blob: f1c4f78fa89644a30e1dbb81543f6e7206ed3e57 [file] [log] [blame]
Akron33f5c672019-06-24 19:40:47 +02001use Mojo::Base -strict;
2use Test::More;
Akron6a228db2021-10-14 15:57:00 +02003use Mojo::ByteStream 'b';
Akroncdfd9d52019-07-23 11:35:00 +02004use Test::Mojo::WithRoles 'Session';
Akron66ef3b52022-11-22 14:25:15 +01005use Mojo::File qw/path tempfile/;
Akron33f5c672019-06-24 19:40:47 +02006use Data::Dumper;
7
Akron33f5c672019-06-24 19:40:47 +02008#####################
9# Start Fake server #
10#####################
Akron63d963b2019-07-05 15:35:51 +020011my $mount_point = '/realapi/';
Akron33f5c672019-06-24 19:40:47 +020012$ENV{KALAMAR_API} = $mount_point;
13
Akroncdfd9d52019-07-23 11:35:00 +020014my $t = Test::Mojo::WithRoles->new('Kalamar' => {
Akron33f5c672019-06-24 19:40:47 +020015 Kalamar => {
16 plugins => ['Auth']
17 },
18 'Kalamar-Auth' => {
19 client_id => 2,
20 client_secret => 'k414m4r-s3cr3t',
Akron59992122019-10-29 11:28:45 +010021 oauth2 => 1,
22 experimental_client_registration => 1
Akron33f5c672019-06-24 19:40:47 +020023 }
24});
25
26# Mount fake backend
27# Get the fixture path
28my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server');
29my $fake_backend = $t->app->plugin(
30 Mount => {
31 $mount_point =>
32 $fixtures_path->child('mock.pl')
33 }
34);
35# Configure fake backend
Akroncdfd9d52019-07-23 11:35:00 +020036my $fake_backend_app = $fake_backend->pattern->defaults->{app};
37
38# Set general app logger for simplicity
39$fake_backend_app->log($t->app->log);
40
41my $access_token = $fake_backend_app->get_token('access_token');
42my $refresh_token = $fake_backend_app->get_token('refresh_token');
43my $access_token_2 = $fake_backend_app->get_token('access_token_2');
44my $refresh_token_2 = $fake_backend_app->get_token('refresh_token_2');
45
46# Some routes to modify the session
47# This expires the session
48$t->app->routes->get('/x/expire')->to(
49 cb => sub {
50 my $c = shift;
51 $c->session(auth_exp => 0);
52 return $c->render(text => 'okay')
53 }
54);
55
56# This expires the session and removes the refresh token
57$t->app->routes->get('/x/expire-no-refresh')->to(
58 cb => sub {
59 my $c = shift;
60 $c->session(auth_exp => 0);
61 delete $c->session->{auth_r};
62 return $c->render(text => 'okay')
63 }
64);
65
66# This sets an invalid token
67$t->app->routes->get('/x/invalid')->to(
68 cb => sub {
69 my $c = shift;
70 $c->session(auth_exp => time + 1000);
71 $c->session(auth_r => $refresh_token_2);
72 $c->session(auth => 'Bearer inv4lid');
73 return $c->render(text => 'okay')
74 }
75);
76
77
78# This sets an invalid token
79$t->app->routes->get('/x/invalid-no-refresh')->to(
80 cb => sub {
81 my $c = shift;
82 $c->session(auth_exp => time + 1000);
83 delete $c->session->{auth_r};
84 $c->session(auth => 'Bearer inv4lid');
85 return $c->render(text => 'okay')
86 }
87);
88
89# This sets an invalid refresh token
90$t->app->routes->get('/x/expired-with-wrong-refresh')->to(
91 cb => sub {
92 my $c = shift;
93 $c->session(auth_exp => 0);
94 $c->session(auth => 'Bearer inv4lid');
95 $c->session(auth_r => 'inv4lid');
96 return $c->render(text => 'okay')
97 }
98);
99
Akronbc6b3f22021-01-13 14:53:12 +0100100my $q = qr!(?:\"|")!;
Akron33f5c672019-06-24 19:40:47 +0200101
Akron63d963b2019-07-05 15:35:51 +0200102$t->get_ok('/realapi/v1.0')
Akron33f5c672019-06-24 19:40:47 +0200103 ->status_is(200)
104 ->content_is('Fake server available');
105
106$t->get_ok('/?q=Baum')
107 ->status_is(200)
108 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
109 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100110 ->content_like(qr/${q}authorized${q}:null/)
Akron33f5c672019-06-24 19:40:47 +0200111 ->element_exists_not('div.button.top a')
112 ->element_exists_not('aside.active')
113 ->element_exists_not('aside.off')
114 ;
115
116$t->get_ok('/')
117 ->status_is(200)
Akron9fa7cc52022-05-12 11:17:20 +0200118 ->element_exists('form[action=/user/login] input[name=handle_or_email]')
Akron33f5c672019-06-24 19:40:47 +0200119 ->element_exists('aside.active')
120 ->element_exists_not('aside.off')
121 ;
122
Akronff088112021-06-15 15:26:04 +0200123$t->get_ok('/settings/oauth')
124 ->status_is(401)
125 ->text_is('p.no-results', 'Not authenticated')
126 ;
127
Helge278fbca2022-11-29 18:49:15 +0100128$t->get_ok('/settings/marketplace')
129 ->status_is(401)
130 ->text_is('p.no-results', 'Not authenticated')
131 ;
132
Akron3e0fdc12020-05-15 16:17:21 +0200133# Test for bug with long password
134$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200135 handle_or_email => 'test',
Akron3e0fdc12020-05-15 16:17:21 +0200136 pwd => 'kjskjhndkjndqknaskjnakjdnkjdankajdnkjdsankjdsakjdfkjahzroiuqzriudjoijdmlamdlkmdsalkmdl' })
137 ->status_is(302)
138 ->header_is('Location' => '/');
139
Akron9fa7cc52022-05-12 11:17:20 +0200140$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
Akron33f5c672019-06-24 19:40:47 +0200141 ->status_is(302)
142 ->header_is('Location' => '/');
143
144$t->get_ok('/')
145 ->status_is(200)
146 ->element_exists('div.notify-error')
147 ->text_is('div.notify-error', 'Bad CSRF token')
Akron9fa7cc52022-05-12 11:17:20 +0200148 ->element_exists('input[name=handle_or_email][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200149 ->element_exists_not('div.button.top a')
150 ;
151
Akron9fa7cc52022-05-12 11:17:20 +0200152$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
Akron33f5c672019-06-24 19:40:47 +0200153 ->status_is(302)
154 ->header_is('Location' => '/');
155
156my $csrf = $t->get_ok('/')
157 ->status_is(200)
158 ->element_exists('div.notify-error')
159 ->text_is('div.notify-error', 'Bad CSRF token')
160 ->element_exists_not('div.button.top a')
161 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
162 ;
163
164$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200165 handle_or_email => 'test',
Akron33f5c672019-06-24 19:40:47 +0200166 pwd => 'ldaperr',
167 csrf_token => $csrf
168})
169 ->status_is(302)
170 ->content_is('')
171 ->header_is('Location' => '/');
172
173$csrf = $t->get_ok('/')
174 ->status_is(200)
175 ->element_exists('div.notify-error')
176 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akron9fa7cc52022-05-12 11:17:20 +0200177 ->element_exists('input[name=handle_or_email][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200178 ->element_exists_not('div.button.top a')
Akron3b3c7af2020-05-15 16:23:55 +0200179 ->element_exists_not('div.notify-success')
Akron33f5c672019-06-24 19:40:47 +0200180 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
181 ;
182
183$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200184 handle_or_email => 'test',
Akron33f5c672019-06-24 19:40:47 +0200185 pwd => 'unknown',
186 csrf_token => $csrf
187})
188 ->status_is(302)
189 ->content_is('')
190 ->header_is('Location' => '/');
191
192$csrf = $t->get_ok('/')
193 ->status_is(200)
194 ->element_exists('div.notify-error')
Akron8bbbecf2019-07-01 18:57:30 +0200195 ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!')
Akron9fa7cc52022-05-12 11:17:20 +0200196 ->element_exists('input[name=handle_or_email][value=test]')
Akron33f5c672019-06-24 19:40:47 +0200197 ->element_exists_not('div.button.top a')
198 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
199 ;
200
201$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200202 handle_or_email => 'test',
Akron33f5c672019-06-24 19:40:47 +0200203 pwd => 'pass',
204 csrf_token => $csrf
205})
206 ->status_is(302)
207 ->content_is('')
208 ->header_is('Location' => '/');
209
210$t->get_ok('/')
211 ->status_is(200)
212 ->element_exists_not('div.notify-error')
213 ->element_exists('div.notify-success')
214 ->text_is('div.notify-success', 'Login successful')
Akron1d09b532021-06-15 18:18:25 +0200215 ->element_exists_not('aside.off')
Akrondc0b3ab2021-06-18 11:52:43 +0200216 ->element_exists_not('aside.active')
Akron1d09b532021-06-15 18:18:25 +0200217 ->element_exists('aside.settings')
Akron33f5c672019-06-24 19:40:47 +0200218 ;
219
Akron33f5c672019-06-24 19:40:47 +0200220# Now the user is logged in and should be able to
221# search with authorization
222$t->get_ok('/?q=Baum')
223 ->status_is(200)
Akron4cefe1f2019-09-04 10:11:28 +0200224 ->session_has('/auth')
225 ->session_is('/auth', 'Bearer ' . $access_token)
226 ->session_is('/auth_r', $refresh_token)
227 ->session_is('/user', 'test')
Akron33f5c672019-06-24 19:40:47 +0200228 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
229 ->text_like('#total-results', qr/\d+$/)
230 ->element_exists_not('div.notify-error')
Akronbc6b3f22021-01-13 14:53:12 +0100231 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akron33f5c672019-06-24 19:40:47 +0200232 ->element_exists('div.button.top a')
233 ->element_exists('div.button.top a.logout[title~="test"]')
234 ;
235
Akron27031aa2020-04-28 14:57:10 +0200236$t->get_ok('/?q=Paum')
237 ->status_is(200)
238 ->text_like('h1 span', qr/KorAP: Find .Paum./i)
239 ->text_is('#total-results', '')
Akronbc6b3f22021-01-13 14:53:12 +0100240 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akron27031aa2020-04-28 14:57:10 +0200241 ->element_exists_not('p.hint')
242 ;
243
Akroncce055c2021-07-02 12:18:03 +0200244# Query with error
245$t->get_ok('/?q=error')
246 ->status_is(400)
247 ->text_is('#notifications .notify-error','500: Internal Server Error')
248;
Akron27031aa2020-04-28 14:57:10 +0200249
Akron33f5c672019-06-24 19:40:47 +0200250# Logout
251$t->get_ok('/user/logout')
252 ->status_is(302)
Akron4cefe1f2019-09-04 10:11:28 +0200253 ->session_hasnt('/auth')
254 ->session_hasnt('/auth_r')
255 ->session_hasnt('/user')
Akron33f5c672019-06-24 19:40:47 +0200256 ->header_is('Location' => '/');
257
258$t->get_ok('/')
259 ->status_is(200)
260 ->element_exists_not('div.notify-error')
261 ->element_exists('div.notify-success')
262 ->text_is('div.notify-success', 'Logout successful')
Akron9fa7cc52022-05-12 11:17:20 +0200263 ->element_exists("input[name=handle_or_email]")
264 ->element_exists("input[name=handle_or_email][value=test]")
Akron33f5c672019-06-24 19:40:47 +0200265 ;
266
267$t->get_ok('/?q=Baum')
268 ->status_is(200)
269 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
270 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100271 ->content_like(qr/${q}authorized${q}:null/)
Akron33f5c672019-06-24 19:40:47 +0200272 ;
273
Akron27031aa2020-04-28 14:57:10 +0200274$t->get_ok('/?q=Paum')
275 ->status_is(200)
276 ->text_like('h1 span', qr/KorAP: Find .Paum./i)
277 ->text_is('#total-results', '')
Akronbc6b3f22021-01-13 14:53:12 +0100278 ->content_like(qr/${q}authorized${q}:null/)
Akron27031aa2020-04-28 14:57:10 +0200279 ->text_is('p.hint', 'Maybe you need to log in first?')
280 ;
281
282
Akron33f5c672019-06-24 19:40:47 +0200283# Get redirect
284my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp')
285 ->status_is(200)
286 ->element_exists_not('div.notify-error')
287 ->tx->res->dom->at('input[name=fwd]')->attr('value')
288 ;
289
290is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid');
291
292$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200293 handle_or_email => 'test',
Akron33f5c672019-06-24 19:40:47 +0200294 pwd => 'pass',
295 csrf_token => $csrf,
296 fwd => 'http://bad.example.com/test'
297})
298 ->status_is(302)
299 ->header_is('Location' => '/');
300
301$t->get_ok('/')
302 ->status_is(200)
303 ->element_exists('div.notify-error')
304 ->element_exists_not('div.notify-success')
305 ->text_is('div.notify-error', 'Redirect failure')
306 ;
307
308$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200309 handle_or_email => 'test',
Akron33f5c672019-06-24 19:40:47 +0200310 pwd => 'pass',
311 csrf_token => $csrf,
312 fwd => $fwd
313})
314 ->status_is(302)
315 ->header_is('Location' => '/?q=Baum&ql=poliqarp');
316
Akron8bbbecf2019-07-01 18:57:30 +0200317$t->get_ok('/?q=Baum&ql=poliqarp')
318 ->status_is(200)
319 ->element_exists_not('div.notify-error')
320 ->element_exists('div.notify-success')
321 ->text_is('div.notify-success', 'Login successful')
Akroncdfd9d52019-07-23 11:35:00 +0200322 ->session_has('/auth')
323 ->session_is('/auth', 'Bearer ' . $access_token)
324 ->session_is('/auth_r', $refresh_token)
325 ->header_isnt('X-Kalamar-Cache', 'true')
Akron8bbbecf2019-07-01 18:57:30 +0200326 ;
327
Akroncdfd9d52019-07-23 11:35:00 +0200328# Expire the session
329# (makes the token be marked as expired - though it isn't serverside)
330$t->get_ok('/x/expire')
Akron8bbbecf2019-07-01 18:57:30 +0200331 ->status_is(200)
Akroncdfd9d52019-07-23 11:35:00 +0200332 ->content_is('okay')
333 ;
334
335## It may be a problem, but the cache is still valid
336$t->get_ok('/?q=Baum')
337 ->status_is(200)
338 ->text_like('h1 span', qr/KorAP: Find .Baum./i)
339 ->text_like('#total-results', qr/\d+$/)
Akronbc6b3f22021-01-13 14:53:12 +0100340 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200341 ->header_is('X-Kalamar-Cache', 'true')
342 ;
343
344# Query without partial cache (unfortunately) (but no total results)
Akron58c60992021-09-07 13:11:43 +0200345my $err = $t->get_ok('/?q=baum&cutoff=true')
Akroncdfd9d52019-07-23 11:35:00 +0200346 ->status_is(200)
347 ->session_is('/auth', 'Bearer ' . $access_token_2)
348 ->session_is('/auth_r', $refresh_token_2)
Akroncdfd9d52019-07-23 11:35:00 +0200349 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
350 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
351 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100352 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200353 ->header_isnt('X-Kalamar-Cache', 'true')
Akronbc6b3f22021-01-13 14:53:12 +0100354 ->content_like(qr!${q}cutOff${q}:true!)
Akroncdfd9d52019-07-23 11:35:00 +0200355 ->element_exists_not('#total-results')
Akron58c60992021-09-07 13:11:43 +0200356 ->tx->res->dom->at('#error')
Akroncdfd9d52019-07-23 11:35:00 +0200357 ;
Akron58c60992021-09-07 13:11:43 +0200358is(defined $err ? $err->text : '', '');
Akroncdfd9d52019-07-23 11:35:00 +0200359
360# Expire the session and remove the refresh option
361$t->get_ok('/x/expire-no-refresh')
362 ->status_is(200)
363 ->content_is('okay')
364 ;
365
366$t->app->defaults(no_cache => 1);
367
368
369$t->get_ok('/x/invalid-no-refresh')
370 ->status_is(200)
371 ->content_is('okay')
372 ;
373
374# Query without cache
375# The token is invalid and can't be refreshed!
Akron58c60992021-09-07 13:11:43 +0200376$err = $t->get_ok('/?q=baum&cutoff=true')
Akron3c390c42020-03-30 09:06:21 +0200377 ->status_is(400)
Akroncdfd9d52019-07-23 11:35:00 +0200378 ->session_hasnt('/auth')
379 ->session_hasnt('/auth_r')
Akroncdfd9d52019-07-23 11:35:00 +0200380 ->text_is('div.notify-error','Access token invalid')
381 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
382 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
383 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100384 ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200385 ->header_isnt('X-Kalamar-Cache', 'true')
386 ->element_exists('p.no-results')
Akron58c60992021-09-07 13:11:43 +0200387 ->tx->res->dom->at('#error')
Akroncdfd9d52019-07-23 11:35:00 +0200388 ;
Akron58c60992021-09-07 13:11:43 +0200389is(defined $err ? $err->text : '', '');
390
Akroncdfd9d52019-07-23 11:35:00 +0200391
392$t->get_ok('/x/invalid')
393 ->status_is(200)
394 ->content_is('okay')
395 ;
396
397# Query without cache
398# The token is invalid and can't be refreshed!
Akron58c60992021-09-07 13:11:43 +0200399$err = $t->get_ok('/?q=baum&cutoff=true')
Akroncdfd9d52019-07-23 11:35:00 +0200400 ->status_is(200)
401 ->session_is('/auth', 'Bearer ' . $access_token_2)
402 ->session_is('/auth_r', $refresh_token_2)
Akroncdfd9d52019-07-23 11:35:00 +0200403 ->element_exists_not('div.notify-error','Access token invalid')
404 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
405 ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]')
406 ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]')
Akronbc6b3f22021-01-13 14:53:12 +0100407 ->content_like(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200408 ->header_isnt('X-Kalamar-Cache', 'true')
409 ->element_exists_not('p.no-results')
Akron58c60992021-09-07 13:11:43 +0200410 ->tx->res->dom->at('#error')
Akron8bbbecf2019-07-01 18:57:30 +0200411 ;
Akron58c60992021-09-07 13:11:43 +0200412is(defined $err ? $err->text : '', '');
Akron8bbbecf2019-07-01 18:57:30 +0200413
Akron33f5c672019-06-24 19:40:47 +0200414
Akroncdfd9d52019-07-23 11:35:00 +0200415$t->get_ok('/x/expired-with-wrong-refresh')
416 ->status_is(200)
417 ->content_is('okay')
418 ;
Akron4796e002019-07-05 10:13:15 +0200419
Akron4796e002019-07-05 10:13:15 +0200420
Akroncdfd9d52019-07-23 11:35:00 +0200421# The token is invalid and can't be refreshed!
Akron58c60992021-09-07 13:11:43 +0200422my $dom = $t->get_ok('/?q=baum&cutoff=true')
Akron3c390c42020-03-30 09:06:21 +0200423 ->status_is(400)
Akroncdfd9d52019-07-23 11:35:00 +0200424 ->session_hasnt('/auth')
425 ->session_hasnt('/auth_r')
Akroncdfd9d52019-07-23 11:35:00 +0200426 ->text_is('div.notify-error','Refresh token is expired')
427 ->text_is('title', 'KorAP: Find »baum« with Poliqarp')
Akronbc6b3f22021-01-13 14:53:12 +0100428 ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/)
Akroncdfd9d52019-07-23 11:35:00 +0200429 ->element_exists('p.no-results')
Akron58c60992021-09-07 13:11:43 +0200430 ->tx->res->dom;
431
432$csrf = $dom->at('input[name="csrf_token"]')
Akron59992122019-10-29 11:28:45 +0100433 ->attr('value')
Akroncdfd9d52019-07-23 11:35:00 +0200434 ;
Akron4796e002019-07-05 10:13:15 +0200435
Akron58c60992021-09-07 13:11:43 +0200436$err = $dom->at('#error');
437is(defined $err ? $err->text : '', '');
438
439
Akron6a228db2021-10-14 15:57:00 +0200440# This should fail
441my $wide_char_login = "\x{61}\x{E5}\x{61}"; # "\x{443}\x{434}";
Akron59992122019-10-29 11:28:45 +0100442$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200443 handle_or_email => $wide_char_login,
Akron6a228db2021-10-14 15:57:00 +0200444 pwd => 'pass',
445 csrf_token => $csrf,
446 fwd => $fwd
447})
448 ->status_is(302)
449 ->header_is('Location' => '/');
450
451$t->get_ok('/')
452 ->status_is(200)
453 ->element_exists('div.notify-error')
454 ->text_is('div.notify-error', 'Invalid character in request')
Akron9fa7cc52022-05-12 11:17:20 +0200455 ->element_exists('input[name=handle_or_email]:not([value])')
Akron6a228db2021-10-14 15:57:00 +0200456 ->element_exists_not('div.button.top a')
457 ;
458
459# Login:
460# UTF8 request
461my $username = b('täst')->encode;
462$t->post_ok('/user/login' => form => {
Akron9fa7cc52022-05-12 11:17:20 +0200463 handle_or_email => $username,
Akron59992122019-10-29 11:28:45 +0100464 pwd => 'pass',
465 csrf_token => $csrf
466})
467 ->status_is(302)
468 ->content_is('')
469 ->header_is('Location' => '/');
470
471$t->get_ok('/')
472 ->status_is(200)
Akron78e0b6f2023-04-12 12:50:29 +0200473 ->content_type_is('text/html;charset=UTF-8')
Akron59992122019-10-29 11:28:45 +0100474 ->element_exists_not('div.notify-error')
475 ->element_exists('div.notify-success')
476 ->text_is('div.notify-success', 'Login successful')
Akron78e0b6f2023-04-12 12:50:29 +0200477 # Weird error in certain environments otherwise
478 ->attr_like('a.logout', 'title', qr!^Logout: t.+st$!)
Akron1d09b532021-06-15 18:18:25 +0200479 ->element_exists_not('aside.off')
Akrondc0b3ab2021-06-18 11:52:43 +0200480 ->element_exists_not('aside.active')
Akron1d09b532021-06-15 18:18:25 +0200481 ->element_exists('aside.settings')
Akron59992122019-10-29 11:28:45 +0100482 ;
483
484$t->get_ok('/settings/oauth')
485 ->text_is('form.form-table legend', 'Register new client application')
486 ->attr_is('form.oauth-register','action', '/settings/oauth/register')
Akron9f2ad342022-05-04 16:16:40 +0200487 ->text_is('label[for=name]','Name of the client application')
488 ->text_is('label[for=type]','Type of the client application')
489 ->text_is('label[for=desc]','Short description')
490 ->text_is('label[for=url]','Homepage')
491 ->text_is('label[for=redirect_uri]','Redirect URI')
492 ->text_is('label[for=src]','Declaration of the plugin (*.json file)')
Akron1a9d5be2020-03-19 17:28:33 +0100493 ->element_exists('ul.client-list')
494 ->element_exists_not('ul.client-list > li')
Akronad011bb2021-06-10 12:16:36 +0200495 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
496 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
497 ->header_is('Pragma','no-cache')
Akron59992122019-10-29 11:28:45 +0100498 ;
Akronad011bb2021-06-10 12:16:36 +0200499
Helgedb720ea2023-03-20 09:39:36 +0100500my $loglines = '';
501$t->app->log->on(
502 message => sub {
503 my ($log, $level, @lines) = @_;
504 if ($level eq 'warn') {
505 $loglines = join ',', @lines;
506 };
507 });
Helge278fbca2022-11-29 18:49:15 +0100508
509$t->get_ok('/settings/marketplace')
510 ->status_is(200)
511 ->text_is('html head title' => 'Marketplace')
Helgedb720ea2023-03-20 09:39:36 +0100512 ->element_exists_not('ul.plugin_list')
513 ->element_exists_not('ul.plugin_in-list')
Helge278fbca2022-11-29 18:49:15 +0100514 ;
515
Helgedb720ea2023-03-20 09:39:36 +0100516is($loglines, '', 'Check log is fine');
517
Akron59992122019-10-29 11:28:45 +0100518$csrf = $t->post_ok('/settings/oauth/register' => form => {
519 name => 'MyApp',
520 type => 'PUBLIC',
Akron6b75d122022-05-12 17:39:05 +0200521 desc => 'This is my plugin application'
Akron59992122019-10-29 11:28:45 +0100522})
523 ->text_is('div.notify-error', 'Bad CSRF token')
524 ->tx->res->dom->at('input[name="csrf_token"]')
525 ->attr('value')
526 ;
527
528$t->post_ok('/settings/oauth/register' => form => {
529 name => 'MyApp',
Akron99968a92022-06-03 12:32:07 +0200530 type => 'PUBLIC',
Akron6b75d122022-05-12 17:39:05 +0200531 desc => 'This is my plugin application',
Akron9f2ad342022-05-04 16:16:40 +0200532 csrf_token => $csrf,
533 src => {
534 filename => '',
535 content => ''
536 }
Akron59992122019-10-29 11:28:45 +0100537})
538 ->status_is(200)
539 ->element_exists('div.notify-success')
540 ->text_is('legend', 'Client Credentials')
541 ->text_is('label[for=client_id]', 'ID of the client application')
542 ->element_exists('input[name=client_id][readonly][value]')
Akron99968a92022-06-03 12:32:07 +0200543 ->element_exists_not('input[name=client_secret][readonly][value]')
Akronad011bb2021-06-10 12:16:36 +0200544 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
545 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
546 ->header_is('Pragma','no-cache')
Akron59992122019-10-29 11:28:45 +0100547 ;
Akron4796e002019-07-05 10:13:15 +0200548
Akron58c60992021-09-07 13:11:43 +0200549my $anchor = $t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200550 ->text_is('.form-table legend', 'Register new client application')
551 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron17de86e2020-04-16 16:03:40 +0200552 ->text_is('ul.client-list > li > span.client-name a', 'MyApp')
Akron6b75d122022-05-12 17:39:05 +0200553 ->text_is('ul.client-list > li > p.client-desc', 'This is my plugin application')
Akronad011bb2021-06-10 12:16:36 +0200554 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
555 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
556 ->header_is('Pragma','no-cache')
Akronb6b156e2022-03-31 14:57:49 +0200557 ->tx->res->dom->at('ul.client-list > li > p.client-url a')
Akron17de86e2020-04-16 16:03:40 +0200558 ;
Akron58c60992021-09-07 13:11:43 +0200559is(defined $anchor ? $anchor->text : '', '');
Akron17de86e2020-04-16 16:03:40 +0200560
Akron041ca4d2021-06-10 11:52:51 +0200561$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akron17de86e2020-04-16 16:03:40 +0200562 ->status_is(200)
Akronc1aaf932021-06-09 12:19:15 +0200563 ->text_is('ul.client-list > li.client > span.client-name', 'MyApp')
Akron6b75d122022-05-12 17:39:05 +0200564 ->text_is('ul.client-list > li.client > p.client-desc', 'This is my plugin application')
Akron17de86e2020-04-16 16:03:40 +0200565 ->text_is('a.client-unregister', 'Unregister')
Akron041ca4d2021-06-10 11:52:51 +0200566 ->attr_is('a.client-unregister', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
Akron1a9d5be2020-03-19 17:28:33 +0100567 ;
568
Akron041ca4d2021-06-10 11:52:51 +0200569$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
Akron1a9d5be2020-03-19 17:28:33 +0100570 ->content_like(qr!Do you really want to unregister \<span class="client-name"\>MyApp\<\/span\>?!)
Akronc1aaf932021-06-09 12:19:15 +0200571 ->attr_is('.form-table input[name=client-name]', 'value', 'MyApp')
Akronad011bb2021-06-10 12:16:36 +0200572 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
573 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
574 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100575 ->tx->res->dom->at('input[name="csrf_token"]')
576 ->attr('value')
577 ;
578
Akron041ca4d2021-06-10 11:52:51 +0200579$t->post_ok('/settings/oauth/xxxx==/unregister' => form => {
Akron1a9d5be2020-03-19 17:28:33 +0100580 'client-name' => 'MyApp',
Akron1a9d5be2020-03-19 17:28:33 +0100581 'csrf_token' => $csrf
582})->status_is(302)
583 ->content_is('')
584 ->header_is('Location' => '/settings/oauth')
585 ;
586
587$t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200588 ->text_is('.form-table legend', 'Register new client application')
589 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron1a9d5be2020-03-19 17:28:33 +0100590 ->element_exists('ul.client-list > li')
591 ->text_is('div.notify', 'Unknown client with xxxx==.')
Akronad011bb2021-06-10 12:16:36 +0200592 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
593 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
594 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100595 ;
596
Akron041ca4d2021-06-10 11:52:51 +0200597$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister' => form => {
Akron1a9d5be2020-03-19 17:28:33 +0100598 'client-name' => 'MyApp',
Akron1a9d5be2020-03-19 17:28:33 +0100599 'csrf_token' => $csrf
600})->status_is(302)
601 ->content_is('')
602 ->header_is('Location' => '/settings/oauth')
603 ;
604
605$t->get_ok('/settings/oauth')
Akronc1aaf932021-06-09 12:19:15 +0200606 ->text_is('.form-table legend', 'Register new client application')
607 ->attr_is('.oauth-register','action', '/settings/oauth/register')
Akron1a9d5be2020-03-19 17:28:33 +0100608 ->element_exists_not('ul.client-list > li')
609 ->text_is('div.notify-success', 'Successfully deleted MyApp')
Akronad011bb2021-06-10 12:16:36 +0200610 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
611 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
612 ->header_is('Pragma','no-cache')
Akron1a9d5be2020-03-19 17:28:33 +0100613 ;
614
Akron83209f72021-01-29 17:54:15 +0100615$t->post_ok('/settings/oauth/register' => form => {
616 name => 'MyApp2',
617 type => 'PUBLIC',
Akron6b75d122022-05-12 17:39:05 +0200618 desc => 'This is my plugin application',
Akron83209f72021-01-29 17:54:15 +0100619 csrf_token => $csrf
620})->status_is(200)
621 ->element_exists('div.notify-success')
622 ->text_is('legend', 'Client Credentials')
623 ->text_is('label[for=client_id]', 'ID of the client application')
624 ->element_exists('input[name=client_id][readonly][value]')
625 ->element_exists_not('input[name=client_secret][readonly][value]')
Akronad011bb2021-06-10 12:16:36 +0200626 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
627 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
628 ->header_is('Pragma','no-cache')
Akronb6b156e2022-03-31 14:57:49 +0200629 ->element_exists('.client-issue-token')
Akron83209f72021-01-29 17:54:15 +0100630 ;
631
Akron041ca4d2021-06-10 11:52:51 +0200632$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akron83209f72021-01-29 17:54:15 +0100633 ->text_is('.client-name', 'MyApp2')
Akron6b75d122022-05-12 17:39:05 +0200634 ->text_is('.client-desc', 'This is my plugin application')
Akrone997bb52021-06-11 16:44:06 +0200635 ->text_is('.client-issue-token', 'Issue new token')
Akron041ca4d2021-06-10 11:52:51 +0200636 ->attr_is('.client-issue-token', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
Akronad011bb2021-06-10 12:16:36 +0200637 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
638 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
639 ->header_is('Pragma','no-cache')
Akrone997bb52021-06-11 16:44:06 +0200640 ->text_is('ul.token-list label[for=token]', 'Access Token')
641 ->text_is('p[name=created]', 'Created at ')
642 ->text_is('p[name=expires]', 'Expires in 31533851 seconds.')
Akronb6b156e2022-03-31 14:57:49 +0200643 ->element_exists('.client-issue-token')
Akron83209f72021-01-29 17:54:15 +0100644 ;
645
Akron041ca4d2021-06-10 11:52:51 +0200646$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
Akron83209f72021-01-29 17:54:15 +0100647 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200648 ->attr_is('#issue-token','action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token')
Akron83209f72021-01-29 17:54:15 +0100649 ->attr_is('input[name=client-id]', 'value', 'fCBbQkA2NDA3MzM1Yw==')
650 ->attr_is('input[name=name]', 'value', 'MyApp2')
Akronad011bb2021-06-10 12:16:36 +0200651 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
652 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
653 ->header_is('Pragma','no-cache')
Akrone997bb52021-06-11 16:44:06 +0200654 ->text_is('a.button-abort', 'Abort')
655 ->attr_is('#issue-token input[type=submit]', 'value', 'Issue new token')
656 ->content_like(qr!Issue a new token for!)
Akron83209f72021-01-29 17:54:15 +0100657 ->tx->res->dom->at('input[name="csrf_token"]')
658 ->attr('value')
659 ;
660
Akron041ca4d2021-06-10 11:52:51 +0200661$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token' => form => {
Akron83209f72021-01-29 17:54:15 +0100662 csrf_token => $csrf,
663 name => 'MyApp2',
664 'client-id' => 'fCBbQkA2NDA3MzM1Yw=='
665})
Akronbc94a9c2021-04-15 00:07:35 +0200666 ->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200667 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronbc94a9c2021-04-15 00:07:35 +0200668 ;
669
Akron041ca4d2021-06-10 11:52:51 +0200670$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
671 ->status_is(200)
Akronbc94a9c2021-04-15 00:07:35 +0200672 ->text_is('div.notify-success', 'New access token created')
Akronad011bb2021-06-10 12:16:36 +0200673 ->status_is(200)
674 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
675 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
676 ->header_is('Pragma','no-cache')
Akron83209f72021-01-29 17:54:15 +0100677 ;
678
Akrone3daaeb2023-05-08 09:44:18 +0200679$t->post_ok('/settings/oauth/307/token' => form => {
680 csrf_token => $csrf,
681 name => 'MyApp2',
682})
683 ->status_is(302)
684 ->header_is('Location','/settings/oauth/307')
685 ;
686
687$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
688 ->status_is(200)
689 ->text_is('div.notify-success', 'New access token created')
690 ->status_is(200)
691 ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
692 ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
693 ->header_is('Pragma','no-cache')
694 ;
695
696
Akron041ca4d2021-06-10 11:52:51 +0200697$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200698 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200699 ->attr_is('form.token-revoke', 'action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke')
Akronc1aaf932021-06-09 12:19:15 +0200700 ->attr_is('form.token-revoke input[name=token]', 'value', 'jhkhkjhk_hjgjsfz67i')
701 ->attr_is('form.token-revoke input[name=name]', 'value', 'MyApp2')
702 ->tx->res->dom->at('input[name="csrf_token"]')
703 ->attr('value')
704 ;
705
Akron041ca4d2021-06-10 11:52:51 +0200706$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200707 csrf_token => $csrf,
708 name => 'MyApp2',
709 token => 'jhkhkjhk_hjgjsfz67i'
710})
711 ->status_is(200)
Akron041ca4d2021-06-10 11:52:51 +0200712 ->attr_is('form#revoke-token','action','/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE')
Akronc1aaf932021-06-09 12:19:15 +0200713 ->attr_is('form#revoke-token','method','POST')
714 ->attr_is('form#revoke-token input[name=token]','value','jhkhkjhk_hjgjsfz67i')
Akrone997bb52021-06-11 16:44:06 +0200715 ->text_is('a.button-abort', 'Abort')
716 ->attr_is('#revoke-token input[type=submit]', 'value', 'Revoke')
717 ->content_like(qr!Revoke a token for!)
Akronc1aaf932021-06-09 12:19:15 +0200718;
719
720
721# CSRF missing
Akron041ca4d2021-06-10 11:52:51 +0200722$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200723 name => 'MyApp2',
724 token => 'jhkhkjhk_hjgjsfz67i'
725})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200726 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200727 ;
728
Akron041ca4d2021-06-10 11:52:51 +0200729$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200730 ->element_exists_not('div.notify-success')
731 ->text_is('div.notify-error', 'Bad CSRF token')
732 ;
733
734# Token missing
Akron041ca4d2021-06-10 11:52:51 +0200735$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200736 name => 'MyApp2',
737 csrf_token => $csrf,
738})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200739 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200740 ;
741
Akron041ca4d2021-06-10 11:52:51 +0200742$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200743 ->element_exists_not('div.notify-success')
744 ->text_is('div.notify-error', 'Some fields are invalid')
745 ;
746
Akron041ca4d2021-06-10 11:52:51 +0200747$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
Akronc1aaf932021-06-09 12:19:15 +0200748 name => 'MyApp2',
749 csrf_token => $csrf,
750 token => 'jhkhkjhk_hjgjsfz67i'
751})->status_is(302)
Akron041ca4d2021-06-10 11:52:51 +0200752 ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200753 ;
754
Akron041ca4d2021-06-10 11:52:51 +0200755$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
Akronc1aaf932021-06-09 12:19:15 +0200756 ->element_exists_not('div.notify-error')
757 ->text_is('div.notify-success', 'Token was revoked successfully')
758 ;
Akron83209f72021-01-29 17:54:15 +0100759
Akronb6b156e2022-03-31 14:57:49 +0200760$t->app->routes->get('/x/redirect-target')->to(
761 cb => sub {
762 my $c = shift;
763 return $c->render(text => 'redirected');
764 }
765);
766
767$csrf = $t->post_ok('/settings/oauth/register' => form => {
768 name => 'MyConfApp',
769 type => 'CONFIDENTIAL',
Akron6b75d122022-05-12 17:39:05 +0200770 desc => 'This is my plugin application',
Akronb6b156e2022-03-31 14:57:49 +0200771})
772 ->text_is('div.notify-error', 'Bad CSRF token')
773 ->tx->res->dom->at('input[name="csrf_token"]')
774 ->attr('value')
775 ;
776
777$t->post_ok('/settings/oauth/register' => form => {
778 name => 'MyConfApp',
779 type => 'CONFIDENTIAL',
780 desc => 'This is my confidential application',
781 csrf_token => $csrf,
782 redirect_uri => 'http://localhost/redirect-target'
783})
784 ->text_is('div.notify-error', undef)
785 ->text_is('li.client span.client-name', 'MyConfApp')
786 ->text_is('li.client p.client-desc', 'This is my confidential application')
787 ->text_is('li.client .client-redirect-uri tt', 'http://localhost/redirect-target')
788 ->text_is('li.client .client-type tt', 'CONFIDENTIAL')
789 ->element_exists_not('.client-issue-token')
790 ;
791
792$t->post_ok('/settings/oauth/register' => form => {
793 name => 'MyConfApp2',
794 type => 'CONFIDENTIAL',
795 desc => 'This is my second confidential application',
796 csrf_token => $csrf,
797 redirect_uri => 'http://localhost/FAIL'
798})
799 ->status_is(302)
800 ->header_is('location','/settings/oauth/')
801 ;
802
803$t->get_ok('/settings/oauth/')
804 ->text_is('div.notify-error', 'invalid_request: http://localhost/FAIL is invalid.')
805 ;
806
Akrona8efaa92022-04-09 14:45:43 +0200807# OAuth client authorization flow
808$t->get_ok(Mojo::URL->new('/settings/oauth/authorize'))
809 ->status_is(302)
Akron5ea0f5d2023-01-20 11:51:43 +0100810 ->header_is('location','/settings/oauth')
811 ;
812
813$t->get_ok('/settings/oauth/')
Akron2c142ab2023-01-30 13:21:57 +0100814 ->text_is('div.notify-error', 'Client ID required')
815 ;
816
817$t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=xyz'))
818 ->status_is(302)
819 ->header_is('location','/settings/oauth')
820 ;
821
822$t->get_ok('/settings/oauth/')
823 ->text_is('div.notify-error', 'Scope required')
Akrona8efaa92022-04-09 14:45:43 +0200824 ;
825
Akrondb1f4672023-01-24 12:05:07 +0100826# OAuth client authorization flow
827$t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=abc'))
828 ->status_is(302)
829 ->header_is('location','/settings/oauth')
830 ;
831
832$t->get_ok('/settings/oauth/')
Akron2c142ab2023-01-30 13:21:57 +0100833 ->text_is('div.notify-error', 'Scope required')
834 ;
835
836# OAuth client authorization flow
837$t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=abc&scope=match'))
838 ->status_is(302)
839 ->header_is('location','/settings/oauth')
840 ;
841
842$t->get_ok('/settings/oauth/')
Akrondb1f4672023-01-24 12:05:07 +0100843 ->text_is('div.notify-error', 'Unknown client with abc.')
844 ;
845
Akrona8efaa92022-04-09 14:45:43 +0200846# Logout
847$t->get_ok('/x/expired-with-wrong-refresh');
848
849$t->get_ok('/user/logout')
850 ->status_is(302)
851 ->session_hasnt('/auth')
852 ->session_hasnt('/auth_r')
853 ->session_hasnt('/user')
854 ->header_is('Location' => '/');
855
Akron001dcd22023-02-07 08:38:11 +0100856$t->get_ok('/')
Akrona8efaa92022-04-09 14:45:43 +0200857 ->status_is(200)
858 ->element_exists_not('div.notify-error')
859 ->element_exists('div.notify-success')
860 ->text_is('div.notify-success', 'Logout successful')
Akron9fa7cc52022-05-12 11:17:20 +0200861 ->element_exists("input[name=handle_or_email]")
Akron001dcd22023-02-07 08:38:11 +0100862 ;
863
864# OAuth client authorization flow - but user not logged in
865$t->get_ok(Mojo::URL->new('/settings/oauth/authorize'))
866 ->status_is(302)
867 ->header_is('location','/')
868 ;
869
870$csrf = $t->get_ok('/')
871 ->status_is(200)
872 ->element_exists('div.notify-error')
873 ->element_exists_not('div.notify-success')
874 ->text_is('div.notify-error', 'Client ID required')
875 ->element_exists("input[name=handle_or_email]")
Akrona8efaa92022-04-09 14:45:43 +0200876 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
877 ;
878
Akron408bc7c2022-04-28 15:46:43 +0200879$fake_backend_app->add_client({
880 "client_id" => 'xyz',
881 "client_name" => 'New added client',
882 "client_description" => 'This is a new client',
883 "client_url" => 'http://example.com',
884 "client_type" => 'CONFIDENTIAL'
885# "client_redirect_uri" => $redirect_uri
886});
887
Akron0cbcc072024-10-08 14:04:42 +0200888$fake_backend_app->add_client({
889 "client_id" => 'xyz-public',
890 "client_name" => 'New added public client',
891 "client_description" => 'This is a new public client',
892 "client_url" => 'http://example.com',
893 "client_type" => 'PUBLIC'
894# "client_redirect_uri" => $redirect_uri
895});
896
Helge278fbca2022-11-29 18:49:15 +0100897
Akron9d826902023-01-25 10:20:52 +0100898$fake_backend_app->add_client({
899 "client_id" => 'xyz2',
900 "client_name" => 'New added client',
901 "client_description" => 'This is a new client',
902 "client_url" => 'http://example.com',
903 "client_type" => 'CONFIDENTIAL',
904 "client_redirect_uri" => 'http://redirect.url/'
905});
906
Akroneb39cf32023-04-03 14:40:48 +0200907$t->get_ok('/settings/oauth/xyz2')
908 ->status_is(200)
909 ->text_is('li.client span.client-name','New added client')
910 ->attr_is('li.client p.client-url a','href','http://example.com')
911 ->attr_is('li.client input[name=client_id]','value','xyz2')
912 ->element_exists('li.client p.client-type-confidential')
913 ->text_is('li.client p.client-redirect-uri tt','http://redirect.url/')
914 ;
915
Akron9d826902023-01-25 10:20:52 +0100916$fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
917 client_id => 'xyz2',
918 scope => 'search match',
919 redirect_uri => 'http://test.com/',
920}))
921 ->status_is(200)
922 ->text_is('div.notify-warn', 'redirect_uri host differs from registered host')
923 ->element_exists_not('div.notify-error')
924 ->element_exists_not('div.notify-success')
925 ->element_exists("input[name=handle_or_email]")
926 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
927 ;
928
929$fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
930 client_id => 'xyz2',
931 scope => 'search match',
932 redirect_uri => 'http://redirect.url:9000/',
933}))
934 ->status_is(200)
935 ->text_is('div.notify-warn', 'redirect_uri port differs from registered port')
936 ->element_exists_not('div.notify-error')
937 ->element_exists_not('div.notify-success')
938 ->element_exists("input[name=handle_or_email]")
939 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
940 ;
941
Helge278fbca2022-11-29 18:49:15 +0100942
943$fake_backend_app->add_plugin({
944"source" => {"key1" => 'wert1', "key2" => 'wert2'},
Helge278fbca2022-11-29 18:49:15 +0100945"client_id" => '52abc',
Helgedb720ea2023-03-20 09:39:36 +0100946"permitted" => 'true',
Helge278fbca2022-11-29 18:49:15 +0100947"client_name" => 'Plugin 1',
948"client_type" => 'CONFIDENTIAL',
Helgedb720ea2023-03-20 09:39:36 +0100949"client_description" => 'Description Plugin 1',
950"client_url" => 'http://example.client.de',
951"registration_date" => '2022-05-31T14:30:09+02:00[Europe/Berlin]',
Helge216a4822024-06-17 12:02:34 +0200952"registered_by" => 'testuser',
953"refresh_token_expiry" => '7776000',
Helge278fbca2022-11-29 18:49:15 +0100954});
955
956
Akrona8efaa92022-04-09 14:45:43 +0200957$fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
958 client_id => 'xyz',
959 state => 'abcde',
960 scope => 'search match',
961 redirect_uri => 'http://test.com/',
962}))
963 ->status_is(200)
964 ->attr_is('input[name=client_id]','value','xyz')
965 ->attr_is('input[name=state]','value','abcde')
Akrona8efaa92022-04-09 14:45:43 +0200966 ->attr_like('input[name=fwd]','value',qr!test\.com!)
Akron408bc7c2022-04-28 15:46:43 +0200967 ->text_is('span.client-name','New added client')
Akrona8efaa92022-04-09 14:45:43 +0200968 ->text_is('div.intro p:nth-child(2)', 'Please log in!')
969 ->tx->res->dom->at('input[name=fwd]')->attr('value')
970 ;
971
972$fwd = $t->post_ok(Mojo::URL->new('/user/login')->query({
973 csrf_token => $csrf,
974 client_id => 'xyz',
975 state => 'abcde',
976 scope => 'search match',
977 redirect_uri => 'http://test.com/',
Akron9fa7cc52022-05-12 11:17:20 +0200978 handle_or_email => 'test',
Akrona8efaa92022-04-09 14:45:43 +0200979 pwd => 'pass',
980 fwd => $fwd
981}))
982 ->status_is(302)
983 ->header_like('location', qr!/settings/oauth/authorize!)
984 ->tx->res->headers->header('location')
985 ;
986
987$t->get_ok($fwd)
988 ->status_is(200)
989 ->attr_is('input[name=client_id]','value','xyz')
990 ->attr_is('input[name=state]','value','abcde')
Akron9d826902023-01-25 10:20:52 +0100991 ->attr_like('input[name=redirect_uri]','value', qr!^http://test\.com\/\?crto=.{3,}!)
Akrona8efaa92022-04-09 14:45:43 +0200992 ->text_is('ul#scopes li:nth-child(1)','search')
993 ->text_is('ul#scopes li:nth-child(2)','match')
Akron408bc7c2022-04-28 15:46:43 +0200994 ->text_is('span.client-name','New added client')
Akrona8efaa92022-04-09 14:45:43 +0200995 ->attr_is('a.form-button','href','http://test.com/')
996 ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar')
Akron9d826902023-01-25 10:20:52 +0100997 ->element_exists_not('div.notify-error')
998 ->element_exists_not('div.notify-warn')
999 ->element_exists_not('blockquote.warning')
Akron0cbcc072024-10-08 14:04:42 +02001000 ->text_is('h2 + p', ' wants to have access')
Akrona8efaa92022-04-09 14:45:43 +02001001 ;
1002
Akron0cbcc072024-10-08 14:04:42 +02001003$fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1004 client_id => 'xyz-public',
1005 state => 'abcde',
1006 scope => 'search match',
1007 redirect_uri => 'http://test.com/',
1008}))
1009 ->status_is(200)
1010 ->attr_is('input[name=client_id]','value','xyz-public')
1011 ->attr_is('input[name=state]','value','abcde')
1012 ->attr_like('input[name=redirect_uri]','value', qr!^http://test\.com\/\?crto=.{3,}!)
1013 ->text_is('ul#scopes li:nth-child(1)','search')
1014 ->text_is('ul#scopes li:nth-child(2)','match')
1015 ->text_is('span.client-name','New added public client')
1016 ->attr_is('a.form-button','href','http://test.com/')
1017 ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar')
1018 ->element_exists_not('div.notify-error')
1019 ->element_exists_not('div.notify-warn')
1020 ->text_is('blockquote.warning','Warning - this is a public client!')
1021 ->text_is('h2 + p', ' wants to have access')
1022 ;
1023
1024
Helge278fbca2022-11-29 18:49:15 +01001025$t->get_ok('/settings/marketplace')
1026 ->status_is(200)
1027 ->text_is('html head title' => 'Marketplace')
1028 ->element_exists('ul.plugin-list')
1029 ->element_exists('ul.plugin-list > li')
Helge278fbca2022-11-29 18:49:15 +01001030 ->text_is('span.client-name','Plugin 1')
1031 ->text_is('p.plugin-desc','Description Plugin 1')
Helge216a4822024-06-17 12:02:34 +02001032 ->text_is('p.registration_date', 'Date of registration: 2022-05-31T14:30:09+02:00[Europe/Berlin]')
1033 ->text_is('p.registered_by', 'Registered by: testuser')
Helge278fbca2022-11-29 18:49:15 +01001034 ;
1035
Helgedb720ea2023-03-20 09:39:36 +01001036
1037
Helge278fbca2022-11-29 18:49:15 +01001038$fake_backend_app->add_plugin({
1039"source" => {"one" => '1', "two" => '2'},
1040"permitted" => 'false',
1041"client_id" => '53abc',
1042"client_name" => 'Plugin 2',
1043"client_type" => 'CONFIDENTIAL',
1044"client_description" =>'Description Plugin 2'
1045});
1046
Helge278fbca2022-11-29 18:49:15 +01001047$t->get_ok('/settings/marketplace')
1048 ->status_is(200)
1049 ->element_exists('ul.plugin-list')
1050 ->element_exists('ul.plugin-list > li')
1051 ->text_is('span.client-name','Plugin 1')
1052 ->text_is('p.plugin-desc','Description Plugin 1')
1053 ->element_exists('ul.plugin-list > li + li')
Helgedb720ea2023-03-20 09:39:36 +01001054 ->text_is('ul.plugin-list > li + li >span.client-name','Plugin 2')
1055 ->text_is('ul.plugin-list > li + li >p.plugin-desc','Description Plugin 2')
Helge278fbca2022-11-29 18:49:15 +01001056 ;
1057
Helged36478d2023-06-08 17:43:01 +02001058$t->post_ok('/settings/marketplace/install', form => {'client-id' => '52abc'})
Helgedb720ea2023-03-20 09:39:36 +01001059 ->status_is(302)
1060 ->header_is(location => '/settings/marketplace')
1061 ;
Helgedb720ea2023-03-20 09:39:36 +01001062$t->ua->max_redirects(1);
1063
Helged36478d2023-06-08 17:43:01 +02001064$t->post_ok('/settings/marketplace/install', form => {'client-id' => '52abc'})
Helgedb720ea2023-03-20 09:39:36 +01001065 ->status_is(200)
1066 ->element_exists('ul.plugin-list')
1067 ->element_exists('ul.plugin-list > li')
1068 ->text_is('ul.plugin-list > li > span.client-name','Plugin 2')
1069 ->text_is('ul.plugin-list > li > p.plugin-desc','Description Plugin 2')
1070 ->element_exists_not('ul.plugin-list > li + li')
1071 ->element_exists('ul.plugin_in-list')
1072 ->element_exists('ul.plugin_in-list > li')
1073 ->text_is('ul.plugin_in-list > li > span.client-name','Plugin 1')
Helge216a4822024-06-17 12:02:34 +02001074 ->text_is('ul.plugin_in-list > li > p.inst_date','Installation date: 2022-12-13T16:33:27.621+01:00[Europe/Berlin]')
Helgedb720ea2023-03-20 09:39:36 +01001075 ;
1076
1077$t->ua->max_redirects(0);
1078
Helged36478d2023-06-08 17:43:01 +02001079 $t->post_ok('/settings/marketplace/install', form => {'client-id' => 'unsinn31'})
Helgedb720ea2023-03-20 09:39:36 +01001080 ->status_is(302)
1081 ->header_is(location => '/settings/marketplace')
1082 ;
1083
1084$t->ua->max_redirects(1);
1085
Helged36478d2023-06-08 17:43:01 +02001086$t->post_ok('/settings/marketplace/install', form => {'client-id' => 'unsinn31'})
Helgedb720ea2023-03-20 09:39:36 +01001087 ->status_is(200)
1088 ->text_is('div.notify-error', 'Plugin could not be installed')
1089 ;
1090
Helged36478d2023-06-08 17:43:01 +02001091$t->post_ok('/settings/marketplace/uninstall', form => {'client-id' => '52abc'})
1092 ->status_is(200)
1093 ->element_exists('ul.plugin-list')
1094 ->element_exists('ul.plugin-list > li')
1095 ->text_is('span.client-name','Plugin 1')
1096 ->text_is('p.plugin-desc','Description Plugin 1')
1097 ->element_exists('ul.plugin-list > li + li')
1098 ->text_is('ul.plugin-list > li + li >span.client-name','Plugin 2')
1099 ->text_is('ul.plugin-list > li + li >p.plugin-desc','Description Plugin 2')
1100 ->element_exists_not('ul.plugin_in-list')
1101 ;
1102
1103$t->post_ok('/settings/marketplace/uninstall', form => {'client-id' => 'quatsch12'})
1104 ->status_is(200)
1105 ->text_is('div.notify-error', 'Plugin could not be uninstalled')
1106 ;
1107
Helgedb720ea2023-03-20 09:39:36 +01001108$t->ua->max_redirects(0);
Helge278fbca2022-11-29 18:49:15 +01001109
Akrona8efaa92022-04-09 14:45:43 +02001110$t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1111 client_id => 'xyz',
1112 state => 'abcde',
1113 scope => 'search match',
1114 redirect_uri => 'http://test.com/'
1115}))
1116 ->status_is(200)
1117 ->attr_is('input[name=client_id]','value','xyz')
1118 ->attr_is('input[name=state]','value','abcde')
Akrona8efaa92022-04-09 14:45:43 +02001119 ->text_is('ul#scopes li:nth-child(1)','search')
1120 ->text_is('ul#scopes li:nth-child(2)','match')
Akron408bc7c2022-04-28 15:46:43 +02001121 ->text_is('span.client-name','New added client')
Akrona8efaa92022-04-09 14:45:43 +02001122 ->attr_is('a.form-button','href','http://test.com/')
1123 ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar')
1124 ;
1125
1126$t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1127 client_id => 'xyz',
1128 state => 'abcde',
1129 scope => 'search match',
1130 redirect_uri => 'http://test.com/'
1131}))
1132 ->status_is(302)
Akron9d826902023-01-25 10:20:52 +01001133 ->header_is('location', '/settings/oauth?error_description=Bad+CSRF+token')
Akrona8efaa92022-04-09 14:45:43 +02001134 ;
1135
Akrona8f87cc2023-02-23 12:21:30 +01001136
1137my $local_port = $t->get_ok('/')->tx->local_port;
1138my $remote_port = $t->get_ok('/')->tx->remote_port;
1139
1140like($local_port, qr!^\d+$!);
1141like($remote_port, qr!^\d+$!);
1142
1143my $port = $remote_port;
1144
1145my $redirect_url_fakeapi = $t->app->close_redirect_to(Mojo::URL->new('http://localhost:' . $port)->path($fake_backend_app->url_for('return_uri'))->to_abs->to_string);
1146
Akrona8efaa92022-04-09 14:45:43 +02001147$fwd = $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1148 client_id => 'xyz',
1149 state => 'abcde',
1150 scope => 'search match',
Akrona8f87cc2023-02-23 12:21:30 +01001151 redirect_uri_server => 'http://localhost:'.$port,
1152 redirect_uri => "$redirect_url_fakeapi",
Akrona8efaa92022-04-09 14:45:43 +02001153 csrf_token => $csrf,
1154}))
1155 ->status_is(302)
Akrona8f87cc2023-02-23 12:21:30 +01001156 ->header_like('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?code=.+$!)
Akrona8efaa92022-04-09 14:45:43 +02001157 ->tx->res->headers->header('location')
1158 ;
1159
Akronf47813c2023-05-08 16:24:03 +02001160unless ($^O eq 'MSWin32') {
1161 $t->get_ok($fwd)
1162 ->status_is(200)
1163 ->content_like(qr'welcome back! \[(.+?)\]')
1164 ;
1165};
Akrona8efaa92022-04-09 14:45:43 +02001166
Akrona8f87cc2023-02-23 12:21:30 +01001167my $fake_port = $port;
1168
1169while ($fake_port == $remote_port || $fake_port == $local_port) {
1170 $fake_port++;
1171};
1172
1173$redirect_url_fakeapi = $t->app->close_redirect_to(Mojo::URL->new('http://localhost:' . $fake_port)->path($fake_backend_app->url_for('return_uri'))->to_abs->to_string);
1174
1175$fwd = $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1176 client_id => 'xyz',
1177 state => 'abcde',
1178 scope => 'search match',
1179 redirect_uri_server => 'http://localhost:'.$port,
1180 redirect_uri => "$redirect_url_fakeapi",
1181 csrf_token => $csrf,
1182}))
1183 ->status_is(302)
1184 ->header_unlike('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?error_description=Connection\+refused$!)
1185 ->header_like('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?code=.+?$!)
1186 ->tx->res->headers->header('location')
1187 ;
1188
Akrona8efaa92022-04-09 14:45:43 +02001189$t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1190 client_id => 'xyz',
Akron9ccf69a2023-01-31 14:21:37 +01001191 state => 'abcde',
1192 scope => 'search match',
1193 redirect_uri_server => 'http://example.com/',
1194 redirect_uri => $t->app->close_redirect_to('http://wrong'),
1195 csrf_token => $csrf,
1196}))
1197 ->status_is(302)
1198 ->header_is('location', '/settings/oauth')
1199 ->tx->res->headers->header('location')
1200 ;
1201
1202$t->get_ok('/settings/oauth')
1203 ->text_is('div.notify-error', 'Invalid redirect URI')
1204 ;
1205
1206$t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({
1207 client_id => 'xyz',
Akrona8efaa92022-04-09 14:45:43 +02001208 state => 'fail',
1209 scope => 'search match',
Akron9d826902023-01-25 10:20:52 +01001210# redirect_uri_server => 'http://example.com/',
Akrona8efaa92022-04-09 14:45:43 +02001211 redirect_uri => $fake_backend_app->url_for('return_uri')->to_abs,
1212 csrf_token => $csrf,
1213}))
1214 ->status_is(302)
Akron9d826902023-01-25 10:20:52 +01001215 ->header_is('location', '/realapi/fakeclient/return?error_description=FAIL')
Akrona8efaa92022-04-09 14:45:43 +02001216 ;
1217
Akron9f2ad342022-05-04 16:16:40 +02001218my $json_post = {
1219 name => 'Funny',
1220 type => 'PUBLIC',
Akron6b75d122022-05-12 17:39:05 +02001221 desc => 'This is my plugin application 2',
Akron9f2ad342022-05-04 16:16:40 +02001222 csrf_token => $csrf,
1223 src => 'hMMM'
1224};
1225
1226$t->post_ok('/settings/oauth/register' => form => $json_post)
1227 ->status_is(200)
1228 ->element_exists('div.notify-error')
Akron99968a92022-06-03 12:32:07 +02001229 ->text_is('div.notify-error', 'Plugin declarations need to be json files')
1230 ;
1231
1232$json_post->{src} = {
1233 content => 'jjjjjj',
1234 filename => 'fun.txt'
1235};
1236
1237$t->post_ok('/settings/oauth/register' => form => $json_post)
1238 ->status_is(200)
1239 ->element_exists('div.notify-error')
Akron9f2ad342022-05-04 16:16:40 +02001240 ->text_is('div.notify-error', 'Plugins need to be confidential')
1241 ;
1242
1243$json_post->{type} = 'CONFIDENTIAL';
1244
Akron99968a92022-06-03 12:32:07 +02001245# This somehow gets removed in the last form send ...
Akron9f2ad342022-05-04 16:16:40 +02001246$json_post->{src} = {
1247 content => 'jjjjjj',
1248 filename => 'fun.txt'
1249};
1250
1251$t->post_ok('/settings/oauth/register' => form => $json_post)
1252 ->status_is(200)
1253 ->element_exists('div.notify-error')
1254 ->text_is('div.notify-error', 'Plugin declarations need to be json files')
1255 ;
1256
1257$json_post->{src} = {
1258 content => '{"name":"example"}',
1259 filename => 'fun.txt'
1260};
1261
1262$t->post_ok('/settings/oauth/register' => form => $json_post)
1263 ->status_is(200)
1264 ->element_exists_not('div.notify-error')
1265 ->element_exists('div.notify-success')
1266 ->text_is('div.notify-success', 'Registration successful')
1267 ;
1268
Akron6b75d122022-05-12 17:39:05 +02001269$t->get_ok('/settings/oauth/jh0gfjhjbfdsgzjghj==')
1270 ->status_is(200)
1271 ->text_is('div.notify-error', undef)
1272 ->text_is('li.client #client_source', '{"name":"example"}')
1273 ->text_is('li.client span.client-name', 'Funny')
1274 ->text_is('li.client p.client-desc', 'This is my plugin application 2')
1275 ->element_exists_not('li.client .client-redirect-uri tt')
1276 ->text_is('li.client .client-type tt', 'CONFIDENTIAL')
1277 ;
Akron9f2ad342022-05-04 16:16:40 +02001278
Akronb6b156e2022-03-31 14:57:49 +02001279
Akron66ef3b52022-11-22 14:25:15 +01001280# Retest client with super_client_file
1281my $client_file = tempfile;
1282
Akron889bc202024-03-15 17:16:55 +01001283$client_file->spew(
Akron66ef3b52022-11-22 14:25:15 +01001284 '{"client_id":"2","client_secret":"k414m4r-s3cr3t"}'
1285);
1286
1287$t = Test::Mojo::WithRoles->new('Kalamar' => {
1288 Kalamar => {
1289 plugins => ['Auth']
1290 },
1291 'Kalamar-Auth' => {
1292 client_file => $client_file,
1293 oauth2 => 1
1294 }
1295});
1296
1297$t->app->plugin(
1298 Mount => {
1299 $mount_point =>
1300 $fixtures_path->child('mock.pl')
1301 }
1302);
1303
1304$csrf = $t->get_ok('/')
1305 ->status_is(200)
1306 ->element_exists_not('div.button.top a')
1307 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
1308 ;
1309
1310$t->post_ok('/user/login' => form => {
1311 handle_or_email => 'test',
1312 pwd => 'pass',
1313 csrf_token => $csrf
1314})
1315 ->status_is(302)
1316 ->header_is('Location' => '/')
1317 ->content_is('');
1318
1319$t->get_ok('/')
1320 ->status_is(200)
1321 ->element_exists_not('div.notify-error')
1322 ->element_exists('div.notify-success')
1323 ->text_is('div.notify-success', 'Login successful')
1324 ->element_exists_not('aside.off')
1325 ->element_exists_not('aside.active')
1326 ->element_exists('aside.settings')
1327 ;
1328
Akron53a171e2022-12-05 18:22:58 +01001329$main::ENV{KALAMAR_CLIENT_FILE} = $client_file;
1330
1331$t = Test::Mojo::WithRoles->new('Kalamar' => {
1332 Kalamar => {
1333 plugins => ['Auth']
1334 },
1335 'Kalamar-Auth' => {
1336 oauth2 => 1,
1337# client_file => $client_file,
1338 }
1339});
1340
1341$t->app->plugin(
1342 Mount => {
1343 $mount_point =>
1344 $fixtures_path->child('mock.pl')
1345 }
1346);
1347
1348$csrf = $t->get_ok('/')
1349 ->status_is(200)
1350 ->element_exists_not('div.button.top a')
1351 ->tx->res->dom->at('input[name=csrf_token]')->attr('value')
1352 ;
1353
1354$t->post_ok('/user/login' => form => {
1355 handle_or_email => 'test',
1356 pwd => 'pass',
1357 csrf_token => $csrf
1358})
1359 ->status_is(302)
1360 ->header_is('Location' => '/')
1361 ->content_is('');
1362
1363$t->get_ok('/')
1364 ->status_is(200)
1365 ->element_exists_not('div.notify-error')
1366 ->element_exists('div.notify-success')
1367 ->text_is('div.notify-success', 'Login successful')
1368 ->element_exists_not('aside.off')
1369 ->element_exists_not('aside.active')
1370 ->element_exists('aside.settings')
1371 ;
1372
Akron66ef3b52022-11-22 14:25:15 +01001373
Akron33f5c672019-06-24 19:40:47 +02001374done_testing;
1375__END__
Akrona8efaa92022-04-09 14:45:43 +02001376
1377