})
449 ->text_is('div.notify-error', 'Bad CSRF token')
450 ->tx->res->dom->at('input[name="csrf_token"]')
451 ->attr('value')
452 ;
453
454$t->post_ok('/settings/oauth/register' => form => {
455 name => 'MyApp',
456 type => 'CONFIDENTIAL',
457 desc => 'This is my application',
458 csrf_token => $csrf
459})
460 ->status_is(200)
461 ->element_exists('div.notify-success')
462 ->text_is('legend', 'Client Credentials')
463 ->text_is('label[for=client_id]', 'ID of the client application')
464 ->element_exists('input[name=client_id][readonly][value]')
465 ->element_exists('input[name=client_secret][readonly][value]')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]466 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
467 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
468 ->header_is('Pragma','no-cache')
Akron59992122019-10-29 11:28:45 +0100[diff] [blame]469 ;
Akron4796e002019-07-05 10:13:15 +0200[diff] [blame]470
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]471$t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]472 ->text_is('.form-table legend', 'Register new client application')
473 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron17de86e2020-04-16 16:03:40 +0200[diff] [blame]474 ->text_is('ul.client-list > li > span.client-name a', 'MyApp')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]475 ->text_is('ul.client-list > li > span.client-desc', 'This is my application')
476 ->text_is('ul.client-list > li > span.client-url a', '')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]477 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
478 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
479 ->header_is('Pragma','no-cache')
Akron17de86e2020-04-16 16:03:40 +0200[diff] [blame]480 ;
481
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]482$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akron17de86e2020-04-16 16:03:40 +0200[diff] [blame]483 ->status_is(200)
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]484 ->text_is('ul.client-list > li.client > span.client-name', 'MyApp')
485 ->text_is('ul.client-list > li.client > span.client-desc', 'This is my application')
Akron17de86e2020-04-16 16:03:40 +0200[diff] [blame]486 ->text_is('a.client-unregister', 'Unregister')
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]487 ->attr_is('a.client-unregister', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]488 ;
489
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]490$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]491 ->content_like(qr!Do you really want to unregister \<span class="client-name"\>MyApp\<\/span\>?!)
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]492 ->attr_is('.form-table input[name=client-name]', 'value', 'MyApp')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]493 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
494 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
495 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]496 ->tx->res->dom->at('input[name="csrf_token"]')
497 ->attr('value')
498 ;
499
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]500$t->post_ok('/settings/oauth/xxxx==/unregister' => form => {
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]501 'client-name' => 'MyApp',
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]502 'csrf_token' => $csrf
503})->status_is(302)
504 ->content_is('')
505 ->header_is('Location' => '/settings/oauth')
506 ;
507
508$t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]509 ->text_is('.form-table legend', 'Register new client application')
510 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]511 ->element_exists('ul.client-list > li')
512 ->text_is('div.notify', 'Unknown client with xxxx==.')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]513 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
514 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
515 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]516 ;
517
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]518$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister' => form => {
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]519 'client-name' => 'MyApp',
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]520 'csrf_token' => $csrf
521})->status_is(302)
522 ->content_is('')
523 ->header_is('Location' => '/settings/oauth')
524 ;
525
526$t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]527 ->text_is('.form-table legend', 'Register new client application')
528 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]529 ->element_exists_not('ul.client-list > li')
530 ->text_is('div.notify-success', 'Successfully deleted MyApp')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]531 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
532 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
533 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100[diff] [blame]534 ;
535
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]536$t->post_ok('/settings/oauth/register' => form => {
537 name => 'MyApp2',
538 type => 'PUBLIC',
539 desc => 'This is my application',
540 csrf_token => $csrf
541})->status_is(200)
542 ->element_exists('div.notify-success')
543 ->text_is('legend', 'Client Credentials')
544 ->text_is('label[for=client_id]', 'ID of the client application')
545 ->element_exists('input[name=client_id][readonly][value]')
546 ->element_exists_not('input[name=client_secret][readonly][value]')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]547 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
548 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
549 ->header_is('Pragma','no-cache')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]550 ;
551
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]552$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]553 ->text_is('.client-name', 'MyApp2')
554 ->text_is('.client-desc', 'This is my application')
555 ->text_is('.client-issue-token', 'IssueToken')
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]556 ->attr_is('.client-issue-token', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]557 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
558 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
559 ->header_is('Pragma','no-cache')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]560 ;
561
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]562$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]563 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]564 ->attr_is('#issue-token','action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]565 ->attr_is('input[name=client-id]', 'value', 'fCBbQkA2NDA3MzM1Yw==')
566 ->attr_is('input[name=name]', 'value', 'MyApp2')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]567 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
568 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
569 ->header_is('Pragma','no-cache')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]570 ->tx->res->dom->at('input[name="csrf_token"]')
571 ->attr('value')
572 ;
573
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]574$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token' => form => {
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]575 csrf_token => $csrf,
576 name => 'MyApp2',
577 'client-id' => 'fCBbQkA2NDA3MzM1Yw=='
578})
Akronbc94a9c2021-04-15 00:07:35 +0200[diff] [blame]579 ->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]580 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronbc94a9c2021-04-15 00:07:35 +0200[diff] [blame]581 ;
582
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]583$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
584 ->status_is(200)
Akronbc94a9c2021-04-15 00:07:35 +0200[diff] [blame]585 ->text_is('div.notify-success', 'New access token created')
Akronad011bb2021-06-10 12:16:36 +0200[diff] [blame^]586 ->status_is(200)
587 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
588 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
589 ->header_is('Pragma','no-cache')
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]590 ;
591
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]592$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]593 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]594 ->attr_is('form.token-revoke', 'action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]595 ->attr_is('form.token-revoke input[name=token]', 'value', 'jhkhkjhk_hjgjsfz67i')
596 ->attr_is('form.token-revoke input[name=name]', 'value', 'MyApp2')
597 ->tx->res->dom->at('input[name="csrf_token"]')
598 ->attr('value')
599 ;
600
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]601$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]602 csrf_token => $csrf,
603 name => 'MyApp2',
604 token => 'jhkhkjhk_hjgjsfz67i'
605})
606 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]607 ->attr_is('form#revoke-token','action','/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]608 ->attr_is('form#revoke-token','method','POST')
609 ->attr_is('form#revoke-token input[name=token]','value','jhkhkjhk_hjgjsfz67i')
610;
611
612
613# CSRF missing
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]614$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]615 name => 'MyApp2',
616 token => 'jhkhkjhk_hjgjsfz67i'
617})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]618 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]619 ;
620
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]621$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]622 ->element_exists_not('div.notify-success')
623 ->text_is('div.notify-error', 'Bad CSRF token')
624 ;
625
626# Token missing
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]627$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]628 name => 'MyApp2',
629 csrf_token => $csrf,
630})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]631 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]632 ;
633
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]634$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]635 ->element_exists_not('div.notify-success')
636 ->text_is('div.notify-error', 'Some fields are invalid')
637 ;
638
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]639$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]640 name => 'MyApp2',
641 csrf_token => $csrf,
642 token => 'jhkhkjhk_hjgjsfz67i'
643})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]644 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]645 ;
646
647
Akron041ca4d2021-06-10 11:52:51 +0200[diff] [blame]648$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200[diff] [blame]649 ->element_exists_not('div.notify-error')
650 ->text_is('div.notify-success', 'Token was revoked successfully')
651 ;
Akron83209f72021-01-29 17:54:15 +0100[diff] [blame]652
Akron33f5c672019-06-24 19:40:47 +0200[diff] [blame]653done_testing;
654__END__