X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=t%2FAuth_with_shibboleth.t;h=5ea1f0d5d253c3cc6272c1fe5c36dd1db02df717;hb=a11633379f8d9f6a933da7fa887b2e7966e3765a;hp=9e9617897222d1674508feb4ac4bbafb6bacd2f9;hpb=9dc5a53daabc0b7a07430bf0f5ba469d2b4c2e6c;p=koha-ffzg.git diff --git a/t/Auth_with_shibboleth.t b/t/Auth_with_shibboleth.t old mode 100644 new mode 100755 index 9e96178972..5ea1f0d5d2 --- a/t/Auth_with_shibboleth.t +++ b/t/Auth_with_shibboleth.t @@ -22,13 +22,17 @@ use Module::Load::Conditional qw/check_install/; use Test::More; use Test::MockModule; use Test::Warn; +use File::Temp qw(tempdir); -use CGI; +use t::lib::Mocks::Logger; + +use utf8; +use CGI qw(-utf8 ); use C4::Context; BEGIN { if ( check_install( module => 'Test::DBIx::Class' ) ) { - plan tests => 17; + plan tests => 18; } else { plan skip_all => "Need Test::DBIx::Class"; @@ -61,7 +65,7 @@ $ENV{'city'} = undef; # Setup Mocks ## Mock Context -my $context = new Test::MockModule('C4::Context'); +my $context = Test::MockModule->new('C4::Context'); ### Mock ->config $context->mock( 'config', \&mockedConfig ); @@ -79,7 +83,7 @@ my $interface = 'opac'; $context->mock( 'interface', \&mockedInterface ); ## Mock Database -my $database = new Test::MockModule('Koha::Database'); +my $database = Test::MockModule->new('Koha::Database'); ### Mock ->schema $database->mock( 'schema', \&mockedSchema ); @@ -87,10 +91,11 @@ $database->mock( 'schema', \&mockedSchema ); # Tests ############################################################## +my $logger = t::lib::Mocks::Logger->new(); + # Can module load -use C4::Auth_with_shibboleth; +use C4::Auth_with_shibboleth qw( shib_ok login_shib_url get_login_shib checkpw_shib ); require_ok('C4::Auth_with_shibboleth'); -$C4::Auth_with_shibboleth::debug = '0'; # Subroutine tests ## shib_ok @@ -115,7 +120,7 @@ subtest "shib_ok tests" => sub { is( $result, '0', "bad config" ); # add test for undefined shibboleth block - + $logger->clear; reset_config(); }; @@ -124,49 +129,70 @@ subtest "shib_ok tests" => sub { #is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib"); ## login_shib_url -my $query_string = 'language=en-GB'; -$ENV{QUERY_STRING} = $query_string; -$ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl'; -my $query = CGI->new($query_string); -is( - login_shib_url($query), - 'https://testopac.com' - . '/Shibboleth.sso/Login?target=' - . 'https://testopac.com/cgi-bin/koha/opac-user.pl' . '%3F' - . $query_string, - "login shib url" -); +subtest "login_shib_url tests" => sub { + plan tests => 2; + + my $string = 'language=en-GB¶m="heh❤"'; + my $query_string = Encode::encode('UTF-8', $string); + my $query_string_uri_escaped = URI::Escape::uri_escape_utf8('?'.$string); + + local $ENV{REQUEST_METHOD} = 'GET'; + local $ENV{QUERY_STRING} = $query_string; + local $ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl'; + my $query = CGI->new($query_string); + is( + login_shib_url($query), + 'https://testopac.com' + . '/Shibboleth.sso/Login?target=' + . 'https://testopac.com/cgi-bin/koha/opac-user.pl' + . $query_string_uri_escaped, + "login shib url" + ); + + my $post_params = 'user=bob&password=wideopen'; + local $ENV{REQUEST_METHOD} = 'POST'; + local $ENV{CONTENT_LENGTH} = length($post_params); + + my $dir = tempdir( CLEANUP => 1 ); + my $infile = "$dir/in.txt"; + open my $fh_write, '>', $infile or die "Could not open '$infile' $!"; + print $fh_write $post_params; + close $fh_write; + + open my $fh_read, '<', $infile or die "Could not open '$infile' $!"; + + $query = CGI->new($fh_read); + is( + login_shib_url($query), + 'https://testopac.com' + . '/Shibboleth.sso/Login?target=' + . 'https://testopac.com/cgi-bin/koha/opac-user.pl', + "login shib url" + ); + + close $fh_read; +}; ## get_login_shib subtest "get_login_shib tests" => sub { - plan tests => 4; + + plan tests => 3; + my $login; - # good config - ## debug off - $C4::Auth_with_shibboleth::debug = '0'; - warnings_are { $login = get_login_shib() }[], - "good config with debug off, no warnings received"; - is( $login, "test1234", - "good config with debug off, attribute value returned" ); - - ## debug on - $C4::Auth_with_shibboleth::debug = '1'; - warnings_are { $login = get_login_shib() }[ - "koha borrower field to match: userid", - "shibboleth attribute to match: uid", - "uid value: test1234" - ], - "good config with debug enabled, correct warnings received"; - is( $login, "test1234", - "good config with debug enabled, attribute value returned" ); - -# bad config - with shib_ok implemented, we should never reach this sub with a bad config + $login = get_login_shib(); + + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); + + is( $login, "test1234", "good config, attribute value returned" ); }; ## checkpw_shib subtest "checkpw_shib tests" => sub { - plan tests => 21; + + plan tests => 33; my $shib_login; my ( $retval, $retcard, $retuserid ); @@ -174,33 +200,52 @@ subtest "checkpw_shib tests" => sub { # Setup Mock Database Data fixtures_ok [ 'Borrower' => [ - [qw/cardnumber userid surname address city/], - [qw/testcardnumber test1234 renvoize myaddress johnston/], + [qw/cardnumber userid surname address city email/], + [qw/testcardnumber test1234 renvoize myaddress johnston /], + [qw/testcardnumber1 test12345 clamp1 myaddress quechee kid@clamp.io/], + [qw/testcardnumber2 test123456 clamp2 myaddress quechee kid@clamp.io/], ], 'Category' => [ [qw/categorycode default_privacy/], [qw/S never/], ] ], 'Installed some custom fixtures via the Populate fixture class'; - # debug off - $C4::Auth_with_shibboleth::debug = '0'; - # good user $shib_login = "test1234"; - warnings_are { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [], "good user with no debug"; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); + + is( $logger->count(), 2, "Two debugging entries"); is( $retval, "1", "user authenticated" ); is( $retcard, "testcardnumber", "expected cardnumber returned" ); is( $retuserid, "test1234", "expected userid returned" ); + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); # bad user $shib_login = 'martin'; - warnings_are { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [], "bad user with no debug"; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); is( $retval, "0", "user not authenticated" ); + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); + + # duplicated matchpoint + $matchpoint = 'email'; + $mapping{'email'} = { is => 'email' }; + $shib_login = 'kid@clamp.io'; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); + is( $retval, "0", "user not authenticated if duplicated matchpoint" ); + $logger->debug_is("koha borrower field to match: email", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: email", "shib match attribute debug info") + ->clear(); + + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); + $logger->debug_is("koha borrower field to match: email", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: email", "shib match attribute debug info") + ->warn_is('There are several users with email of kid@clamp.io, matchpoints must be unique', "duplicated matchpoint warned with debug") + ->clear(); + + reset_config(); # autocreate user $autocreate = 1; @@ -211,12 +256,14 @@ subtest "checkpw_shib tests" => sub { $ENV{'cat'} = "S"; $ENV{'add'} = 'Address'; $ENV{'city'} = 'City'; - warnings_are { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [], "new user added with no debug"; + + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); is( $retval, "1", "user authenticated" ); is( $retuserid, "test4321", "expected userid returned" ); + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); + ok my $new_user = ResultSet('Borrower') ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "new user found"; is_fields [qw/surname dateexpiry address city/], $new_user->next, @@ -227,10 +274,10 @@ subtest "checkpw_shib tests" => sub { # sync user $sync = 1; $ENV{'city'} = 'AnotherCity'; - warnings_are { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [], "good user with sync"; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); ok my $sync_user = ResultSet('Borrower') ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "sync user found"; @@ -240,40 +287,21 @@ subtest "checkpw_shib tests" => sub { 'Found $sync_user synced city'; $sync = 0; - # debug on - $C4::Auth_with_shibboleth::debug = '1'; - # good user $shib_login = "test1234"; - warnings_exist { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [ - qr/checkpw_shib/, - qr/koha borrower field to match: userid/, - qr/shibboleth attribute to match: uid/, - qr/User Shibboleth-authenticated as:/ - ], - "good user with debug enabled"; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); is( $retval, "1", "user authenticated" ); is( $retcard, "testcardnumber", "expected cardnumber returned" ); is( $retuserid, "test1234", "expected userid returned" ); + $logger->debug_is("koha borrower field to match: userid", "borrower match field debug info") + ->debug_is("shibboleth attribute to match: uid", "shib match attribute debug info") + ->clear(); # bad user $shib_login = "martin"; - warnings_exist { - ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); - } - [ - qr/checkpw_shib/, - qr/koha borrower field to match: userid/, - qr/shibboleth attribute to match: uid/, - qr/User Shibboleth-authenticated as:/, - qr/not a valid Koha user/ - ], - "bad user with debug enabled"; + ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login); is( $retval, "0", "user not authenticated" ); - + $logger->info_is("There are several users with userid of martin, matchpoints must be unique", "Duplicated matchpoint warned to info"); }; ## _get_uri - opac @@ -281,48 +309,52 @@ $OPACBaseURL = "testopac.com"; is( C4::Auth_with_shibboleth::_get_uri(), "https://testopac.com", "https opac uri returned" ); +$logger->clear; + $OPACBaseURL = "http://testopac.com"; -my $result; -warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[ - "shibboleth interface: $interface", -"Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!" -], - "improper protocol - received expected warning"; +my $result = C4::Auth_with_shibboleth::_get_uri(); is( $result, "https://testopac.com", "https opac uri returned" ); +$logger->warn_is("Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!", "Improper protocol logged to warn") + ->clear(); $OPACBaseURL = "https://testopac.com"; is( C4::Auth_with_shibboleth::_get_uri(), "https://testopac.com", "https opac uri returned" ); +$logger->clear(); + $OPACBaseURL = undef; -warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() } -[ "shibboleth interface: $interface", "OPACBaseURL not set!" ], - "undefined OPACBaseURL - received expected warning"; +$result = C4::Auth_with_shibboleth::_get_uri(); is( $result, "https://", "https $interface uri returned" ); +$logger->warn_is("Syspref staffClientBaseURL or OPACBaseURL not set!", "undefined OPACBaseURL - received expected warning") + ->clear(); + ## _get_uri - intranet $interface = 'intranet'; $staffClientBaseURL = "teststaff.com"; is( C4::Auth_with_shibboleth::_get_uri(), "https://teststaff.com", "https $interface uri returned" ); + +$logger->clear; + $staffClientBaseURL = "http://teststaff.com"; -warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[ - "shibboleth interface: $interface", -"Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!" -], - "improper protocol - received expected warning"; +$result = C4::Auth_with_shibboleth::_get_uri(); is( $result, "https://teststaff.com", "https $interface uri returned" ); +$logger->warn_is("Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!") + ->clear; $staffClientBaseURL = "https://teststaff.com"; is( C4::Auth_with_shibboleth::_get_uri(), "https://teststaff.com", "https $interface uri returned" ); +is( $logger->count(), 0, 'No logging' ); $staffClientBaseURL = undef; -warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() } -[ "shibboleth interface: $interface", "staffClientBaseURL not set!" ], - "undefined staffClientBaseURL - received expected warning"; +$result = C4::Auth_with_shibboleth::_get_uri(); is( $result, "https://", "https $interface uri returned" ); +$logger->warn_is("Syspref staffClientBaseURL or OPACBaseURL not set!", "undefined staffClientBaseURL - received expected warning") + ->clear; ## _get_shib_config # Internal helper function, covered in tests above