Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 1 | use Mojo::Base -strict; |
| 2 | use Test::More; |
Akron | 6a228db | 2021-10-14 15:57:00 +0200 | [diff] [blame] | 3 | use Mojo::ByteStream 'b'; |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 4 | use Test::Mojo::WithRoles 'Session'; |
Akron | 66ef3b5 | 2022-11-22 14:25:15 +0100 | [diff] [blame] | 5 | use Mojo::File qw/path tempfile/; |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 6 | use Data::Dumper; |
| 7 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 8 | ##################### |
| 9 | # Start Fake server # |
| 10 | ##################### |
Akron | 63d963b | 2019-07-05 15:35:51 +0200 | [diff] [blame] | 11 | my $mount_point = '/realapi/'; |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 12 | $ENV{KALAMAR_API} = $mount_point; |
| 13 | |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 14 | my $t = Test::Mojo::WithRoles->new('Kalamar' => { |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 15 | Kalamar => { |
| 16 | plugins => ['Auth'] |
| 17 | }, |
| 18 | 'Kalamar-Auth' => { |
| 19 | client_id => 2, |
| 20 | client_secret => 'k414m4r-s3cr3t', |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 21 | oauth2 => 1, |
| 22 | experimental_client_registration => 1 |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 23 | } |
| 24 | }); |
| 25 | |
| 26 | # Mount fake backend |
| 27 | # Get the fixture path |
| 28 | my $fixtures_path = path(Mojo::File->new(__FILE__)->dirname, '..', 'server'); |
| 29 | my $fake_backend = $t->app->plugin( |
| 30 | Mount => { |
| 31 | $mount_point => |
| 32 | $fixtures_path->child('mock.pl') |
| 33 | } |
| 34 | ); |
| 35 | # Configure fake backend |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 36 | my $fake_backend_app = $fake_backend->pattern->defaults->{app}; |
| 37 | |
| 38 | # Set general app logger for simplicity |
| 39 | $fake_backend_app->log($t->app->log); |
| 40 | |
| 41 | my $access_token = $fake_backend_app->get_token('access_token'); |
| 42 | my $refresh_token = $fake_backend_app->get_token('refresh_token'); |
| 43 | my $access_token_2 = $fake_backend_app->get_token('access_token_2'); |
| 44 | my $refresh_token_2 = $fake_backend_app->get_token('refresh_token_2'); |
| 45 | |
| 46 | # Some routes to modify the session |
| 47 | # This expires the session |
| 48 | $t->app->routes->get('/x/expire')->to( |
| 49 | cb => sub { |
| 50 | my $c = shift; |
| 51 | $c->session(auth_exp => 0); |
| 52 | return $c->render(text => 'okay') |
| 53 | } |
| 54 | ); |
| 55 | |
| 56 | # This expires the session and removes the refresh token |
| 57 | $t->app->routes->get('/x/expire-no-refresh')->to( |
| 58 | cb => sub { |
| 59 | my $c = shift; |
| 60 | $c->session(auth_exp => 0); |
| 61 | delete $c->session->{auth_r}; |
| 62 | return $c->render(text => 'okay') |
| 63 | } |
| 64 | ); |
| 65 | |
| 66 | # This sets an invalid token |
| 67 | $t->app->routes->get('/x/invalid')->to( |
| 68 | cb => sub { |
| 69 | my $c = shift; |
| 70 | $c->session(auth_exp => time + 1000); |
| 71 | $c->session(auth_r => $refresh_token_2); |
| 72 | $c->session(auth => 'Bearer inv4lid'); |
| 73 | return $c->render(text => 'okay') |
| 74 | } |
| 75 | ); |
| 76 | |
| 77 | |
| 78 | # This sets an invalid token |
| 79 | $t->app->routes->get('/x/invalid-no-refresh')->to( |
| 80 | cb => sub { |
| 81 | my $c = shift; |
| 82 | $c->session(auth_exp => time + 1000); |
| 83 | delete $c->session->{auth_r}; |
| 84 | $c->session(auth => 'Bearer inv4lid'); |
| 85 | return $c->render(text => 'okay') |
| 86 | } |
| 87 | ); |
| 88 | |
| 89 | # This sets an invalid refresh token |
| 90 | $t->app->routes->get('/x/expired-with-wrong-refresh')->to( |
| 91 | cb => sub { |
| 92 | my $c = shift; |
| 93 | $c->session(auth_exp => 0); |
| 94 | $c->session(auth => 'Bearer inv4lid'); |
| 95 | $c->session(auth_r => 'inv4lid'); |
| 96 | return $c->render(text => 'okay') |
| 97 | } |
| 98 | ); |
| 99 | |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 100 | my $q = qr!(?:\"|")!; |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 101 | |
Akron | 63d963b | 2019-07-05 15:35:51 +0200 | [diff] [blame] | 102 | $t->get_ok('/realapi/v1.0') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 103 | ->status_is(200) |
| 104 | ->content_is('Fake server available'); |
| 105 | |
| 106 | $t->get_ok('/?q=Baum') |
| 107 | ->status_is(200) |
| 108 | ->text_like('h1 span', qr/KorAP: Find .Baum./i) |
| 109 | ->text_like('#total-results', qr/\d+$/) |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 110 | ->content_like(qr/${q}authorized${q}:null/) |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 111 | ->element_exists_not('div.button.top a') |
| 112 | ->element_exists_not('aside.active') |
| 113 | ->element_exists_not('aside.off') |
| 114 | ; |
| 115 | |
| 116 | $t->get_ok('/') |
| 117 | ->status_is(200) |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 118 | ->element_exists('form[action=/user/login] input[name=handle_or_email]') |
Uyen-Nhu Tran | 243fe73 | 2024-04-10 01:17:24 +0200 | [diff] [blame] | 119 | ->element_exists('aside') |
| 120 | ->element_exists('aside.invisible') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 121 | ; |
| 122 | |
Akron | ff08811 | 2021-06-15 15:26:04 +0200 | [diff] [blame] | 123 | $t->get_ok('/settings/oauth') |
| 124 | ->status_is(401) |
| 125 | ->text_is('p.no-results', 'Not authenticated') |
| 126 | ; |
| 127 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 128 | $t->get_ok('/settings/marketplace') |
| 129 | ->status_is(401) |
| 130 | ->text_is('p.no-results', 'Not authenticated') |
| 131 | ; |
| 132 | |
Akron | 3e0fdc1 | 2020-05-15 16:17:21 +0200 | [diff] [blame] | 133 | # Test for bug with long password |
| 134 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 135 | handle_or_email => 'test', |
Akron | 3e0fdc1 | 2020-05-15 16:17:21 +0200 | [diff] [blame] | 136 | pwd => 'kjskjhndkjndqknaskjnakjdnkjdankajdnkjdsankjdsakjdfkjahzroiuqzriudjoijdmlamdlkmdsalkmdl' }) |
| 137 | ->status_is(302) |
| 138 | ->header_is('Location' => '/'); |
| 139 | |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 140 | $t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' }) |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 141 | ->status_is(302) |
| 142 | ->header_is('Location' => '/'); |
| 143 | |
| 144 | $t->get_ok('/') |
| 145 | ->status_is(200) |
| 146 | ->element_exists('div.notify-error') |
| 147 | ->text_is('div.notify-error', 'Bad CSRF token') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 148 | ->element_exists('input[name=handle_or_email][value=test]') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 149 | ->element_exists_not('div.button.top a') |
| 150 | ; |
| 151 | |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 152 | $t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' }) |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 153 | ->status_is(302) |
| 154 | ->header_is('Location' => '/'); |
| 155 | |
| 156 | my $csrf = $t->get_ok('/') |
| 157 | ->status_is(200) |
| 158 | ->element_exists('div.notify-error') |
| 159 | ->text_is('div.notify-error', 'Bad CSRF token') |
| 160 | ->element_exists_not('div.button.top a') |
| 161 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 162 | ; |
| 163 | |
| 164 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 165 | handle_or_email => 'test', |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 166 | pwd => 'ldaperr', |
| 167 | csrf_token => $csrf |
| 168 | }) |
| 169 | ->status_is(302) |
| 170 | ->content_is('') |
| 171 | ->header_is('Location' => '/'); |
| 172 | |
| 173 | $csrf = $t->get_ok('/') |
| 174 | ->status_is(200) |
| 175 | ->element_exists('div.notify-error') |
| 176 | ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 177 | ->element_exists('input[name=handle_or_email][value=test]') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 178 | ->element_exists_not('div.button.top a') |
Akron | 3b3c7af | 2020-05-15 16:23:55 +0200 | [diff] [blame] | 179 | ->element_exists_not('div.notify-success') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 180 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 181 | ; |
| 182 | |
| 183 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 184 | handle_or_email => 'test', |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 185 | pwd => 'unknown', |
| 186 | csrf_token => $csrf |
| 187 | }) |
| 188 | ->status_is(302) |
| 189 | ->content_is('') |
| 190 | ->header_is('Location' => '/'); |
| 191 | |
| 192 | $csrf = $t->get_ok('/') |
| 193 | ->status_is(200) |
| 194 | ->element_exists('div.notify-error') |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 195 | ->text_is('div.notify-error', '2022: LDAP Authentication failed due to unknown user or password!') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 196 | ->element_exists('input[name=handle_or_email][value=test]') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 197 | ->element_exists_not('div.button.top a') |
| 198 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 199 | ; |
| 200 | |
| 201 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 202 | handle_or_email => 'test', |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 203 | pwd => 'pass', |
| 204 | csrf_token => $csrf |
| 205 | }) |
| 206 | ->status_is(302) |
| 207 | ->content_is('') |
| 208 | ->header_is('Location' => '/'); |
| 209 | |
| 210 | $t->get_ok('/') |
| 211 | ->status_is(200) |
| 212 | ->element_exists_not('div.notify-error') |
| 213 | ->element_exists('div.notify-success') |
| 214 | ->text_is('div.notify-success', 'Login successful') |
Akron | 1d09b53 | 2021-06-15 18:18:25 +0200 | [diff] [blame] | 215 | ->element_exists_not('aside.off') |
Akron | dc0b3ab | 2021-06-18 11:52:43 +0200 | [diff] [blame] | 216 | ->element_exists_not('aside.active') |
Akron | 1d09b53 | 2021-06-15 18:18:25 +0200 | [diff] [blame] | 217 | ->element_exists('aside.settings') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 218 | ; |
| 219 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 220 | # Now the user is logged in and should be able to |
| 221 | # search with authorization |
| 222 | $t->get_ok('/?q=Baum') |
| 223 | ->status_is(200) |
Akron | 4cefe1f | 2019-09-04 10:11:28 +0200 | [diff] [blame] | 224 | ->session_has('/auth') |
| 225 | ->session_is('/auth', 'Bearer ' . $access_token) |
| 226 | ->session_is('/auth_r', $refresh_token) |
| 227 | ->session_is('/user', 'test') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 228 | ->text_like('h1 span', qr/KorAP: Find .Baum./i) |
| 229 | ->text_like('#total-results', qr/\d+$/) |
| 230 | ->element_exists_not('div.notify-error') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 231 | ->content_like(qr/${q}authorized${q}:${q}yes${q}/) |
Uyen-Nhu Tran | 243fe73 | 2024-04-10 01:17:24 +0200 | [diff] [blame] | 232 | ->element_exists('nav.dropdown') |
| 233 | ->element_exists('a.dropdown-item.logout[title~="test"]') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 234 | ; |
| 235 | |
Akron | 27031aa | 2020-04-28 14:57:10 +0200 | [diff] [blame] | 236 | $t->get_ok('/?q=Paum') |
| 237 | ->status_is(200) |
| 238 | ->text_like('h1 span', qr/KorAP: Find .Paum./i) |
| 239 | ->text_is('#total-results', '') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 240 | ->content_like(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | 27031aa | 2020-04-28 14:57:10 +0200 | [diff] [blame] | 241 | ->element_exists_not('p.hint') |
| 242 | ; |
| 243 | |
Akron | cce055c | 2021-07-02 12:18:03 +0200 | [diff] [blame] | 244 | # Query with error |
| 245 | $t->get_ok('/?q=error') |
| 246 | ->status_is(400) |
| 247 | ->text_is('#notifications .notify-error','500: Internal Server Error') |
| 248 | ; |
Akron | 27031aa | 2020-04-28 14:57:10 +0200 | [diff] [blame] | 249 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 250 | # Logout |
| 251 | $t->get_ok('/user/logout') |
| 252 | ->status_is(302) |
Akron | 4cefe1f | 2019-09-04 10:11:28 +0200 | [diff] [blame] | 253 | ->session_hasnt('/auth') |
| 254 | ->session_hasnt('/auth_r') |
| 255 | ->session_hasnt('/user') |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 256 | ->header_is('Location' => '/'); |
| 257 | |
| 258 | $t->get_ok('/') |
| 259 | ->status_is(200) |
| 260 | ->element_exists_not('div.notify-error') |
| 261 | ->element_exists('div.notify-success') |
| 262 | ->text_is('div.notify-success', 'Logout successful') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 263 | ->element_exists("input[name=handle_or_email]") |
| 264 | ->element_exists("input[name=handle_or_email][value=test]") |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 265 | ; |
| 266 | |
| 267 | $t->get_ok('/?q=Baum') |
| 268 | ->status_is(200) |
| 269 | ->text_like('h1 span', qr/KorAP: Find .Baum./i) |
| 270 | ->text_like('#total-results', qr/\d+$/) |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 271 | ->content_like(qr/${q}authorized${q}:null/) |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 272 | ; |
| 273 | |
Akron | 27031aa | 2020-04-28 14:57:10 +0200 | [diff] [blame] | 274 | $t->get_ok('/?q=Paum') |
| 275 | ->status_is(200) |
| 276 | ->text_like('h1 span', qr/KorAP: Find .Paum./i) |
| 277 | ->text_is('#total-results', '') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 278 | ->content_like(qr/${q}authorized${q}:null/) |
Akron | 27031aa | 2020-04-28 14:57:10 +0200 | [diff] [blame] | 279 | ->text_is('p.hint', 'Maybe you need to log in first?') |
| 280 | ; |
| 281 | |
| 282 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 283 | # Get redirect |
| 284 | my $fwd = $t->get_ok('/?q=Baum&ql=poliqarp') |
| 285 | ->status_is(200) |
| 286 | ->element_exists_not('div.notify-error') |
| 287 | ->tx->res->dom->at('input[name=fwd]')->attr('value') |
| 288 | ; |
| 289 | |
| 290 | is($fwd, '/?q=Baum&ql=poliqarp', 'Redirect is valid'); |
| 291 | |
| 292 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 293 | handle_or_email => 'test', |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 294 | pwd => 'pass', |
| 295 | csrf_token => $csrf, |
| 296 | fwd => 'http://bad.example.com/test' |
| 297 | }) |
| 298 | ->status_is(302) |
| 299 | ->header_is('Location' => '/'); |
| 300 | |
| 301 | $t->get_ok('/') |
| 302 | ->status_is(200) |
| 303 | ->element_exists('div.notify-error') |
| 304 | ->element_exists_not('div.notify-success') |
| 305 | ->text_is('div.notify-error', 'Redirect failure') |
| 306 | ; |
| 307 | |
| 308 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 309 | handle_or_email => 'test', |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 310 | pwd => 'pass', |
| 311 | csrf_token => $csrf, |
| 312 | fwd => $fwd |
| 313 | }) |
| 314 | ->status_is(302) |
| 315 | ->header_is('Location' => '/?q=Baum&ql=poliqarp'); |
| 316 | |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 317 | $t->get_ok('/?q=Baum&ql=poliqarp') |
| 318 | ->status_is(200) |
| 319 | ->element_exists_not('div.notify-error') |
| 320 | ->element_exists('div.notify-success') |
| 321 | ->text_is('div.notify-success', 'Login successful') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 322 | ->session_has('/auth') |
| 323 | ->session_is('/auth', 'Bearer ' . $access_token) |
| 324 | ->session_is('/auth_r', $refresh_token) |
| 325 | ->header_isnt('X-Kalamar-Cache', 'true') |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 326 | ; |
| 327 | |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 328 | # Expire the session |
| 329 | # (makes the token be marked as expired - though it isn't serverside) |
| 330 | $t->get_ok('/x/expire') |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 331 | ->status_is(200) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 332 | ->content_is('okay') |
| 333 | ; |
| 334 | |
| 335 | ## It may be a problem, but the cache is still valid |
| 336 | $t->get_ok('/?q=Baum') |
| 337 | ->status_is(200) |
| 338 | ->text_like('h1 span', qr/KorAP: Find .Baum./i) |
| 339 | ->text_like('#total-results', qr/\d+$/) |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 340 | ->content_like(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 341 | ->header_is('X-Kalamar-Cache', 'true') |
| 342 | ; |
| 343 | |
| 344 | # Query without partial cache (unfortunately) (but no total results) |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 345 | my $err = $t->get_ok('/?q=baum&cutoff=true') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 346 | ->status_is(200) |
| 347 | ->session_is('/auth', 'Bearer ' . $access_token_2) |
| 348 | ->session_is('/auth_r', $refresh_token_2) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 349 | ->text_is('title', 'KorAP: Find »baum« with Poliqarp') |
| 350 | ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]') |
| 351 | ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 352 | ->content_like(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 353 | ->header_isnt('X-Kalamar-Cache', 'true') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 354 | ->content_like(qr!${q}cutOff${q}:true!) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 355 | ->element_exists_not('#total-results') |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 356 | ->tx->res->dom->at('#error') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 357 | ; |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 358 | is(defined $err ? $err->text : '', ''); |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 359 | |
| 360 | # Expire the session and remove the refresh option |
| 361 | $t->get_ok('/x/expire-no-refresh') |
| 362 | ->status_is(200) |
| 363 | ->content_is('okay') |
| 364 | ; |
| 365 | |
| 366 | $t->app->defaults(no_cache => 1); |
| 367 | |
| 368 | |
| 369 | $t->get_ok('/x/invalid-no-refresh') |
| 370 | ->status_is(200) |
| 371 | ->content_is('okay') |
| 372 | ; |
| 373 | |
| 374 | # Query without cache |
| 375 | # The token is invalid and can't be refreshed! |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 376 | $err = $t->get_ok('/?q=baum&cutoff=true') |
Akron | 3c390c4 | 2020-03-30 09:06:21 +0200 | [diff] [blame] | 377 | ->status_is(400) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 378 | ->session_hasnt('/auth') |
| 379 | ->session_hasnt('/auth_r') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 380 | ->text_is('div.notify-error','Access token invalid') |
| 381 | ->text_is('title', 'KorAP: Find »baum« with Poliqarp') |
| 382 | ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]') |
| 383 | ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 384 | ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 385 | ->header_isnt('X-Kalamar-Cache', 'true') |
| 386 | ->element_exists('p.no-results') |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 387 | ->tx->res->dom->at('#error') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 388 | ; |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 389 | is(defined $err ? $err->text : '', ''); |
| 390 | |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 391 | |
| 392 | $t->get_ok('/x/invalid') |
| 393 | ->status_is(200) |
| 394 | ->content_is('okay') |
| 395 | ; |
| 396 | |
| 397 | # Query without cache |
| 398 | # The token is invalid and can't be refreshed! |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 399 | $err = $t->get_ok('/?q=baum&cutoff=true') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 400 | ->status_is(200) |
| 401 | ->session_is('/auth', 'Bearer ' . $access_token_2) |
| 402 | ->session_is('/auth_r', $refresh_token_2) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 403 | ->element_exists_not('div.notify-error','Access token invalid') |
| 404 | ->text_is('title', 'KorAP: Find »baum« with Poliqarp') |
| 405 | ->element_exists('meta[name="DC.title"][content="KorAP: Find »baum« with Poliqarp"]') |
| 406 | ->element_exists('body[itemscope][itemtype="http://schema.org/SearchResultsPage"]') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 407 | ->content_like(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 408 | ->header_isnt('X-Kalamar-Cache', 'true') |
| 409 | ->element_exists_not('p.no-results') |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 410 | ->tx->res->dom->at('#error') |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 411 | ; |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 412 | is(defined $err ? $err->text : '', ''); |
Akron | 8bbbecf | 2019-07-01 18:57:30 +0200 | [diff] [blame] | 413 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 414 | |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 415 | $t->get_ok('/x/expired-with-wrong-refresh') |
| 416 | ->status_is(200) |
| 417 | ->content_is('okay') |
| 418 | ; |
Akron | 4796e00 | 2019-07-05 10:13:15 +0200 | [diff] [blame] | 419 | |
Akron | 4796e00 | 2019-07-05 10:13:15 +0200 | [diff] [blame] | 420 | |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 421 | # The token is invalid and can't be refreshed! |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 422 | my $dom = $t->get_ok('/?q=baum&cutoff=true') |
Akron | 3c390c4 | 2020-03-30 09:06:21 +0200 | [diff] [blame] | 423 | ->status_is(400) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 424 | ->session_hasnt('/auth') |
| 425 | ->session_hasnt('/auth_r') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 426 | ->text_is('div.notify-error','Refresh token is expired') |
| 427 | ->text_is('title', 'KorAP: Find »baum« with Poliqarp') |
Akron | bc6b3f2 | 2021-01-13 14:53:12 +0100 | [diff] [blame] | 428 | ->content_unlike(qr/${q}authorized${q}:${q}yes${q}/) |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 429 | ->element_exists('p.no-results') |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 430 | ->tx->res->dom; |
| 431 | |
| 432 | $csrf = $dom->at('input[name="csrf_token"]') |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 433 | ->attr('value') |
Akron | cdfd9d5 | 2019-07-23 11:35:00 +0200 | [diff] [blame] | 434 | ; |
Akron | 4796e00 | 2019-07-05 10:13:15 +0200 | [diff] [blame] | 435 | |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 436 | $err = $dom->at('#error'); |
| 437 | is(defined $err ? $err->text : '', ''); |
| 438 | |
| 439 | |
Akron | 6a228db | 2021-10-14 15:57:00 +0200 | [diff] [blame] | 440 | # This should fail |
| 441 | my $wide_char_login = "\x{61}\x{E5}\x{61}"; # "\x{443}\x{434}"; |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 442 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 443 | handle_or_email => $wide_char_login, |
Akron | 6a228db | 2021-10-14 15:57:00 +0200 | [diff] [blame] | 444 | pwd => 'pass', |
| 445 | csrf_token => $csrf, |
| 446 | fwd => $fwd |
| 447 | }) |
| 448 | ->status_is(302) |
| 449 | ->header_is('Location' => '/'); |
| 450 | |
| 451 | $t->get_ok('/') |
| 452 | ->status_is(200) |
| 453 | ->element_exists('div.notify-error') |
| 454 | ->text_is('div.notify-error', 'Invalid character in request') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 455 | ->element_exists('input[name=handle_or_email]:not([value])') |
Akron | 6a228db | 2021-10-14 15:57:00 +0200 | [diff] [blame] | 456 | ->element_exists_not('div.button.top a') |
| 457 | ; |
| 458 | |
| 459 | # Login: |
| 460 | # UTF8 request |
| 461 | my $username = b('täst')->encode; |
| 462 | $t->post_ok('/user/login' => form => { |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 463 | handle_or_email => $username, |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 464 | pwd => 'pass', |
| 465 | csrf_token => $csrf |
| 466 | }) |
| 467 | ->status_is(302) |
| 468 | ->content_is('') |
| 469 | ->header_is('Location' => '/'); |
| 470 | |
| 471 | $t->get_ok('/') |
| 472 | ->status_is(200) |
Akron | 78e0b6f | 2023-04-12 12:50:29 +0200 | [diff] [blame] | 473 | ->content_type_is('text/html;charset=UTF-8') |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 474 | ->element_exists_not('div.notify-error') |
| 475 | ->element_exists('div.notify-success') |
| 476 | ->text_is('div.notify-success', 'Login successful') |
Akron | 78e0b6f | 2023-04-12 12:50:29 +0200 | [diff] [blame] | 477 | # Weird error in certain environments otherwise |
| 478 | ->attr_like('a.logout', 'title', qr!^Logout: t.+st$!) |
Akron | 1d09b53 | 2021-06-15 18:18:25 +0200 | [diff] [blame] | 479 | ->element_exists_not('aside.off') |
Akron | dc0b3ab | 2021-06-18 11:52:43 +0200 | [diff] [blame] | 480 | ->element_exists_not('aside.active') |
Akron | 1d09b53 | 2021-06-15 18:18:25 +0200 | [diff] [blame] | 481 | ->element_exists('aside.settings') |
Uyen-Nhu Tran | 94f93b0 | 2024-11-20 20:17:57 +0100 | [diff] [blame] | 482 | ->text_is('nav.dropdown a:first-child span','OAuth') |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 483 | ; |
| 484 | |
Uyen-Nhu Tran | 94f93b0 | 2024-11-20 20:17:57 +0100 | [diff] [blame] | 485 | |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 486 | $t->get_ok('/settings/oauth') |
| 487 | ->text_is('form.form-table legend', 'Register new client application') |
| 488 | ->attr_is('form.oauth-register','action', '/settings/oauth/register') |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 489 | ->text_is('label[for=name]','Name of the client application') |
| 490 | ->text_is('label[for=type]','Type of the client application') |
| 491 | ->text_is('label[for=desc]','Short description') |
| 492 | ->text_is('label[for=url]','Homepage') |
| 493 | ->text_is('label[for=redirect_uri]','Redirect URI') |
| 494 | ->text_is('label[for=src]','Declaration of the plugin (*.json file)') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 495 | ->element_exists('ul.client-list') |
| 496 | ->element_exists_not('ul.client-list > li') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 497 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 498 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 499 | ->header_is('Pragma','no-cache') |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 500 | ; |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 501 | |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 502 | my $loglines = ''; |
| 503 | $t->app->log->on( |
| 504 | message => sub { |
| 505 | my ($log, $level, @lines) = @_; |
| 506 | if ($level eq 'warn') { |
| 507 | $loglines = join ',', @lines; |
| 508 | }; |
| 509 | }); |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 510 | |
| 511 | $t->get_ok('/settings/marketplace') |
| 512 | ->status_is(200) |
| 513 | ->text_is('html head title' => 'Marketplace') |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 514 | ->element_exists_not('ul.plugin_list') |
| 515 | ->element_exists_not('ul.plugin_in-list') |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 516 | ; |
| 517 | |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 518 | is($loglines, '', 'Check log is fine'); |
| 519 | |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 520 | $csrf = $t->post_ok('/settings/oauth/register' => form => { |
| 521 | name => 'MyApp', |
| 522 | type => 'PUBLIC', |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 523 | desc => 'This is my plugin application' |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 524 | }) |
| 525 | ->text_is('div.notify-error', 'Bad CSRF token') |
| 526 | ->tx->res->dom->at('input[name="csrf_token"]') |
| 527 | ->attr('value') |
| 528 | ; |
| 529 | |
| 530 | $t->post_ok('/settings/oauth/register' => form => { |
| 531 | name => 'MyApp', |
Akron | 99968a9 | 2022-06-03 12:32:07 +0200 | [diff] [blame] | 532 | type => 'PUBLIC', |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 533 | desc => 'This is my plugin application', |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 534 | csrf_token => $csrf, |
| 535 | src => { |
| 536 | filename => '', |
| 537 | content => '' |
| 538 | } |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 539 | }) |
| 540 | ->status_is(200) |
| 541 | ->element_exists('div.notify-success') |
| 542 | ->text_is('legend', 'Client Credentials') |
| 543 | ->text_is('label[for=client_id]', 'ID of the client application') |
| 544 | ->element_exists('input[name=client_id][readonly][value]') |
Akron | 99968a9 | 2022-06-03 12:32:07 +0200 | [diff] [blame] | 545 | ->element_exists_not('input[name=client_secret][readonly][value]') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 546 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 547 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 548 | ->header_is('Pragma','no-cache') |
Akron | 5999212 | 2019-10-29 11:28:45 +0100 | [diff] [blame] | 549 | ; |
Akron | 4796e00 | 2019-07-05 10:13:15 +0200 | [diff] [blame] | 550 | |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 551 | my $anchor = $t->get_ok('/settings/oauth') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 552 | ->text_is('.form-table legend', 'Register new client application') |
| 553 | ->attr_is('.oauth-register','action', '/settings/oauth/register') |
Akron | 17de86e | 2020-04-16 16:03:40 +0200 | [diff] [blame] | 554 | ->text_is('ul.client-list > li > span.client-name a', 'MyApp') |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 555 | ->text_is('ul.client-list > li > p.client-desc', 'This is my plugin application') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 556 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 557 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 558 | ->header_is('Pragma','no-cache') |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 559 | ->tx->res->dom->at('ul.client-list > li > p.client-url a') |
Akron | 17de86e | 2020-04-16 16:03:40 +0200 | [diff] [blame] | 560 | ; |
Akron | 58c6099 | 2021-09-07 13:11:43 +0200 | [diff] [blame] | 561 | is(defined $anchor ? $anchor->text : '', ''); |
Akron | 17de86e | 2020-04-16 16:03:40 +0200 | [diff] [blame] | 562 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 563 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | 17de86e | 2020-04-16 16:03:40 +0200 | [diff] [blame] | 564 | ->status_is(200) |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 565 | ->text_is('ul.client-list > li.client > span.client-name', 'MyApp') |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 566 | ->text_is('ul.client-list > li.client > p.client-desc', 'This is my plugin application') |
Akron | 17de86e | 2020-04-16 16:03:40 +0200 | [diff] [blame] | 567 | ->text_is('a.client-unregister', 'Unregister') |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 568 | ->attr_is('a.client-unregister', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 569 | ; |
| 570 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 571 | $csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 572 | ->content_like(qr!Do you really want to unregister \<span class="client-name"\>MyApp\<\/span\>?!) |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 573 | ->attr_is('.form-table input[name=client-name]', 'value', 'MyApp') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 574 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 575 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 576 | ->header_is('Pragma','no-cache') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 577 | ->tx->res->dom->at('input[name="csrf_token"]') |
| 578 | ->attr('value') |
| 579 | ; |
| 580 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 581 | $t->post_ok('/settings/oauth/xxxx==/unregister' => form => { |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 582 | 'client-name' => 'MyApp', |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 583 | 'csrf_token' => $csrf |
| 584 | })->status_is(302) |
| 585 | ->content_is('') |
| 586 | ->header_is('Location' => '/settings/oauth') |
| 587 | ; |
| 588 | |
| 589 | $t->get_ok('/settings/oauth') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 590 | ->text_is('.form-table legend', 'Register new client application') |
| 591 | ->attr_is('.oauth-register','action', '/settings/oauth/register') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 592 | ->element_exists('ul.client-list > li') |
| 593 | ->text_is('div.notify', 'Unknown client with xxxx==.') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 594 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 595 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 596 | ->header_is('Pragma','no-cache') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 597 | ; |
| 598 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 599 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister' => form => { |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 600 | 'client-name' => 'MyApp', |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 601 | 'csrf_token' => $csrf |
| 602 | })->status_is(302) |
| 603 | ->content_is('') |
| 604 | ->header_is('Location' => '/settings/oauth') |
| 605 | ; |
| 606 | |
| 607 | $t->get_ok('/settings/oauth') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 608 | ->text_is('.form-table legend', 'Register new client application') |
| 609 | ->attr_is('.oauth-register','action', '/settings/oauth/register') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 610 | ->element_exists_not('ul.client-list > li') |
| 611 | ->text_is('div.notify-success', 'Successfully deleted MyApp') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 612 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 613 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 614 | ->header_is('Pragma','no-cache') |
Akron | 1a9d5be | 2020-03-19 17:28:33 +0100 | [diff] [blame] | 615 | ; |
| 616 | |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 617 | $t->post_ok('/settings/oauth/register' => form => { |
| 618 | name => 'MyApp2', |
| 619 | type => 'PUBLIC', |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 620 | desc => 'This is my plugin application', |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 621 | csrf_token => $csrf |
| 622 | })->status_is(200) |
| 623 | ->element_exists('div.notify-success') |
| 624 | ->text_is('legend', 'Client Credentials') |
| 625 | ->text_is('label[for=client_id]', 'ID of the client application') |
| 626 | ->element_exists('input[name=client_id][readonly][value]') |
| 627 | ->element_exists_not('input[name=client_secret][readonly][value]') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 628 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 629 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 630 | ->header_is('Pragma','no-cache') |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 631 | ->element_exists('.client-issue-token') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 632 | ; |
| 633 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 634 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 635 | ->text_is('.client-name', 'MyApp2') |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 636 | ->text_is('.client-desc', 'This is my plugin application') |
Akron | e997bb5 | 2021-06-11 16:44:06 +0200 | [diff] [blame] | 637 | ->text_is('.client-issue-token', 'Issue new token') |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 638 | ->attr_is('.client-issue-token', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 639 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 640 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 641 | ->header_is('Pragma','no-cache') |
Akron | e997bb5 | 2021-06-11 16:44:06 +0200 | [diff] [blame] | 642 | ->text_is('ul.token-list label[for=token]', 'Access Token') |
| 643 | ->text_is('p[name=created]', 'Created at ') |
| 644 | ->text_is('p[name=expires]', 'Expires in 31533851 seconds.') |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 645 | ->element_exists('.client-issue-token') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 646 | ; |
| 647 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 648 | $csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 649 | ->status_is(200) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 650 | ->attr_is('#issue-token','action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 651 | ->attr_is('input[name=client-id]', 'value', 'fCBbQkA2NDA3MzM1Yw==') |
| 652 | ->attr_is('input[name=name]', 'value', 'MyApp2') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 653 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 654 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 655 | ->header_is('Pragma','no-cache') |
Akron | e997bb5 | 2021-06-11 16:44:06 +0200 | [diff] [blame] | 656 | ->text_is('a.button-abort', 'Abort') |
| 657 | ->attr_is('#issue-token input[type=submit]', 'value', 'Issue new token') |
| 658 | ->content_like(qr!Issue a new token for!) |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 659 | ->tx->res->dom->at('input[name="csrf_token"]') |
| 660 | ->attr('value') |
| 661 | ; |
| 662 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 663 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token' => form => { |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 664 | csrf_token => $csrf, |
| 665 | name => 'MyApp2', |
| 666 | 'client-id' => 'fCBbQkA2NDA3MzM1Yw==' |
| 667 | }) |
Akron | bc94a9c | 2021-04-15 00:07:35 +0200 | [diff] [blame] | 668 | ->status_is(302) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 669 | ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | bc94a9c | 2021-04-15 00:07:35 +0200 | [diff] [blame] | 670 | ; |
| 671 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 672 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
| 673 | ->status_is(200) |
Akron | bc94a9c | 2021-04-15 00:07:35 +0200 | [diff] [blame] | 674 | ->text_is('div.notify-success', 'New access token created') |
Akron | ad011bb | 2021-06-10 12:16:36 +0200 | [diff] [blame] | 675 | ->status_is(200) |
| 676 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 677 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 678 | ->header_is('Pragma','no-cache') |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 679 | ; |
| 680 | |
Akron | e3daaeb | 2023-05-08 09:44:18 +0200 | [diff] [blame] | 681 | $t->post_ok('/settings/oauth/307/token' => form => { |
| 682 | csrf_token => $csrf, |
| 683 | name => 'MyApp2', |
| 684 | }) |
| 685 | ->status_is(302) |
| 686 | ->header_is('Location','/settings/oauth/307') |
| 687 | ; |
| 688 | |
| 689 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
| 690 | ->status_is(200) |
| 691 | ->text_is('div.notify-success', 'New access token created') |
| 692 | ->status_is(200) |
| 693 | ->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate') |
| 694 | ->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT') |
| 695 | ->header_is('Pragma','no-cache') |
| 696 | ; |
| 697 | |
| 698 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 699 | $csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 700 | ->status_is(200) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 701 | ->attr_is('form.token-revoke', 'action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 702 | ->attr_is('form.token-revoke input[name=token]', 'value', 'jhkhkjhk_hjgjsfz67i') |
| 703 | ->attr_is('form.token-revoke input[name=name]', 'value', 'MyApp2') |
| 704 | ->tx->res->dom->at('input[name="csrf_token"]') |
| 705 | ->attr('value') |
| 706 | ; |
| 707 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 708 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke' => form => { |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 709 | csrf_token => $csrf, |
| 710 | name => 'MyApp2', |
| 711 | token => 'jhkhkjhk_hjgjsfz67i' |
| 712 | }) |
| 713 | ->status_is(200) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 714 | ->attr_is('form#revoke-token','action','/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 715 | ->attr_is('form#revoke-token','method','POST') |
| 716 | ->attr_is('form#revoke-token input[name=token]','value','jhkhkjhk_hjgjsfz67i') |
Akron | e997bb5 | 2021-06-11 16:44:06 +0200 | [diff] [blame] | 717 | ->text_is('a.button-abort', 'Abort') |
| 718 | ->attr_is('#revoke-token input[type=submit]', 'value', 'Revoke') |
| 719 | ->content_like(qr!Revoke a token for!) |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 720 | ; |
| 721 | |
| 722 | |
| 723 | # CSRF missing |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 724 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => { |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 725 | name => 'MyApp2', |
| 726 | token => 'jhkhkjhk_hjgjsfz67i' |
| 727 | })->status_is(302) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 728 | ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 729 | ; |
| 730 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 731 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 732 | ->element_exists_not('div.notify-success') |
| 733 | ->text_is('div.notify-error', 'Bad CSRF token') |
| 734 | ; |
| 735 | |
| 736 | # Token missing |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 737 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => { |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 738 | name => 'MyApp2', |
| 739 | csrf_token => $csrf, |
| 740 | })->status_is(302) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 741 | ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 742 | ; |
| 743 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 744 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 745 | ->element_exists_not('div.notify-success') |
| 746 | ->text_is('div.notify-error', 'Some fields are invalid') |
| 747 | ; |
| 748 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 749 | $t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => { |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 750 | name => 'MyApp2', |
| 751 | csrf_token => $csrf, |
| 752 | token => 'jhkhkjhk_hjgjsfz67i' |
| 753 | })->status_is(302) |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 754 | ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 755 | ; |
| 756 | |
Akron | 041ca4d | 2021-06-10 11:52:51 +0200 | [diff] [blame] | 757 | $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==') |
Akron | c1aaf93 | 2021-06-09 12:19:15 +0200 | [diff] [blame] | 758 | ->element_exists_not('div.notify-error') |
| 759 | ->text_is('div.notify-success', 'Token was revoked successfully') |
| 760 | ; |
Akron | 83209f7 | 2021-01-29 17:54:15 +0100 | [diff] [blame] | 761 | |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 762 | $t->app->routes->get('/x/redirect-target')->to( |
| 763 | cb => sub { |
| 764 | my $c = shift; |
| 765 | return $c->render(text => 'redirected'); |
| 766 | } |
| 767 | ); |
| 768 | |
| 769 | $csrf = $t->post_ok('/settings/oauth/register' => form => { |
| 770 | name => 'MyConfApp', |
| 771 | type => 'CONFIDENTIAL', |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 772 | desc => 'This is my plugin application', |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 773 | }) |
| 774 | ->text_is('div.notify-error', 'Bad CSRF token') |
| 775 | ->tx->res->dom->at('input[name="csrf_token"]') |
| 776 | ->attr('value') |
| 777 | ; |
| 778 | |
| 779 | $t->post_ok('/settings/oauth/register' => form => { |
| 780 | name => 'MyConfApp', |
| 781 | type => 'CONFIDENTIAL', |
| 782 | desc => 'This is my confidential application', |
| 783 | csrf_token => $csrf, |
| 784 | redirect_uri => 'http://localhost/redirect-target' |
| 785 | }) |
| 786 | ->text_is('div.notify-error', undef) |
| 787 | ->text_is('li.client span.client-name', 'MyConfApp') |
| 788 | ->text_is('li.client p.client-desc', 'This is my confidential application') |
| 789 | ->text_is('li.client .client-redirect-uri tt', 'http://localhost/redirect-target') |
| 790 | ->text_is('li.client .client-type tt', 'CONFIDENTIAL') |
| 791 | ->element_exists_not('.client-issue-token') |
| 792 | ; |
| 793 | |
| 794 | $t->post_ok('/settings/oauth/register' => form => { |
| 795 | name => 'MyConfApp2', |
| 796 | type => 'CONFIDENTIAL', |
| 797 | desc => 'This is my second confidential application', |
| 798 | csrf_token => $csrf, |
| 799 | redirect_uri => 'http://localhost/FAIL' |
| 800 | }) |
| 801 | ->status_is(302) |
| 802 | ->header_is('location','/settings/oauth/') |
| 803 | ; |
| 804 | |
| 805 | $t->get_ok('/settings/oauth/') |
| 806 | ->text_is('div.notify-error', 'invalid_request: http://localhost/FAIL is invalid.') |
| 807 | ; |
| 808 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 809 | # OAuth client authorization flow |
| 810 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')) |
| 811 | ->status_is(302) |
Akron | 5ea0f5d | 2023-01-20 11:51:43 +0100 | [diff] [blame] | 812 | ->header_is('location','/settings/oauth') |
| 813 | ; |
| 814 | |
| 815 | $t->get_ok('/settings/oauth/') |
Akron | 2c142ab | 2023-01-30 13:21:57 +0100 | [diff] [blame] | 816 | ->text_is('div.notify-error', 'Client ID required') |
| 817 | ; |
| 818 | |
| 819 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=xyz')) |
| 820 | ->status_is(302) |
| 821 | ->header_is('location','/settings/oauth') |
| 822 | ; |
| 823 | |
| 824 | $t->get_ok('/settings/oauth/') |
| 825 | ->text_is('div.notify-error', 'Scope required') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 826 | ; |
| 827 | |
Akron | db1f467 | 2023-01-24 12:05:07 +0100 | [diff] [blame] | 828 | # OAuth client authorization flow |
| 829 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=abc')) |
| 830 | ->status_is(302) |
| 831 | ->header_is('location','/settings/oauth') |
| 832 | ; |
| 833 | |
| 834 | $t->get_ok('/settings/oauth/') |
Akron | 2c142ab | 2023-01-30 13:21:57 +0100 | [diff] [blame] | 835 | ->text_is('div.notify-error', 'Scope required') |
| 836 | ; |
| 837 | |
| 838 | # OAuth client authorization flow |
| 839 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=abc&scope=match')) |
| 840 | ->status_is(302) |
| 841 | ->header_is('location','/settings/oauth') |
| 842 | ; |
| 843 | |
| 844 | $t->get_ok('/settings/oauth/') |
Akron | db1f467 | 2023-01-24 12:05:07 +0100 | [diff] [blame] | 845 | ->text_is('div.notify-error', 'Unknown client with abc.') |
| 846 | ; |
| 847 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 848 | # Logout |
| 849 | $t->get_ok('/x/expired-with-wrong-refresh'); |
| 850 | |
| 851 | $t->get_ok('/user/logout') |
| 852 | ->status_is(302) |
| 853 | ->session_hasnt('/auth') |
| 854 | ->session_hasnt('/auth_r') |
| 855 | ->session_hasnt('/user') |
| 856 | ->header_is('Location' => '/'); |
| 857 | |
Akron | 001dcd2 | 2023-02-07 08:38:11 +0100 | [diff] [blame] | 858 | $t->get_ok('/') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 859 | ->status_is(200) |
| 860 | ->element_exists_not('div.notify-error') |
| 861 | ->element_exists('div.notify-success') |
| 862 | ->text_is('div.notify-success', 'Logout successful') |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 863 | ->element_exists("input[name=handle_or_email]") |
Akron | 001dcd2 | 2023-02-07 08:38:11 +0100 | [diff] [blame] | 864 | ; |
| 865 | |
| 866 | # OAuth client authorization flow - but user not logged in |
| 867 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')) |
| 868 | ->status_is(302) |
| 869 | ->header_is('location','/') |
| 870 | ; |
| 871 | |
| 872 | $csrf = $t->get_ok('/') |
| 873 | ->status_is(200) |
| 874 | ->element_exists('div.notify-error') |
| 875 | ->element_exists_not('div.notify-success') |
| 876 | ->text_is('div.notify-error', 'Client ID required') |
| 877 | ->element_exists("input[name=handle_or_email]") |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 878 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 879 | ; |
| 880 | |
Akron | 408bc7c | 2022-04-28 15:46:43 +0200 | [diff] [blame] | 881 | $fake_backend_app->add_client({ |
| 882 | "client_id" => 'xyz', |
| 883 | "client_name" => 'New added client', |
| 884 | "client_description" => 'This is a new client', |
| 885 | "client_url" => 'http://example.com', |
| 886 | "client_type" => 'CONFIDENTIAL' |
| 887 | # "client_redirect_uri" => $redirect_uri |
| 888 | }); |
| 889 | |
Akron | 0cbcc07 | 2024-10-08 14:04:42 +0200 | [diff] [blame] | 890 | $fake_backend_app->add_client({ |
| 891 | "client_id" => 'xyz-public', |
| 892 | "client_name" => 'New added public client', |
| 893 | "client_description" => 'This is a new public client', |
| 894 | "client_url" => 'http://example.com', |
| 895 | "client_type" => 'PUBLIC' |
| 896 | # "client_redirect_uri" => $redirect_uri |
| 897 | }); |
| 898 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 899 | |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 900 | $fake_backend_app->add_client({ |
| 901 | "client_id" => 'xyz2', |
| 902 | "client_name" => 'New added client', |
| 903 | "client_description" => 'This is a new client', |
| 904 | "client_url" => 'http://example.com', |
| 905 | "client_type" => 'CONFIDENTIAL', |
| 906 | "client_redirect_uri" => 'http://redirect.url/' |
| 907 | }); |
| 908 | |
Akron | eb39cf3 | 2023-04-03 14:40:48 +0200 | [diff] [blame] | 909 | $t->get_ok('/settings/oauth/xyz2') |
| 910 | ->status_is(200) |
| 911 | ->text_is('li.client span.client-name','New added client') |
| 912 | ->attr_is('li.client p.client-url a','href','http://example.com') |
| 913 | ->attr_is('li.client input[name=client_id]','value','xyz2') |
| 914 | ->element_exists('li.client p.client-type-confidential') |
| 915 | ->text_is('li.client p.client-redirect-uri tt','http://redirect.url/') |
| 916 | ; |
| 917 | |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 918 | $fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 919 | client_id => 'xyz2', |
| 920 | scope => 'search match', |
| 921 | redirect_uri => 'http://test.com/', |
| 922 | })) |
| 923 | ->status_is(200) |
| 924 | ->text_is('div.notify-warn', 'redirect_uri host differs from registered host') |
| 925 | ->element_exists_not('div.notify-error') |
| 926 | ->element_exists_not('div.notify-success') |
| 927 | ->element_exists("input[name=handle_or_email]") |
| 928 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 929 | ; |
| 930 | |
| 931 | $fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 932 | client_id => 'xyz2', |
| 933 | scope => 'search match', |
| 934 | redirect_uri => 'http://redirect.url:9000/', |
| 935 | })) |
| 936 | ->status_is(200) |
| 937 | ->text_is('div.notify-warn', 'redirect_uri port differs from registered port') |
| 938 | ->element_exists_not('div.notify-error') |
| 939 | ->element_exists_not('div.notify-success') |
| 940 | ->element_exists("input[name=handle_or_email]") |
| 941 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 942 | ; |
| 943 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 944 | |
| 945 | $fake_backend_app->add_plugin({ |
| 946 | "source" => {"key1" => 'wert1', "key2" => 'wert2'}, |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 947 | "client_id" => '52abc', |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 948 | "permitted" => 'true', |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 949 | "client_name" => 'Plugin 1', |
| 950 | "client_type" => 'CONFIDENTIAL', |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 951 | "client_description" => 'Description Plugin 1', |
| 952 | "client_url" => 'http://example.client.de', |
| 953 | "registration_date" => '2022-05-31T14:30:09+02:00[Europe/Berlin]', |
Helge | 216a482 | 2024-06-17 12:02:34 +0200 | [diff] [blame] | 954 | "registered_by" => 'testuser', |
| 955 | "refresh_token_expiry" => '7776000', |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 956 | }); |
| 957 | |
| 958 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 959 | $fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 960 | client_id => 'xyz', |
| 961 | state => 'abcde', |
| 962 | scope => 'search match', |
| 963 | redirect_uri => 'http://test.com/', |
| 964 | })) |
| 965 | ->status_is(200) |
| 966 | ->attr_is('input[name=client_id]','value','xyz') |
| 967 | ->attr_is('input[name=state]','value','abcde') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 968 | ->attr_like('input[name=fwd]','value',qr!test\.com!) |
Akron | 408bc7c | 2022-04-28 15:46:43 +0200 | [diff] [blame] | 969 | ->text_is('span.client-name','New added client') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 970 | ->text_is('div.intro p:nth-child(2)', 'Please log in!') |
| 971 | ->tx->res->dom->at('input[name=fwd]')->attr('value') |
| 972 | ; |
| 973 | |
| 974 | $fwd = $t->post_ok(Mojo::URL->new('/user/login')->query({ |
| 975 | csrf_token => $csrf, |
| 976 | client_id => 'xyz', |
| 977 | state => 'abcde', |
| 978 | scope => 'search match', |
| 979 | redirect_uri => 'http://test.com/', |
Akron | 9fa7cc5 | 2022-05-12 11:17:20 +0200 | [diff] [blame] | 980 | handle_or_email => 'test', |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 981 | pwd => 'pass', |
| 982 | fwd => $fwd |
| 983 | })) |
| 984 | ->status_is(302) |
| 985 | ->header_like('location', qr!/settings/oauth/authorize!) |
| 986 | ->tx->res->headers->header('location') |
| 987 | ; |
| 988 | |
| 989 | $t->get_ok($fwd) |
| 990 | ->status_is(200) |
| 991 | ->attr_is('input[name=client_id]','value','xyz') |
| 992 | ->attr_is('input[name=state]','value','abcde') |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 993 | ->attr_like('input[name=redirect_uri]','value', qr!^http://test\.com\/\?crto=.{3,}!) |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 994 | ->text_is('ul#scopes li:nth-child(1)','search') |
| 995 | ->text_is('ul#scopes li:nth-child(2)','match') |
Akron | 408bc7c | 2022-04-28 15:46:43 +0200 | [diff] [blame] | 996 | ->text_is('span.client-name','New added client') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 997 | ->attr_is('a.form-button','href','http://test.com/') |
| 998 | ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar') |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 999 | ->element_exists_not('div.notify-error') |
| 1000 | ->element_exists_not('div.notify-warn') |
| 1001 | ->element_exists_not('blockquote.warning') |
Akron | 0cbcc07 | 2024-10-08 14:04:42 +0200 | [diff] [blame] | 1002 | ->text_is('h2 + p', ' wants to have access') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1003 | ; |
| 1004 | |
Akron | 0cbcc07 | 2024-10-08 14:04:42 +0200 | [diff] [blame] | 1005 | $fwd = $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1006 | client_id => 'xyz-public', |
| 1007 | state => 'abcde', |
| 1008 | scope => 'search match', |
| 1009 | redirect_uri => 'http://test.com/', |
| 1010 | })) |
| 1011 | ->status_is(200) |
| 1012 | ->attr_is('input[name=client_id]','value','xyz-public') |
| 1013 | ->attr_is('input[name=state]','value','abcde') |
| 1014 | ->attr_like('input[name=redirect_uri]','value', qr!^http://test\.com\/\?crto=.{3,}!) |
| 1015 | ->text_is('ul#scopes li:nth-child(1)','search') |
| 1016 | ->text_is('ul#scopes li:nth-child(2)','match') |
| 1017 | ->text_is('span.client-name','New added public client') |
| 1018 | ->attr_is('a.form-button','href','http://test.com/') |
| 1019 | ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar') |
| 1020 | ->element_exists_not('div.notify-error') |
| 1021 | ->element_exists_not('div.notify-warn') |
| 1022 | ->text_is('blockquote.warning','Warning - this is a public client!') |
| 1023 | ->text_is('h2 + p', ' wants to have access') |
| 1024 | ; |
| 1025 | |
| 1026 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1027 | $t->get_ok('/settings/marketplace') |
| 1028 | ->status_is(200) |
| 1029 | ->text_is('html head title' => 'Marketplace') |
| 1030 | ->element_exists('ul.plugin-list') |
| 1031 | ->element_exists('ul.plugin-list > li') |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1032 | ->text_is('span.client-name','Plugin 1') |
| 1033 | ->text_is('p.plugin-desc','Description Plugin 1') |
Helge | 216a482 | 2024-06-17 12:02:34 +0200 | [diff] [blame] | 1034 | ->text_is('p.registration_date', 'Date of registration: 2022-05-31T14:30:09+02:00[Europe/Berlin]') |
| 1035 | ->text_is('p.registered_by', 'Registered by: testuser') |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1036 | ; |
| 1037 | |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1038 | |
| 1039 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1040 | $fake_backend_app->add_plugin({ |
| 1041 | "source" => {"one" => '1', "two" => '2'}, |
| 1042 | "permitted" => 'false', |
| 1043 | "client_id" => '53abc', |
| 1044 | "client_name" => 'Plugin 2', |
| 1045 | "client_type" => 'CONFIDENTIAL', |
| 1046 | "client_description" =>'Description Plugin 2' |
| 1047 | }); |
| 1048 | |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1049 | $t->get_ok('/settings/marketplace') |
| 1050 | ->status_is(200) |
| 1051 | ->element_exists('ul.plugin-list') |
| 1052 | ->element_exists('ul.plugin-list > li') |
| 1053 | ->text_is('span.client-name','Plugin 1') |
| 1054 | ->text_is('p.plugin-desc','Description Plugin 1') |
| 1055 | ->element_exists('ul.plugin-list > li + li') |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1056 | ->text_is('ul.plugin-list > li + li >span.client-name','Plugin 2') |
| 1057 | ->text_is('ul.plugin-list > li + li >p.plugin-desc','Description Plugin 2') |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1058 | ; |
| 1059 | |
Helge | d36478d | 2023-06-08 17:43:01 +0200 | [diff] [blame] | 1060 | $t->post_ok('/settings/marketplace/install', form => {'client-id' => '52abc'}) |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1061 | ->status_is(302) |
| 1062 | ->header_is(location => '/settings/marketplace') |
| 1063 | ; |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1064 | $t->ua->max_redirects(1); |
| 1065 | |
Helge | d36478d | 2023-06-08 17:43:01 +0200 | [diff] [blame] | 1066 | $t->post_ok('/settings/marketplace/install', form => {'client-id' => '52abc'}) |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1067 | ->status_is(200) |
| 1068 | ->element_exists('ul.plugin-list') |
| 1069 | ->element_exists('ul.plugin-list > li') |
| 1070 | ->text_is('ul.plugin-list > li > span.client-name','Plugin 2') |
| 1071 | ->text_is('ul.plugin-list > li > p.plugin-desc','Description Plugin 2') |
| 1072 | ->element_exists_not('ul.plugin-list > li + li') |
| 1073 | ->element_exists('ul.plugin_in-list') |
| 1074 | ->element_exists('ul.plugin_in-list > li') |
| 1075 | ->text_is('ul.plugin_in-list > li > span.client-name','Plugin 1') |
Helge | 216a482 | 2024-06-17 12:02:34 +0200 | [diff] [blame] | 1076 | ->text_is('ul.plugin_in-list > li > p.inst_date','Installation date: 2022-12-13T16:33:27.621+01:00[Europe/Berlin]') |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1077 | ; |
| 1078 | |
| 1079 | $t->ua->max_redirects(0); |
| 1080 | |
Helge | d36478d | 2023-06-08 17:43:01 +0200 | [diff] [blame] | 1081 | $t->post_ok('/settings/marketplace/install', form => {'client-id' => 'unsinn31'}) |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1082 | ->status_is(302) |
| 1083 | ->header_is(location => '/settings/marketplace') |
| 1084 | ; |
| 1085 | |
| 1086 | $t->ua->max_redirects(1); |
| 1087 | |
Helge | d36478d | 2023-06-08 17:43:01 +0200 | [diff] [blame] | 1088 | $t->post_ok('/settings/marketplace/install', form => {'client-id' => 'unsinn31'}) |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1089 | ->status_is(200) |
| 1090 | ->text_is('div.notify-error', 'Plugin could not be installed') |
| 1091 | ; |
| 1092 | |
Helge | d36478d | 2023-06-08 17:43:01 +0200 | [diff] [blame] | 1093 | $t->post_ok('/settings/marketplace/uninstall', form => {'client-id' => '52abc'}) |
| 1094 | ->status_is(200) |
| 1095 | ->element_exists('ul.plugin-list') |
| 1096 | ->element_exists('ul.plugin-list > li') |
| 1097 | ->text_is('span.client-name','Plugin 1') |
| 1098 | ->text_is('p.plugin-desc','Description Plugin 1') |
| 1099 | ->element_exists('ul.plugin-list > li + li') |
| 1100 | ->text_is('ul.plugin-list > li + li >span.client-name','Plugin 2') |
| 1101 | ->text_is('ul.plugin-list > li + li >p.plugin-desc','Description Plugin 2') |
| 1102 | ->element_exists_not('ul.plugin_in-list') |
| 1103 | ; |
| 1104 | |
| 1105 | $t->post_ok('/settings/marketplace/uninstall', form => {'client-id' => 'quatsch12'}) |
| 1106 | ->status_is(200) |
| 1107 | ->text_is('div.notify-error', 'Plugin could not be uninstalled') |
| 1108 | ; |
| 1109 | |
Helge | db720ea | 2023-03-20 09:39:36 +0100 | [diff] [blame] | 1110 | $t->ua->max_redirects(0); |
Helge | 278fbca | 2022-11-29 18:49:15 +0100 | [diff] [blame] | 1111 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1112 | $t->get_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1113 | client_id => 'xyz', |
| 1114 | state => 'abcde', |
| 1115 | scope => 'search match', |
| 1116 | redirect_uri => 'http://test.com/' |
| 1117 | })) |
| 1118 | ->status_is(200) |
| 1119 | ->attr_is('input[name=client_id]','value','xyz') |
| 1120 | ->attr_is('input[name=state]','value','abcde') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1121 | ->text_is('ul#scopes li:nth-child(1)','search') |
| 1122 | ->text_is('ul#scopes li:nth-child(2)','match') |
Akron | 408bc7c | 2022-04-28 15:46:43 +0200 | [diff] [blame] | 1123 | ->text_is('span.client-name','New added client') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1124 | ->attr_is('a.form-button','href','http://test.com/') |
| 1125 | ->attr_is('a.embedded-link', 'href', '/doc/korap/kalamar') |
| 1126 | ; |
| 1127 | |
| 1128 | $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1129 | client_id => 'xyz', |
| 1130 | state => 'abcde', |
| 1131 | scope => 'search match', |
| 1132 | redirect_uri => 'http://test.com/' |
| 1133 | })) |
| 1134 | ->status_is(302) |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 1135 | ->header_is('location', '/settings/oauth?error_description=Bad+CSRF+token') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1136 | ; |
| 1137 | |
Akron | a8f87cc | 2023-02-23 12:21:30 +0100 | [diff] [blame] | 1138 | |
| 1139 | my $local_port = $t->get_ok('/')->tx->local_port; |
| 1140 | my $remote_port = $t->get_ok('/')->tx->remote_port; |
| 1141 | |
| 1142 | like($local_port, qr!^\d+$!); |
| 1143 | like($remote_port, qr!^\d+$!); |
| 1144 | |
| 1145 | my $port = $remote_port; |
| 1146 | |
| 1147 | my $redirect_url_fakeapi = $t->app->close_redirect_to(Mojo::URL->new('http://localhost:' . $port)->path($fake_backend_app->url_for('return_uri'))->to_abs->to_string); |
| 1148 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1149 | $fwd = $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1150 | client_id => 'xyz', |
| 1151 | state => 'abcde', |
| 1152 | scope => 'search match', |
Akron | a8f87cc | 2023-02-23 12:21:30 +0100 | [diff] [blame] | 1153 | redirect_uri_server => 'http://localhost:'.$port, |
| 1154 | redirect_uri => "$redirect_url_fakeapi", |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1155 | csrf_token => $csrf, |
| 1156 | })) |
| 1157 | ->status_is(302) |
Akron | a8f87cc | 2023-02-23 12:21:30 +0100 | [diff] [blame] | 1158 | ->header_like('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?code=.+$!) |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1159 | ->tx->res->headers->header('location') |
| 1160 | ; |
| 1161 | |
Akron | f47813c | 2023-05-08 16:24:03 +0200 | [diff] [blame] | 1162 | unless ($^O eq 'MSWin32') { |
| 1163 | $t->get_ok($fwd) |
| 1164 | ->status_is(200) |
| 1165 | ->content_like(qr'welcome back! \[(.+?)\]') |
| 1166 | ; |
| 1167 | }; |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1168 | |
Akron | a8f87cc | 2023-02-23 12:21:30 +0100 | [diff] [blame] | 1169 | my $fake_port = $port; |
| 1170 | |
| 1171 | while ($fake_port == $remote_port || $fake_port == $local_port) { |
| 1172 | $fake_port++; |
| 1173 | }; |
| 1174 | |
| 1175 | $redirect_url_fakeapi = $t->app->close_redirect_to(Mojo::URL->new('http://localhost:' . $fake_port)->path($fake_backend_app->url_for('return_uri'))->to_abs->to_string); |
| 1176 | |
| 1177 | $fwd = $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1178 | client_id => 'xyz', |
| 1179 | state => 'abcde', |
| 1180 | scope => 'search match', |
| 1181 | redirect_uri_server => 'http://localhost:'.$port, |
| 1182 | redirect_uri => "$redirect_url_fakeapi", |
| 1183 | csrf_token => $csrf, |
| 1184 | })) |
| 1185 | ->status_is(302) |
| 1186 | ->header_unlike('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?error_description=Connection\+refused$!) |
| 1187 | ->header_like('location', qr!^http://localhost:\d+/realapi/fakeclient/return\?code=.+?$!) |
| 1188 | ->tx->res->headers->header('location') |
| 1189 | ; |
| 1190 | |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1191 | $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1192 | client_id => 'xyz', |
Akron | 9ccf69a | 2023-01-31 14:21:37 +0100 | [diff] [blame] | 1193 | state => 'abcde', |
| 1194 | scope => 'search match', |
| 1195 | redirect_uri_server => 'http://example.com/', |
| 1196 | redirect_uri => $t->app->close_redirect_to('http://wrong'), |
| 1197 | csrf_token => $csrf, |
| 1198 | })) |
| 1199 | ->status_is(302) |
| 1200 | ->header_is('location', '/settings/oauth') |
| 1201 | ->tx->res->headers->header('location') |
| 1202 | ; |
| 1203 | |
| 1204 | $t->get_ok('/settings/oauth') |
| 1205 | ->text_is('div.notify-error', 'Invalid redirect URI') |
| 1206 | ; |
| 1207 | |
| 1208 | $t->post_ok(Mojo::URL->new('/settings/oauth/authorize')->query({ |
| 1209 | client_id => 'xyz', |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1210 | state => 'fail', |
| 1211 | scope => 'search match', |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 1212 | # redirect_uri_server => 'http://example.com/', |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1213 | redirect_uri => $fake_backend_app->url_for('return_uri')->to_abs, |
| 1214 | csrf_token => $csrf, |
| 1215 | })) |
| 1216 | ->status_is(302) |
Akron | 9d82690 | 2023-01-25 10:20:52 +0100 | [diff] [blame] | 1217 | ->header_is('location', '/realapi/fakeclient/return?error_description=FAIL') |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1218 | ; |
| 1219 | |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 1220 | my $json_post = { |
| 1221 | name => 'Funny', |
| 1222 | type => 'PUBLIC', |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 1223 | desc => 'This is my plugin application 2', |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 1224 | csrf_token => $csrf, |
| 1225 | src => 'hMMM' |
| 1226 | }; |
| 1227 | |
| 1228 | $t->post_ok('/settings/oauth/register' => form => $json_post) |
| 1229 | ->status_is(200) |
| 1230 | ->element_exists('div.notify-error') |
Akron | 99968a9 | 2022-06-03 12:32:07 +0200 | [diff] [blame] | 1231 | ->text_is('div.notify-error', 'Plugin declarations need to be json files') |
| 1232 | ; |
| 1233 | |
| 1234 | $json_post->{src} = { |
| 1235 | content => 'jjjjjj', |
| 1236 | filename => 'fun.txt' |
| 1237 | }; |
| 1238 | |
| 1239 | $t->post_ok('/settings/oauth/register' => form => $json_post) |
| 1240 | ->status_is(200) |
| 1241 | ->element_exists('div.notify-error') |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 1242 | ->text_is('div.notify-error', 'Plugins need to be confidential') |
| 1243 | ; |
| 1244 | |
| 1245 | $json_post->{type} = 'CONFIDENTIAL'; |
| 1246 | |
Akron | 99968a9 | 2022-06-03 12:32:07 +0200 | [diff] [blame] | 1247 | # This somehow gets removed in the last form send ... |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 1248 | $json_post->{src} = { |
| 1249 | content => 'jjjjjj', |
| 1250 | filename => 'fun.txt' |
| 1251 | }; |
| 1252 | |
| 1253 | $t->post_ok('/settings/oauth/register' => form => $json_post) |
| 1254 | ->status_is(200) |
| 1255 | ->element_exists('div.notify-error') |
| 1256 | ->text_is('div.notify-error', 'Plugin declarations need to be json files') |
| 1257 | ; |
| 1258 | |
| 1259 | $json_post->{src} = { |
| 1260 | content => '{"name":"example"}', |
| 1261 | filename => 'fun.txt' |
| 1262 | }; |
| 1263 | |
| 1264 | $t->post_ok('/settings/oauth/register' => form => $json_post) |
| 1265 | ->status_is(200) |
| 1266 | ->element_exists_not('div.notify-error') |
| 1267 | ->element_exists('div.notify-success') |
| 1268 | ->text_is('div.notify-success', 'Registration successful') |
| 1269 | ; |
| 1270 | |
Akron | 6b75d12 | 2022-05-12 17:39:05 +0200 | [diff] [blame] | 1271 | $t->get_ok('/settings/oauth/jh0gfjhjbfdsgzjghj==') |
| 1272 | ->status_is(200) |
| 1273 | ->text_is('div.notify-error', undef) |
| 1274 | ->text_is('li.client #client_source', '{"name":"example"}') |
| 1275 | ->text_is('li.client span.client-name', 'Funny') |
| 1276 | ->text_is('li.client p.client-desc', 'This is my plugin application 2') |
| 1277 | ->element_exists_not('li.client .client-redirect-uri tt') |
| 1278 | ->text_is('li.client .client-type tt', 'CONFIDENTIAL') |
| 1279 | ; |
Akron | 9f2ad34 | 2022-05-04 16:16:40 +0200 | [diff] [blame] | 1280 | |
Akron | b6b156e | 2022-03-31 14:57:49 +0200 | [diff] [blame] | 1281 | |
Akron | 66ef3b5 | 2022-11-22 14:25:15 +0100 | [diff] [blame] | 1282 | # Retest client with super_client_file |
| 1283 | my $client_file = tempfile; |
| 1284 | |
Akron | 889bc20 | 2024-03-15 17:16:55 +0100 | [diff] [blame] | 1285 | $client_file->spew( |
Akron | 66ef3b5 | 2022-11-22 14:25:15 +0100 | [diff] [blame] | 1286 | '{"client_id":"2","client_secret":"k414m4r-s3cr3t"}' |
| 1287 | ); |
| 1288 | |
| 1289 | $t = Test::Mojo::WithRoles->new('Kalamar' => { |
| 1290 | Kalamar => { |
| 1291 | plugins => ['Auth'] |
| 1292 | }, |
| 1293 | 'Kalamar-Auth' => { |
| 1294 | client_file => $client_file, |
| 1295 | oauth2 => 1 |
| 1296 | } |
| 1297 | }); |
| 1298 | |
| 1299 | $t->app->plugin( |
| 1300 | Mount => { |
| 1301 | $mount_point => |
| 1302 | $fixtures_path->child('mock.pl') |
| 1303 | } |
| 1304 | ); |
| 1305 | |
| 1306 | $csrf = $t->get_ok('/') |
| 1307 | ->status_is(200) |
| 1308 | ->element_exists_not('div.button.top a') |
| 1309 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 1310 | ; |
| 1311 | |
| 1312 | $t->post_ok('/user/login' => form => { |
| 1313 | handle_or_email => 'test', |
| 1314 | pwd => 'pass', |
| 1315 | csrf_token => $csrf |
| 1316 | }) |
| 1317 | ->status_is(302) |
| 1318 | ->header_is('Location' => '/') |
| 1319 | ->content_is(''); |
| 1320 | |
| 1321 | $t->get_ok('/') |
| 1322 | ->status_is(200) |
| 1323 | ->element_exists_not('div.notify-error') |
| 1324 | ->element_exists('div.notify-success') |
| 1325 | ->text_is('div.notify-success', 'Login successful') |
| 1326 | ->element_exists_not('aside.off') |
| 1327 | ->element_exists_not('aside.active') |
| 1328 | ->element_exists('aside.settings') |
| 1329 | ; |
| 1330 | |
Akron | 53a171e | 2022-12-05 18:22:58 +0100 | [diff] [blame] | 1331 | $main::ENV{KALAMAR_CLIENT_FILE} = $client_file; |
| 1332 | |
| 1333 | $t = Test::Mojo::WithRoles->new('Kalamar' => { |
| 1334 | Kalamar => { |
| 1335 | plugins => ['Auth'] |
| 1336 | }, |
| 1337 | 'Kalamar-Auth' => { |
| 1338 | oauth2 => 1, |
| 1339 | # client_file => $client_file, |
| 1340 | } |
| 1341 | }); |
| 1342 | |
| 1343 | $t->app->plugin( |
| 1344 | Mount => { |
| 1345 | $mount_point => |
| 1346 | $fixtures_path->child('mock.pl') |
| 1347 | } |
| 1348 | ); |
| 1349 | |
| 1350 | $csrf = $t->get_ok('/') |
| 1351 | ->status_is(200) |
| 1352 | ->element_exists_not('div.button.top a') |
| 1353 | ->tx->res->dom->at('input[name=csrf_token]')->attr('value') |
| 1354 | ; |
| 1355 | |
| 1356 | $t->post_ok('/user/login' => form => { |
| 1357 | handle_or_email => 'test', |
| 1358 | pwd => 'pass', |
| 1359 | csrf_token => $csrf |
| 1360 | }) |
| 1361 | ->status_is(302) |
| 1362 | ->header_is('Location' => '/') |
| 1363 | ->content_is(''); |
| 1364 | |
| 1365 | $t->get_ok('/') |
| 1366 | ->status_is(200) |
| 1367 | ->element_exists_not('div.notify-error') |
| 1368 | ->element_exists('div.notify-success') |
| 1369 | ->text_is('div.notify-success', 'Login successful') |
| 1370 | ->element_exists_not('aside.off') |
| 1371 | ->element_exists_not('aside.active') |
| 1372 | ->element_exists('aside.settings') |
| 1373 | ; |
| 1374 | |
Akron | 66ef3b5 | 2022-11-22 14:25:15 +0100 | [diff] [blame] | 1375 | |
Akron | 33f5c67 | 2019-06-24 19:40:47 +0200 | [diff] [blame] | 1376 | done_testing; |
| 1377 | __END__ |
Akron | a8efaa9 | 2022-04-09 14:45:43 +0200 | [diff] [blame] | 1378 | |
| 1379 | |