Commit d804ce2b authored by Christophe Maudoux's avatar Christophe Maudoux

Improve unit test (#1625)

parent 1f11f315
......@@ -73,7 +73,7 @@ SKIP: {
expectOK($res);
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with unauthorized user to IdP
# Try to authenticate with an unauthorized user to IdP
$s = "user=dwho&password=dwho&$s";
ok(
$res = $issuer->_post(
......@@ -85,8 +85,8 @@ SKIP: {
),
'Post authentication'
);
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' );
ok( $res->[2]->[0] =~ /trmsg="89"/, 'Reject reason is 89' )
or print STDERR Dumper( $res->[2]->[0] );
# Simple SP access
ok(
$res = $sp->_get(
......@@ -118,7 +118,7 @@ SKIP: {
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with authorized user to IdP
# Try to authenticate with an authorized user to IdP
$s = "user=french&password=french&$s";
ok(
$res = $issuer->_post(
......
......@@ -90,13 +90,13 @@ count(1);
expectOK($res);
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate to IdP
# Try to authenticate with an unauthorized user to IdP
my $body = $res->[2]->[0];
$body =~ s/^.*?<form.*?>//s;
$body =~ s#</form>.*$##s;
my %fields =
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
$fields{user} = $fields{password} = 'french';
$fields{user} = $fields{password} = 'dwho';
use URI::Escape;
my $s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
ok(
......@@ -110,6 +110,55 @@ ok(
'Post authentication'
);
count(1);
ok( $res->[2]->[0] =~ /trmsg="68"/, 'Reject reason is 68' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
# Simple SP access
ok(
$res = $sp->_get(
'/', accept => 'text/html',
),
'Unauth SP request'
);
count(1);
expectRedirection( $res,
'http://auth.idp.com/cas/login?service=http%3A%2F%2Fauth.sp.com%2F' );
# Query IdP
switch ('issuer');
ok(
$res = $issuer->_get(
'/cas/login',
query => 'service=http://auth.sp.com/',
accept => 'text/html'
),
'Query CAS server'
);
count(1);
expectOK($res);
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
# Try to authenticate with an authorized to IdP
$body = $res->[2]->[0];
$body =~ s/^.*?<form.*?>//s;
$body =~ s#</form>.*$##s;
%fields =
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
$fields{user} = $fields{password} = 'french';
use URI::Escape;
$s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
ok(
$res = $issuer->_post(
'/cas/login',
IO::String->new($s),
cookie => $pdata,
accept => 'text/html',
length => length($s),
),
'Post authentication'
);
count(1);
my ($query) =
expectRedirection( $res, qr#^http://auth.sp.com/\?(ticket=[^&]+)$# );
my $idpId = expectCookie($res);
......
......@@ -101,7 +101,59 @@ ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ),
count(1);
expectOK($res);
# Try to authenticate to IdP
# Try to authenticate with an unauthorized user to IdP
$query = "user=french&password=french&$query&nonce=qwerty";
ok(
$res = $op->_post(
$url,
IO::String->new($query),
accept => 'text/html',
length => length($query),
),
"Post authentication, endpoint $url"
);
count(1);
ok( $res->[2]->[0] =~ /trmsg="90"/, 'Reject reason is 90' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
# Initialization
ok( $op = op(), 'OP portal' );
ok( $res = $op->_get('/oauth2/jwks'), 'Get JWKS, endpoint /oauth2/jwks' );
expectOK($res);
$jwks = $res->[2]->[0];
ok(
$res = $op->_get('/.well-known/openid-configuration'),
'Get metadata, endpoint /.well-known/openid-configuration'
);
expectOK($res);
$metadata = $res->[2]->[0];
count(3);
switch ('rp');
&Lemonldap::NG::Handler::Main::cfgNum( 0, 0 );
ok( $rp = rp( $jwks, $metadata ), 'RP portal' );
count(1);
# Query RP for auth
ok( $res = $rp->_get( '/', accept => 'text/html' ), 'Unauth SP request' );
count(1);
( $url, $query ) =
expectRedirection( $res, qr#http://auth.op.com(/oauth2/authorize)\?(.*)$# );
# Rewrite response_type to use implicit
$query =~ s/response_type=code/response_type=code%20id_token%20token/;
# Push request to OP
switch ('op');
ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ),
"Push request to OP, endpoint $url" );
count(1);
expectOK($res);
# Try to authenticate with an authorized user to IdP
$query = "user=dwho&password=dwho&$query&nonce=qwerty";
ok(
$res = $op->_post(
......@@ -177,6 +229,7 @@ sub op {
authentication => 'Demo',
userDB => 'Same',
issuerDBOpenIDConnectActivation => "1",
issuerDBOpenIDConnectRule => '$uid eq "dwho"',
oidcRPMetaDataExportedVars => {
rp => {
email => "mail",
......
......@@ -10,7 +10,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 9;
my $maintests = 14;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -58,6 +58,11 @@ SKIP: {
ok( $sp = sp(), 'SP portal' );
$handlerOR{sp} = \@Lemonldap::NG::Handler::Main::_onReload;
# Simple SP access
my $res;
ok(
......@@ -71,7 +76,7 @@ SKIP: {
' Ask for OpenID identity' );
$query .=
'&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Fdwho';
'&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Ffrench';
ok(
$res = $sp->_post(
......@@ -93,9 +98,57 @@ SKIP: {
my ($tmp);
my $pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
( $host, $tmp, $query ) = expectForm( $res, '#', undef );
$query .= '&user=french&password=french';
# Try to authenticate with an unauthorized user
ok(
$res = $issuer->_post(
$uri, IO::String->new($query),
length => length($query),
accept => 'text/html',
cookie => $pdata,
),
'Try to authenticate'
);
ok( $res->[2]->[0] =~ /trmsg="91"/, 'Reject reason is 91' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
# Simple SP access
ok(
$res = $sp->_get(
'/', accept => 'text/html',
),
'Unauth SP request'
);
( $host, $url, $query ) = expectForm( $res, '#', undef );
ok( $res->[2]->[0] =~ /name="openid_identifier"/,
' Ask for OpenID identity' );
$query .=
'&openid_identifier=http%3A%2F%2Fauth.idp.com%2Fopenidserver%2Fdwho';
ok(
$res = $sp->_post(
'/', IO::String->new($query),
length => length($query),
accept => 'text/html',
),
'Post OpenID identity'
);
( $uri, $query ) = expectRedirection( $res,
qr#http://auth.idp.com(/openidserver/?)\?(openid.*)$# );
# Follow redirection do IdP
switch ('issuer');
ok( $res = $issuer->_get( $uri, query => $query, accept => 'text/html' ),
'Follow redirection to IdP' );
expectOK($res);
$pdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' );
( $host, $tmp, $query ) = expectForm( $res, '#', undef );
$query .= '&user=dwho&password=dwho';
# Try to authenticate
# Try to authenticate with an authorized user
ok(
$res = $issuer->_post(
$uri, IO::String->new($query),
......
......@@ -19,8 +19,37 @@ my $client = LLNG::Manager::Test->new( {
}
);
# Try yo authenticate
# -------------------
# Try to authenticate with an unauthorized user
# ---------------------------------------------
ok(
$res = $client->_post(
'/',
IO::String->new('user=rtyler&password=rtyler'),
length => 27
),
'Auth query'
);
count(1);
expectOK($res);
my $id = expectCookie($res);
# Test GET login
ok(
$res = $client->_get(
'/test',
query => 'url=aHR0cDovL3Rlc3QxLmV4YW1wbGUuY29tLw==',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'GET request with good url'
);
count(1);
ok( $res->[2]->[0] =~ /trmsg="92"/, 'Reject reason is 92' )
or print STDERR Dumper( $res->[2]->[0] );
count(1);
# Try to authenticate with an authorized user
# -------------------------------------------
ok(
$res = $client->_post(
'/',
......@@ -31,7 +60,7 @@ ok(
);
count(1);
expectOK($res);
my $id = expectCookie($res);
$id = expectCookie($res);
# Test GET login
ok(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment