Unit tests for #2533

4 years ago · 6ef522c193
parent cf3809a0de
commit 6ef522c193
2 changed files with 152 additions and 0 deletions
--- a/lemonldap-ng-portal/t/32-CAS-Hooks.t
+++ b/lemonldap-ng-portal/t/32-CAS-Hooks.t
@ -0,0 +1,110 @@
+use lib 'inc';
+use Test::More;    # skip_all => 'CAS is in rebuild';
+use strict;
+use IO::String;
+use LWP::UserAgent;
+use LWP::Protocol::PSGI;
+use MIME::Base64;
+
+BEGIN {
+    require 't/test-lib.pm';
+}
+
+my $debug = 'error';
+my ( $issuer, $res );
+
+eval { require XML::Simple };
+plan skip_all => "Missing dependencies: $@" if ($@);
+
+ok( $issuer = issuer(), 'Issuer portal' );
+count(1);
+
+my $s = "user=french&password=french";
+
+# Login
+ok(
+    $res = $issuer->_post(
+        '/',
+        IO::String->new($s),
+        accept => 'text/html',
+        length => length($s),
+    ),
+    'Post authentication'
+);
+count(1);
+my $idpId = expectCookie($res);
+
+# Hook should make it fail with status 999
+ok(
+    $res = $issuer->_get(
+        '/cas/login',
+        cookie => "lemonldap=$idpId",
+        query  => 'service=http://auth.sp2.com/',
+        accept => 'text/html'
+    ),
+    'Query CAS server'
+);
+count(1);
+
+expectPortalError( $res, 999, "Hook rejected the request" );
+
+ok(
+    $res = $issuer->_get(
+        '/cas/login',
+        cookie => "lemonldap=$idpId",
+        query  => 'service=http://auth.sp.com/',
+        accept => 'text/html'
+    ),
+    'Query CAS server'
+);
+count(1);
+my ($query) =
+  expectRedirection( $res, qr#^http://auth.sp.com/\?hooked=1&(ticket=[^&]+)$# );
+
+ok(
+    $res = $issuer->_get(
+        '/cas/p3/serviceValidate',
+        query  => 'service=http://auth.sp.com/&' . $query,
+        accept => 'text/html'
+    ),
+    'Query CAS server'
+);
+
+expectOK($res);
+count(1);
+
+ok( $res->[2]->[0] =~ m#<cas:hooked>1</cas:hooked>#, "Found hook attribute" );
+count(1);
+
+clean_sessions();
+done_testing( count() );
+
+sub issuer {
+    return LLNG::Manager::Test->new( {
+            ini => {
+                logLevel              => $debug,
+                domain                => 'idp.com',
+                portal                => 'http://auth.idp.com',
+                authentication        => 'Demo',
+                userDB                => 'Same',
+                issuerDBCASActivation => 1,
+                casAttr               => 'uid',
+                casAppMetaDataOptions => {
+                    sp => {
+                        casAppMetaDataOptionsService => 'http://auth.sp.com/',
+                    },
+                },
+                casAppMetaDataExportedVars => {
+                    sp => {
+                        cn   => 'cn',
+                        mail => 'mail',
+                        uid  => 'uid',
+                    },
+                },
+                casAccessControlPolicy => 'error',
+                multiValuesSeparator   => ';',
+                customPlugins          => 't::CasHookPlugin',
+            }
+        }
+    );
+}
--- a/lemonldap-ng-portal/t/CasHookPlugin.pm
+++ b/lemonldap-ng-portal/t/CasHookPlugin.pm
@ -0,0 +1,42 @@
+package t::CasHookPlugin;
+
+use Mouse;
+extends 'Lemonldap::NG::Portal::Main::Plugin';
+
+use constant hook => {
+    casGotRequest                 => 'filterService',
+    'casGenerateServiceTicket'    => 'changeRedirectUrl',
+    'casGenerateValidateResponse' => 'genResponse',
+};
+
+sub init {
+    my ($self) = @_;
+    return 1;
+}
+
+sub filterService {
+    my ( $self, $req, $cas_request ) = @_;
+    if ( $cas_request->{service} eq "http://auth.sp.com/" ) {
+        return 0;
+    }
+    else {
+        return 999;
+    }
+}
+
+sub changeRedirectUrl {
+    my ( $self, $req, $cas_request, $app, $Sinfos ) = @_;
+    $cas_request->{service} .= "?hooked=1";
+    return 0;
+}
+
+sub genResponse {
+    my ( $self, $req, $username, $attributes ) = @_;
+
+    $attributes->{hooked} = 1;
+
+    return 0;
+}
+
+1;
+