Commit 0e11cf3e authored by Xavier Guimard's avatar Xavier Guimard

Full tests for Nginx handler (#583)

parent ff61b49f
......@@ -11,6 +11,7 @@ lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
lib/Lemonldap/NG/Handler/API/CGI.pm
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
lib/Lemonldap/NG/Handler/API/PSGI.pm
lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
lib/Lemonldap/NG/Handler/CGI.pm
lib/Lemonldap/NG/Handler/Main.pm
lib/Lemonldap/NG/Handler/Main/Jail.pm
......@@ -46,6 +47,8 @@ t/50-Lemonldap-NG-Handler-SecureToken.t
t/51-Lemonldap-NG-Handler-Zimbra.t
t/52-Lemonldap-NG-Handler-AuthBasic.t
t/60-Lemonldap-NG-Handler-PSGI.t
t/61-Lemonldap-NG-Handler-PSGI-Server.t
t/62-Lemonldap-NG-Handler-Nginx.t
t/99-pod.t
t/lmConf-1.js
t/sessions/f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545
......
......@@ -42,9 +42,18 @@ sub AUTOLOAD {
# - Apache (modperl1),
# - Nginx
if ( !$mode or $func eq 'newRequest' ) {
#print STDERR "FONCTION $func\n";
#for ( my $i = 0 ; $i < 7 ; $i++ ) {
# print STDERR " $i: " . ( caller($i) )[0] . "\n";
#}
$mode =
( ( caller(1) )[0] eq 'Lemonldap::NG::Handler::Nginx' )
? 'PSGI'
(
( caller(1) )[0] =~
/^Lemonldap::NG::Handler::(?:Nginx|PSGI::Server)$/
or ( caller(6) )[0] =~
/^Lemonldap::NG::Handler::(?:Nginx|PSGI::Server)$/
) ? 'PSGI/Server'
: (
( caller(0) )[0] =~ /^Lemonldap::NG::Handler::PSGI/
or (
......
package Lemonldap::NG::Handler::API::PSGI::Server;
use strict;
use base 'Lemonldap::NG::Handler::API::PSGI';
# In server mode, headers are not passed to a PSGI application but returned
# to the server
## @method void set_header_in(hash headers)
# sets or modifies request headers
# @param headers hash containing header names => header value
sub set_header_in {
my ( $class, %headers ) = @_;
for my $k ( keys %headers ) {
$Lemonldap::NG::Handler::API::PSGI::request->{respHeaders}->{$k} =
$headers{$k};
}
}
1;
......@@ -75,3 +75,154 @@ sub router {
}
1;
__END__
=pod
=encoding utf8
=head1 NAME
Lemonldap::NG::Handler::Nginx - Lemonldap::NG FastCGI handler for Nginx.
=head1 SYNOPSIS
FastCGI server:
use Lemonldap::NG::Handler::Nginx;
Lemonldap::NG::Handler::Nginx->run( {} );
Launch it with plackup:
plackup -s FCGI --listen /tmp/llng.sock --no-default-middleware
Configure Nginx:
http {
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
server {
server_name test1.example.com;
access_log /log/file lm_combined
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass __PSGISERVERSOCKET__;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location / {
# Activate access control
auth_request /lmauth;
# Set logs
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
# Add as many 3-lines block as max number of headers returned by
# configuration
auth_request_set $headername1 $upstream_http_headername1;
auth_request_set $headervalue1 $upstream_http_headervalue1;
#proxy_set_header $headername1 $headervalue1;
# OR
#fastcgi_param $fheadername1 $headervalue1;
auth_request_set $headername2 $upstream_http_headername2;
auth_request_set $headervalue2 $upstream_http_headervalue2;
#proxy_set_header $headername2 $headervalue2;
# OR
#fastcgi_param $fheadername2 $headervalue2;
auth_request_set $headername3 $upstream_http_headername3;
auth_request_set $headervalue3 $upstream_http_headervalue3;
#proxy_set_header $headername3 $headervalue3;
# OR
#fastcgi_param $fheadername3 $headervalue3;
}
}
=head1 DESCRIPTION
Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the application.
It manages both authentication and authorization and provides headers for
accounting. So you can have a full AAA protection for your web space as
described below.
Lemonldap::NG::Handler::Nginx provides a FastCGI server that can be used by
Nginx as authentication server.
=head1 SEE ALSO
L<Lemonldap::NG::Handler>, L<http://lemonldap-ng.org/>,
L<http://nginx.org/en/docs/http/ngx_http_auth_request_module.html>
=head1 AUTHOR
=over
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=back
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://jira.ow2.org>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
=over
=item Copyright (C) 2016 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Copyright (C) 2012-2015 by François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
=item Copyright (C) 2006-2012 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
=back
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.
=cut
......@@ -13,8 +13,8 @@ extends 'Lemonldap::NG::Handler::PSGI';
sub _run {
my ($self) = @_;
return sub {
my $req = Lemonldap::NG::Common::PSGI::Request( $_[0] );
my $res = $self->router($req);
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
my $res = $self->_authAndTrace($req);
push @{ $res->[1] }, %{ $req->{respHeaders} };
return $res;
};
......
#!/usr/bin/env perl -I pl/lib
use Test::More;
use JSON;
use Data::Dumper;
use MIME::Base64;
require 't/test-psgi-lib.pm';
init('Lemonldap::NG::Handler::PSGI::Server');
my $res;
# Unauthentified query
ok( $res = $client->_get('/'), 'Unauthentified query' );
ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
my %h = @{ $res->[1] };
ok(
$h{Location} eq 'http://auth.example.com/?url='
. encode_base64( 'http://test1.example.com/', '' ),
'Redirection points to portal'
)
or explain(
\%h,
'Location => http://auth.example.com/?url='
. encode_base64( 'http://test1.example.com/', '' )
);
count(4);
# Authentified queries
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
# Check headers
%h = @{ $res->[1] };
ok($h{'Auth-User'} eq 'dwho','Header Auth-User is set to "dwho"') or explain($h,'Auth-User => "dwho"');
count(1);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
# Bad cookie
ok(
$res = $client->_get(
'/deny',
undef,
'manager.example.com',
'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Bad cookie'
);
ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
unlink('t/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock');
count(2);
done_testing( count() );
#!/usr/bin/env perl -I pl/lib
use Test::More;
use JSON;
use Data::Dumper;
use MIME::Base64;
require 't/test-psgi-lib.pm';
init('Lemonldap::NG::Handler::Nginx');
my $res;
# Unauthentified query
ok( $res = $client->_get('/'), 'Unauthentified query' );
ok( ref($res) eq 'ARRAY', 'Response is an array' ) or explain( $res, 'array' );
ok( $res->[0] == 401, 'Code is 401' ) or explain( $res->[0], 401 );
my %h = @{ $res->[1] };
ok(
$h{Location} eq 'http://auth.example.com/?url='
. encode_base64( 'http://test1.example.com/', '' ),
'Redirection points to portal'
)
or explain(
\%h,
'Location => http://auth.example.com/?url='
. encode_base64( 'http://test1.example.com/', '' )
);
count(4);
# Authentified queries
# --------------------
# Authorizated query
ok(
$res = $client->_get(
'/',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Authentified query'
);
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
count(2);
# Check headers
%h = @{ $res->[1] };
ok($h{'Headername1'} eq 'Auth-User','Headername1 is set to "Auth-User"') or explain($h,'Headername1 => "Auth-User"');
ok($h{'Headervalue1'} eq 'dwho','Headervalue1 is set to "dwho"') or explain($h,'Headervalue1 => "dwho"');
count(2);
# Denied query
ok(
$res = $client->_get(
'/deny',
undef,
undef,
'lemonldap=f5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Denied query'
);
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
count(2);
# Bad cookie
ok(
$res = $client->_get(
'/deny',
undef,
'manager.example.com',
'lemonldap=e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545'
),
'Bad cookie'
);
ok( $res->[0] == 401, 'Code is 401' ) or explain( $res->[0], 401 );
unlink('t/sessions/lock/Apache-Session-e5eec18ebb9bc96352595e2d8ce962e8ecf7af7c9a98cb9a43f9cd181cf4b545.lock');
count(2);
done_testing( count() );
......@@ -172,7 +172,6 @@ t/80-attributes.t
t/90-translations.t
t/99-pod.t
t/conf/lmConf-1.js
t/conf/lmConf-2.js
t/jsonfiles/01-base-tree.json
t/jsonfiles/02-base-tree-all-nodes-opened.json
t/jsonfiles/12-modified.json
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment