forked from Koha-Community/Koha
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAuth_with_shibboleth.t
268 lines (218 loc) · 7.37 KB
/
Auth_with_shibboleth.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
$| = 1;
use Module::Load::Conditional qw/check_install/;
use Test::More;
use Test::MockModule;
use Test::Warn;
use CGI;
use C4::Context;
BEGIN {
if ( check_install( module => 'Test::DBIx::Class' ) ) {
plan tests => 11;
} else {
plan skip_all => "Need Test::DBIx::Class"
}
}
use Test::DBIx::Class { schema_class => 'Koha::Schema', connect_info => ['dbi:SQLite:dbname=:memory:','',''] };
# Mock Variables
my $matchpoint = 'userid';
my %mapping = ( 'userid' => { 'is' => 'uid' }, );
$ENV{'uid'} = "test1234";
# Setup Mocks
## Mock Context
my $context = new Test::MockModule('C4::Context');
### Mock ->config
$context->mock( 'config', \&mockedConfig );
sub mockedConfig {
my $param = shift;
my %shibboleth = (
'matchpoint' => $matchpoint,
'mapping' => \%mapping
);
return \%shibboleth;
}
### Mock ->preference
my $OPACBaseURL = "testopac.com";
$context->mock( 'preference', \&mockedPref );
sub mockedPref {
my $param = $_[1];
my $return;
if ( $param eq 'OPACBaseURL' ) {
$return = $OPACBaseURL;
}
return $return;
}
## Mock Database
my $database = new Test::MockModule('Koha::Database');
### Mock ->schema
$database->mock( 'schema', \&mockedSchema );
sub mockedSchema {
return Schema();
}
## Convenience method to reset config
sub reset_config {
$matchpoint = 'userid';
%mapping = ( 'userid' => { 'is' => 'uid' }, );
$ENV{'uid'} = "test1234";
return 1;
}
# Tests
##############################################################
# Can module load
use_ok('C4::Auth_with_shibboleth');
$C4::Auth_with_shibboleth::debug = '0';
# Subroutine tests
## shib_ok
subtest "shib_ok tests" => sub {
plan tests => 5;
my $result;
# correct config, no debug
is( shib_ok(), '1', "good config" );
# bad config, no debug
$matchpoint = undef;
warnings_are { $result = shib_ok() }
[ { carped => 'shibboleth matchpoint not defined' }, ],
"undefined matchpoint = fatal config, warning given";
is( $result, '0', "bad config" );
$matchpoint = 'email';
warnings_are { $result = shib_ok() }
[ { carped => 'shibboleth matchpoint not mapped' }, ],
"unmapped matchpoint = fatal config, warning given";
is( $result, '0', "bad config" );
# add test for undefined shibboleth block
reset_config();
};
## logout_shib
#my $query = CGI->new();
#is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib");
## login_shib_url
my $query_string = 'language=en-GB';
$ENV{QUERY_STRING} = $query_string;
$ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl';
my $query = CGI->new($query_string);
is(
login_shib_url($query),
'https://testopac.com'
. '/Shibboleth.sso/Login?target='
. 'https://testopac.com/cgi-bin/koha/opac-user.pl' . '%3F'
. $query_string,
"login shib url"
);
## get_login_shib
subtest "get_login_shib tests" => sub {
plan tests => 4;
my $login;
# good config
## debug off
$C4::Auth_with_shibboleth::debug = '0';
warnings_are { $login = get_login_shib() }[],
"good config with debug off, no warnings recieved";
is( $login, "test1234",
"good config with debug off, attribute value returned" );
## debug on
$C4::Auth_with_shibboleth::debug = '1';
warnings_are { $login = get_login_shib() }[
"koha borrower field to match: userid",
"shibboleth attribute to match: uid",
"uid value: test1234"
],
"good config with debug enabled, correct warnings recieved";
is( $login, "test1234",
"good config with debug enabled, attribute value returned" );
# bad config - with shib_ok implimented, we should never reach this sub with a bad config
};
## checkpw_shib
subtest "checkpw_shib tests" => sub {
plan tests => 13;
my $shib_login;
my ( $retval, $retcard, $retuserid );
# Setup Mock Database Data
fixtures_ok [
'Borrower' => [
[qw/cardnumber userid surname address city/],
[qw/testcardnumber test1234 renvoize myaddress johnston/],
],
],
'Installed some custom fixtures via the Populate fixture class';
# debug off
$C4::Auth_with_shibboleth::debug = '0';
# good user
$shib_login = "test1234";
warnings_are {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[], "good user with no debug";
is( $retval, "1", "user authenticated" );
is( $retcard, "testcardnumber", "expected cardnumber returned" );
is( $retuserid, "test1234", "expected userid returned" );
# bad user
$shib_login = 'martin';
warnings_are {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[], "bad user with no debug";
is( $retval, "0", "user not authenticated" );
# debug on
$C4::Auth_with_shibboleth::debug = '1';
# good user
$shib_login = "test1234";
warnings_exist {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[ qr/checkpw_shib/, qr/koha borrower field to match: userid/,
qr/shibboleth attribute to match: uid/,
qr/User Shibboleth-authenticated as:/ ],
"good user with debug enabled";
is( $retval, "1", "user authenticated" );
is( $retcard, "testcardnumber", "expected cardnumber returned" );
is( $retuserid, "test1234", "expected userid returned" );
# bad user
$shib_login = "martin";
warnings_exist {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[
qr/checkpw_shib/,
qr/koha borrower field to match: userid/,
qr/shibboleth attribute to match: uid/,
qr/User Shibboleth-authenticated as:/,
qr/not a valid Koha user/
],
"bad user with debug enabled";
is( $retval, "0", "user not authenticated" );
};
## _get_uri
$OPACBaseURL = "testopac.com";
is( C4::Auth_with_shibboleth::_get_uri(),
"https://testopac.com", "https opac uri returned" );
$OPACBaseURL = "http://testopac.com";
my $result;
warning_like { $result = C4::Auth_with_shibboleth::_get_uri() }
[ qr/Shibboleth requires OPACBaseURL to use the https protocol!/ ],
"improper protocol - received expected warning";
is( $result, "https://testopac.com", "https opac uri returned" );
$OPACBaseURL = "https://testopac.com";
is( C4::Auth_with_shibboleth::_get_uri(),
"https://testopac.com", "https opac uri returned" );
$OPACBaseURL = undef;
warning_like { $result = C4::Auth_with_shibboleth::_get_uri() }
[ qr/OPACBaseURL not set!/ ],
"undefined OPACBaseURL - received expected warning";
is( $result, "https://", "https opac uri returned" );
## _get_shib_config
# Internal helper function, covered in tests above