Commit f26922e7 authored by Yadd's avatar Yadd
Browse files

Clean SAML tests (#595)

parent 10d4f395
......@@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 20;
my $maintests = 9;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -49,19 +49,9 @@ SKIP: {
),
'Query IdP to access to SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
m#<form.+?action="http://auth.sp.com(.*?)".+?method="post"#,
'Form method is POST'
);
my $url = $1;
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
'Found SAML response'
);
my $s = "SAMLResponse=$1";
my ( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );
# Post SAML response to SP
switch ('sp');
......@@ -111,19 +101,9 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s,
),
'Get iframe'
);
expectOK($res);
ok(
$res->[2]->[0] =~
m#<form.+?action="http://auth.sp.com(/saml/proxySingleLogout)".+?method="post"#,
'Form method is POST'
);
$url = $1;
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLRequest".+?value="(.+?)"/s,
'Found SAML response'
);
$s = "SAMLRequest=$1";
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogout',
'SAMLRequest' );
# Post SAML logout request to SP
switch ('sp');
......@@ -136,19 +116,9 @@ m#<form.+?action="http://auth.sp.com(/saml/proxySingleLogout)".+?method="post"#,
),
'Post SAML logout request to SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
m#<form.+?action="http://auth.idp.com(/saml/singleLogoutReturn)".+?method="post"#,
'Form method is POST'
);
$url = $1;
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
'Found SAML response'
);
$s = "SAMLResponse=$1";
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogoutReturn',
'SAMLResponse' );
# Post SAML logout response to IdP
switch ('issuer');
......@@ -182,16 +152,9 @@ m#<form.+?action="http://auth.idp.com(/saml/singleLogoutReturn)".+?method="post"
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLRequest".+?value="(.+?)"/s,
'Found SAML request'
)
or explain(
$res->[2],
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
#print STDERR Dumper($res);
}
......
......@@ -7,7 +7,7 @@ BEGIN {
require 't/test-lib.pm';
}
my $maintests = 28;
my $maintests = 11;
my $debug = 'error';
my ( $issuer, $sp, $res );
my %handlerOR = ( issuer => [], sp => [] );
......@@ -60,33 +60,17 @@ SKIP: {
),
'Select IDP'
);
expectOK($res);
ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' )
or explain(
$res->[1],
'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/'
);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLRequest".+?value="(.+?)"/s,
'Found SAML request'
)
or explain(
$res->[2],
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
);
my $samlReq = $1;
ok( decode_base64($samlReq) =~ /^</s, 'SAML request seems valid' )
or explain( decode_base64($samlReq), '<saml ...' );
ok(
$res->[2]->[0] =~ m#<form id="form" action="http://auth.idp.com(.*?)"#s,
'Found IdP URL'
);
my $url = $1;
my ( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
# Push SAML request to IdP
switch ('issuer');
my $s = "SAMLRequest=$samlReq";
ok(
$res = $issuer->_post(
$url,
......@@ -99,14 +83,7 @@ SKIP: {
expectOK($res);
# Try to authenticate to IdP
my $body = $res->[2]->[0];
$body =~ s/^.*?<form.*?>//s;
$body =~ s#</form>.*$##s;
my %fields =
( $body =~ /<input type="hidden".+?name="(.+?)".+?value="(.*?)"/sg );
$fields{user} = $fields{password} = 'dwho';
use URI::Escape;
$s = join( '&', map { "$_=" . uri_escape( $fields{$_} ) } keys %fields );
$s = "user=dwho&password=dwho&$s";
ok(
$res = $issuer->_post(
$url,
......@@ -116,22 +93,12 @@ SKIP: {
),
'Post authentication'
);
expectOK($res);
my $idpId = expectCookie($res);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleSignOnPost',
'SAMLResponse' );
# Post SAML response to SP
ok(
$res->[2]->[0] =~
m#<form.+?action="http://auth.sp.com(.*?)".+?method="post"#,
'Form method is POST'
);
$url = $1;
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
'Found SAML response'
);
$s = "SAMLResponse=$1";
switch ('sp');
ok(
$res = $sp->_post(
......@@ -161,28 +128,12 @@ SKIP: {
),
'Query SP for logout'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLRequest".+?value="(.+?)"/s,
'Found SAML request'
)
or explain(
$res->[2],
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
);
$samlReq = $1;
ok( decode_base64($samlReq) =~ /^</s, 'SAML request seems valid' )
or explain( decode_base64($samlReq), '<saml ...' );
ok(
$res->[2]->[0] =~ m#<form id="form" action="http://auth.idp.com(.*?)"#s,
'Found IdP URL'
);
$url = $1;
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleLogout',
'SAMLRequest' );
# Push SAML logout request to IdP
switch ('issuer');
$s = "SAMLRequest=$samlReq";
ok(
$res = $issuer->_post(
$url,
......@@ -193,29 +144,11 @@ SKIP: {
),
'Post SAML logout request to IdP'
);
expectOK($res);
# Get SAML response
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLResponse".+?value="(.+?)"/s,
'Found SAML request'
)
or explain(
$res->[2],
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
);
$samlReq = $1;
ok( decode_base64($samlReq) =~ /^</s, 'SAML response seems valid' )
or explain( decode_base64($samlReq), '<saml ...' );
ok(
$res->[2]->[0] =~ m#<form id="form" action="http://auth.sp.com(.*?)"#s,
'Found IdP URL'
);
$url = $1;
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.sp.com', '/saml/proxySingleLogoutReturn',
'SAMLResponse' );
# Post SAML response to SP
$s = "SAMLResponse=$samlReq";
switch ('sp');
ok(
$res = $sp->_post(
......@@ -248,16 +181,9 @@ SKIP: {
),
'Test if user is reject on SP'
);
expectOK($res);
ok(
$res->[2]->[0] =~
/<input type="hidden".+?name="SAMLRequest".+?value="(.+?)"/s,
'Found SAML request'
)
or explain(
$res->[2],
' <input type="hidden" name="SAMLRequest" id="SAMLRequest" value="...'
);
( $host, $url, $s ) =
expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn',
'SAMLRequest' );
#print STDERR Dumper($res);
}
......
......@@ -4,6 +4,7 @@ package main;
use strict;
use Data::Dumper;
use LWP::UserAgent;
use URI::Escape;
use 5.10.0;
no warnings 'redefine';
......@@ -61,6 +62,55 @@ sub expectRedirection {
}
}
sub expectAutoPost {
my ( $res, $hostRe, $uriRe, @requiredFields ) = @_;
expectOK($res);
count(2);
if (
ok(
$res->[2]->[0] =~
m@<form.+?action="(?:http://([^/]+)(/.*?)?|#)".+method="post"@s,
'Form method is POST'
)
)
{
my ( $host, $uri ) = ( $1, $2 );
if ($hostRe) {
if ( ref $hostRe ) {
ok( $host =~ $hostRe, 'Host match' )
or explain( $host, $hostRe );
}
else {
ok( $host eq $hostRe, 'Host match' )
or explain( $host, $hostRe );
}
count(1);
}
if ($uriRe) {
if ( ref $uriRe ) {
ok( $uri =~ $uriRe, 'URI match' ) or explain( $uri, $uriRe );
}
else {
ok( $uri eq $uriRe, 'URI match' ) or explain( $uri, $uriRe );
}
count(1);
}
my %fields = ( $res->[2]->[0] =~
m#<input type="hidden".+?name="(.+?)".+?value="(.+?)"#s );
my $query = join( '&',
map { "$_=" . uri_escape( uri_unescape( $fields{$_} ) ) }
keys(%fields) );
foreach my $f (@requiredFields) {
ok( defined $fields{$f}, qq{Field "$f" is defined} );
count(1);
}
return ( $host, $uri, $query );
}
else {
return ();
}
}
sub expectAuthenticatedAs {
my ( $res, $user ) = @_;
ok( getHeader( $res, 'Lm-Remote-User' ) eq $user, "Authenticated as $user" )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment