worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Append unit test with token & Fix error code (#1976)

Browse Source
v2.11
Christophe Maudoux 4 years ago
parent 23e52fcec2
commit 3219673375
7 changed files with 224 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      lemonldap-ng-portal/MANIFEST
  2. 13
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
  3. 12
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
  4. 13
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
  5. 41
      lemonldap-ng-portal/t/58-DecryptValue-with-internal-function.t
  6. 33
      lemonldap-ng-portal/t/67-CheckUser-with-token.t
  7. 130
      lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t

1
lemonldap-ng-portal/MANIFEST
Unescape View File

@ -677,6 +677,7 @@ t/68-ContextSwitching-with-TOTP-and-Notification.t
t/68-ContextSwitching-with-UnrestrictedUser.t
t/68-ContextSwitching.t
t/68-FindUser-with-DBI.t
t/68-FindUser-with-Demo-and-token.t
t/68-FindUser-with-Demo.t
t/68-Impersonation-with-2F.t
t/68-Impersonation-with-doubleCookies.t

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/CheckUser.pm
Unescape View File

@ -164,12 +164,13 @@ sub check {
$msg = PE_NOTOKEN;
$token = $self->ott->createToken();
}
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'CheckUser called with an expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken();
else {
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'CheckUser called with an expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken();
}
}
my $params = {

12
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/DecryptValue.pm
Unescape View File

@ -92,11 +92,13 @@ sub run {
$msg = PE_NOTOKEN;
$token = $self->ott->createToken();
}
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn('decryptValue try with expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken();
else {
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'decryptValue try with expired/bad token');
$msg = PE_TOKENEXPIRED;
$token = $self->ott->createToken();
}
}
my $params = {

13
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/FindUser.pm
Unescape View File

@ -46,13 +46,16 @@ sub provideUser {
if ( $self->ottRule->( $req, {} ) ) {
my $token = $req->param('token');
unless ($token) {
$self->userLogger->warn('FindUser called without token');
$self->userLogger->warn(
'FindUser called without token ' . $token );
$error = PE_NOTOKEN;
}
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'FindUser called with an expired/bad token');
$error = PE_TOKENEXPIRED;
else {
unless ( $self->ott->getToken($token) ) {
$self->userLogger->warn(
'FindUser called with an expired/bad token');
$error = PE_TOKENEXPIRED;
}
}
}
if ($error) {

41
lemonldap-ng-portal/t/58-DecryptValue-with-internal-function.t
Unescape View File

@ -43,8 +43,8 @@ count(1);
my $id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# DecryptValue form for a foridden user
# ------------------------
# DecryptValue form for a forbidden user
# --------------------------------------
ok(
$res = $client->_get(
'/decryptvalue',
@ -128,7 +128,7 @@ count(2);
( $host, $url, $query ) =
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
# invalid ciphered value
# Invalid ciphered value
$query =~ s%cipheredValue=%cipheredValue=test%;
ok(
$res = $client->_post(
@ -147,6 +147,41 @@ count(2);
( $host, $url, $query ) =
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
# No token
$query = 'cipheredValue=test';
ok(
$res = $client->_post(
'/decryptvalue',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST decryptvalue without token'
);
ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
or explain( $res->[2]->[0], 'trspan="PE81"' );
count(2);
( $host, $url, $query ) =
expectForm( $res, undef, '/decryptvalue', 'cipheredValue', 'token' );
# Expired token
Time::Fake->offset("+5m");
$query =~ s%cipheredValue=%cipheredValue=test%;
ok(
$res = $client->_post(
'/decryptvalue',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST decryptvalue with an expired token'
);
ok( $res->[2]->[0] =~ m%<span trspan="PE82"></span>%, 'Found PE_TOKENEXPIRED' )
or explain( $res->[2]->[0], 'trspan="PE82"' );
count(2);
$client->logout($id);
clean_sessions();

33
lemonldap-ng-portal/t/67-CheckUser-with-token.t
Unescape View File

@ -49,6 +49,39 @@ count(1);
my $id = expectCookie($res);
expectRedirection( $res, 'http://auth.example.com/' );
# CheckUser form
# ------------------------
ok(
$res = $client->_get(
'/checkuser',
cookie => "lemonldap=$id",
accept => 'text/html'
),
'CheckUser form',
);
count(1);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
ok( $res->[2]->[0] =~ m%<span trspan="checkUser">%, 'Found trspan="checkUser"' )
or explain( $res->[2]->[0], 'trspan="checkUser"' );
count(1);
$query = 'user=rtyler&url=http%3A%2F%2Ftest1.example.com';
ok(
$res = $client->_post(
'/checkuser',
IO::String->new($query),
cookie => "lemonldap=$id",
length => length($query),
accept => 'text/html',
),
'POST checkuser'
);
ok( $res->[2]->[0] =~ m%<span trspan="PE81"></span>%, 'Found PE_NOTOKEN' )
or explain( $res->[2]->[0], 'trspan="PE81"' );
count(2);
( $host, $url, $query ) =
expectForm( $res, undef, '/checkuser', 'user', 'url', 'token' );
# CheckUser form
# ------------------------
ok(

130
lemonldap-ng-portal/t/68-FindUser-with-Demo-and-token.t
Unescape View File

@ -0,0 +1,130 @@
use Test::More;
use strict;
use JSON;
use IO::String;
require 't/test-lib.pm';
my $res;
my $json;
my $client = LLNG::Manager::Test->new( {
ini => {
logLevel => 'debug',
authentication => 'Demo',
userDB => 'Same',
useSafeJail => 1,
requireToken => 1,
findUser => 1,
impersonationRule => 1,
findUserSearchingAttributes =>
{ uid => 'Login', guy => 'Kind', cn => 'Name' },
findUserExcludingAttributes =>
{ type => 'mutant', uid => 'rtyler' },
}
}
);
## Simple access
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
my ( $host, $url, $query ) =
expectForm( $res, '#', undef, 'uid', 'password', 'spoofId', 'token' );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
count(1);
$query =~ s/uid=/uid=dwho/;
ok(
$res = $client->_post(
'/finduser', IO::String->new($query),
accept => 'application/json',
length => length($query)
),
'Post FindFuser request'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{user} eq 'dwho', ' Good user' )
or explain( $json, 'user => dwho' );
count(3);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
Time::Fake->offset("+150s");
$query =~ s/uid=/uid=dwho/;
ok(
$res = $client->_post(
'/finduser', IO::String->new($query),
accept => 'application/json',
length => length($query)
),
'Post expired FindFuser request'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == 82, ' Token expired' )
or explain( $json, 'Token expired' );
ok( $json->{result} == 0, ' result => 0' )
or explain( $json, 'Result => 0' );
count(5);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
$query = 'uid=dwho';
ok(
$res = $client->_post(
'/finduser', IO::String->new($query),
accept => 'application/json',
length => length($query)
),
'Post FindFuser request without token'
);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{error} == 81, ' No Token' )
or explain( $json, 'No token' );
ok( $json->{result} == 0, ' result => 0' )
or explain( $json, 'Result => 0' );
count(5);
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Get Portal', );
( $host, $url, $query ) =
expectForm( $res, '#', undef, 'user', 'guy', 'cn', 'token' );
$query =~ s/user=/user=dwho/;
$query =~ s/password=/password=dwho/;
$query =~ s/spoofId=/spoofId=rtyler/;
ok(
$res = $client->_post(
'/', IO::String->new($query),
accept => 'application/json',
length => length($query)
),
'Post FindFuser request without token'
);
my $id = expectCookie($res);
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{result} == 1, ' result => 1' )
or explain( $json, 'Result => 1' );
$query = 'uid=dwho';
ok(
$res = $client->_post(
'/finduser',
IO::String->new($query),
accept => 'application/json',
cookie => "lemonldap=$id"
),
'Get findUser'
);
expectOK($res);
expectAuthenticatedAs( $res, 'rtyler' );
ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
or print STDERR "$@\n" . Dumper($res);
ok( $json->{result} == 1, ' result => 1' )
or explain( $json, 'Result => 1' );
count(7);
$client->logout($id);
clean_sessions();
done_testing( count() );
Write Preview
Loading…
Cancel
Save