Add Kerberos test (#707)

8 years ago · fafb134e65
parent 537d41a29b
commit fafb134e65
3 changed files with 100 additions and 1 deletions
--- a/lemonldap-ng-portal/MANIFEST
+++ b/lemonldap-ng-portal/MANIFEST
@ -126,6 +126,7 @@ README
 REST-API.md
 site/coffee/confirm.coffee
 site/coffee/info.coffee
+site/coffee/kerberos.coffee
 site/coffee/oidcchecksession.coffee
 site/coffee/portal.coffee
 site/coffee/registerbrowser.coffee
@ -212,6 +213,8 @@ site/htdocs/static/common/js/confirm.js
 site/htdocs/static/common/js/confirm.min.js
 site/htdocs/static/common/js/info.js
 site/htdocs/static/common/js/info.min.js
+site/htdocs/static/common/js/kerberos.js
+site/htdocs/static/common/js/kerberos.min.js
 site/htdocs/static/common/js/oidcchecksession.js
 site/htdocs/static/common/js/oidcchecksession.min.js
 site/htdocs/static/common/js/portal.js
@ -289,6 +292,7 @@ t/21-Auth-LDAP-utf8.t
 t/22-Auth-and-password-AD.t
 t/23-Auth-and-password-REST.t
 t/24-AuthApache.t
+t/24-AuthKerberos.t
 t/25-AuthSlave.t
 t/26-AuthRemote.t
 t/27-AuthProxy.t
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
@ -23,7 +23,7 @@ has keytab => ( is => 'rw' );
 sub init {
    my ($self) = @_;
    my $file;
-    unless ( $file = $self->conf->{krbKeyTab} ) {
+    unless ( $file = $self->conf->{krbKeytab} ) {
        $self->error('Keytab not defined');
        return 0;
    }
--- a/lemonldap-ng-portal/t/24-AuthKerberos.t
+++ b/lemonldap-ng-portal/t/24-AuthKerberos.t
@ -0,0 +1,95 @@
+use Test::More;
+use strict;
+
+BEGIN {
+    require 't/test-lib.pm';
+    eval "use GSSAPI";
+}
+
+my $maintests = 8;
+my $debug = 'error';
+
+SKIP: {
+    eval "require GSSAPI";
+    if ($@) {
+        skip 'GSSAPI not found', $maintests;
+    }
+    my $client = LLNG::Manager::Test->new(
+        {
+            ini => {
+                logLevel       => $debug,
+                useSafeJail    => 1,
+                authentication => 'Kerberos',
+                userDB         => 'Null',
+                krbKeytab      => '/etc/keytab',
+            }
+        }
+    );
+    my $res;
+    ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
+    ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+    ok( getHeader( $res, 'WWW-Authenticate' ) eq 'Negotiate',
+        'Get negotiate header' )
+      or explain( $res->[1], 'WWW-Authenticate => Negotiate' );
+    $client = LLNG::Manager::Test->new(
+        {
+            ini => {
+                logLevel       => $debug,
+                useSafeJail    => 1,
+                authentication => 'Kerberos',
+                userDB         => 'Null',
+                krbKeytab      => '/etc/keytab',
+                krbByJs        => 1,
+                krbAuthnLevel  => 4,
+            }
+        }
+    );
+    ok( $res = $client->_get( '/', accept => 'text/html' ),
+        'First access with JS' );
+    expectForm( $res, '#', undef, 'kerberos' );
+    ok( $res->[2]->[0] =~ /kerberos\.(?:min\.)?js/, 'Get Kerberos javascript' );
+
+    ok(
+        $res = $client->_get(
+            '/',
+            query  => 'kerberos=1',
+            accept => 'application/json'
+        ),
+        'Ajax access'
+    );
+    ok( $res->[0] == 401, 'Get 401' ) or explain( $res->[0], 401 );
+
+    ok(
+        $res = $client->_get(
+            '/',
+            query  => 'kerberos=1',
+            accept => 'application/json',
+            custom => { HTTP_AUTHORIZATION => 'Negotiate c29tZXRoaW5n' }
+        ),
+        'Push fake kerberos'
+    );
+    expectCookie($res);
+
+    #print STDERR Dumper($res);
+}
+
+count($maintests);
+clean_sessions();
+done_testing( count() );
+
+# Redefine GSSAPI method for test
+no warnings 'redefine';
+
+sub GSSAPI::Context::accept ($$$$$$$$$$) {
+    my $a = \@_;
+    $a->[4] = bless {}, 'LLNG::GSSR';
+    return 1;
+}
+
+package LLNG::GSSR;
+
+sub display {
+    my $a = \@_;
+    $a->[1] = 'dwho';
+    return 1;
+}