Commit 2fcc91f7 authored by Christophe Maudoux's avatar Christophe Maudoux

Merge branch 'v2.0' of gitlab.ow2.org:lemonldap-ng/lemonldap-ng into v2.0

parents 64e6c20f 1293643a
Pipeline #4310 passed with stages
in 9 minutes and 57 seconds
......@@ -13,20 +13,20 @@ SKIP: {
skip 'LLNGTESTLDAP is not set', $maintests unless ( $ENV{LLNGTESTLDAP} );
require 't/test-ldap.pm';
my $client = LLNG::Manager::Test->new(
{
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'error',
useSafeJail => 1,
authentication => 'LDAPPolicy',
portal => 'http://auth.example.com/',
userDB => 'LDAP',
passwordDB => 'LDAP',
portalRequireOldPassword => 1,
ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin',
logLevel => 'error',
useSafeJail => 1,
authentication => 'LDAPPolicy',
portal => 'http://auth.example.com/',
userDB => 'LDAP',
passwordDB => 'LDAP',
portalRequireOldPassword => 1,
ldapServer => 'ldap://127.0.0.1:19389/',
ldapBase => 'ou=users,dc=example,dc=com',
managerDn => 'cn=admin,dc=example,dc=com',
managerPassword => 'admin',
ldapAllowResetExpiredPassword => 1,
}
}
);
......@@ -40,42 +40,67 @@ SKIP: {
ok(
$res = $client->_post(
'/', IO::String->new($postString),
length => length($postString)
length => length($postString),
accept => 'text/html',
),
'Auth query'
);
my $match = '"error":\s*"?'
. &Lemonldap::NG::Portal::Main::Constants::PE_PP_PASSWORD_EXPIRED;
my $match = 'trmsg="'
. &Lemonldap::NG::Portal::Main::Constants::PE_PP_PASSWORD_EXPIRED . '"';
ok( $res->[2]->[0] =~ /$match/, 'Password is expired' );
skip 'TO BE CONTINUED';
my $id = expectCookie($res);
#open F, '>../e2e-tests/conf/portal/result.html' or die $!;
#print F $res->[2]->[0];
#close F;
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'oldpassword', 'newpassword',
'confirmpassword' );
ok( $query =~ /user=dwho/, 'User is dwho' )
or explain( $query, 'user=dwho' );
count(1);
$query =~ s/(oldpassword)=/$1=dwho/g;
$query =~ s/((?:confirm|new)password)=/$1=newp/g;
ok(
$res = $client->_post(
'/',
IO::String->new(
'oldpassword=dwho&newpassword=test&confirmpassword=test'),
cookie => "lemonldap=$id",
accept => 'application/json',
length => 54
'/', IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Change password'
'Post new password'
);
expectOK($res);
$client->logout($id);
$match = 'trmsg="'
. &Lemonldap::NG::Portal::Main::Constants::PE_PP_PASSWORD_TOO_SHORT . '"';
ok( $res->[2]->[0] =~ /$match/, 'Password is too short' );
count(1);
open F, '>../e2e-tests/conf/portal/result.html' or die $!;
print F $res->[2]->[0];
close F;
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'oldpassword', 'newpassword',
'confirmpassword' );
ok( $query =~ /user=dwho/, 'User is dwho' )
or explain( $query, 'user=dwho' );
count(1);
$query =~ s/(oldpassword)=/$1=dwho/g;
$query =~ s/((?:confirm|new)password)=/$1=newpassword/g;
ok(
$res = $client->_post(
'/',
IO::String->new('user=dwho&password=test'),
cookie => "lemonldap=$id",
length => 23
'/', IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Auth query with new password'
'Post new password'
);
expectOK($res);
$id = expectCookie($res);
count(1);
#print STDERR Dumper($res);
my $id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
$client->logout($id);
ok($res = $client->_post('/', IO::String->new('user=dwho&password=newpassword'),length=>30), 'Auth query');
count(1);
expectCookie($res);
}
clean_sessions();
count($maintests);
......
......@@ -112,7 +112,7 @@ SKIP: {
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate to OP
$query =~ s/user=&?//;
$query =~ s/(?:password|user)=&?//g;
$query = "user=dwho&password=dwho&$query";
ok(
$res = $op->_post(
......
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Portal::Auth::LDAPPolicy;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_OK PE_LDAPCONNECTFAILED PE_PP_CHANGE_AFTER_RESET PE_PP_PASSWORD_EXPIRED);
qw(PE_OK PE_LDAPCONNECTFAILED PE_PP_PASSWORD_TOO_SHORT PE_PP_PASSWORD_EXPIRED);
our $VERSION = '2.0.2';
......@@ -25,12 +25,19 @@ sub authenticate {
}
}
if ( $req->data->{password} eq ( $ENV{LDAPPWD} || 'dwho' ) ) {
if ( $req->data->{password}
and $req->data->{password} eq ( $ENV{LDAPPWD} || 'dwho' ) )
{
$req->data->{noerror} = 1;
$self->setSecurity($req);
return PE_PP_PASSWORD_EXPIRED;
}
return PE_OK;
if ( $req->data->{newpassword} and $req->data->{newpassword} eq 'newp' ) {
$req->data->{noerror} = 1;
$self->setSecurity($req);
return PE_PP_PASSWORD_TOO_SHORT;
}
return $self->SUPER::authenticate($req);
}
1;
......@@ -246,14 +246,32 @@ m@<form.+?action="(?:(?:http://([^/]+))?(/.*?)?|(#))".+method="(post|get)"@is,
}
count(1);
}
# Fields with values
my %fields =
( $res->[2]->[0] =~
m#<input.+?name="([^"]+)"[^>]+?value="([^"]*?)"#gs );
my $query = join( '&',
map { "$_=" . uri_escape( uri_unescape( $fields{$_} ) ) }
keys(%fields) );
m#<input.+?name="([^"]+)"[^>]+(?:value="([^"]*?)")#gs );
# Add fields without values
%fields = (
$res->[2]->[0] =~
m#<input.+?name="([^"]+)"[^>]+(?:value="([^"]*?)")?#gs,
%fields
);
my $query = join(
'&',
map {
"$_="
. (
$fields{$_}
? uri_escape( uri_unescape( $fields{$_} ) )
: ''
)
}
keys(%fields)
);
foreach my $f (@requiredFields) {
ok( defined $fields{$f}, qq{ Field "$f" is defined} );
ok( exists $fields{$f}, qq{ Field "$f" is defined} );
count(1);
}
exceptCspFormOK( $res, $host );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment