oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ready for 7.10.29 development.

Browse source
This commit is contained in:
Colin Kuskie 2013-03-20 21:38:23 -07:00
commit c806f99b7b
4236 changed files with 1217679 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

186
t/Auth/LDAP.t Normal file
View file

@ -0,0 +1,186 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2009 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# Test Auth::LDAP to make sure it works with both ldap and ldaps
#
#
use FindBin;
use strict;
use lib "$FindBin::Bin/../lib";
use Test::More;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Session;
use Test::Deep;
use Scope::Guard;
#----------------------------------------------------------------------------
# Tests
#plan tests => 9; # Increment this number for each test you create
plan skip_all => 'Test server for LDAP down'; # Increment this number for each test you create
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
# Create LDAP Link
my $ldapProps = WebGUI::Test->getSmokeLDAPProps();
$session->db->setRow("ldapLink","ldapLinkId",$ldapProps, $ldapProps->{ldapLinkId});
my $ldapLink = WebGUI::LDAPLink->new( $session, $ldapProps->{ldapLinkId} );
addToCleanup($ldapLink);
my $ldap = $ldapLink->bind;
$session->setting->set('ldapConnection', $ldapProps->{ldapLinkId} );
# An LDAP group
my $ldapGroup = WebGUI::Group->new( $session, "new" );
$ldapGroup->set( "ldapLinkId", $ldapProps->{ldapLinkId} );
$ldapGroup->set( "ldapGroup", "cn=Convicts,o=shawshank" );
$ldapGroup->set( "ldapGroupProperty", "member" );
$ldapGroup->set( "ldapRecursiveProperty", "uid" );
addToCleanup($ldapGroup);
#----------------------------------------------------------------------------
# Test Login of existing user
my $user = WebGUI::User->create( $session );
WebGUI::Test->addToCleanup( $user );
$user->update({
authMethod => "LDAP",
username => "Andy Dufresne",
});
my $auth = $user->authInstance;
$auth->saveParams( $user->getId, $user->get('authMethod'), {
ldapUrl => $ldapProps->{ldapUrl},
connectDN => "uid=Andy Dufresne,o=shawshank",
ldapConnection => $ldapProps->{ldapLinkId},
} );
$session->request->setup_body({
username => 'Andy Dufresne',
identifier => 'AndyDufresne',
});
my $out = $auth->login();
is( $session->user->getId, $user->getId, 'Andy is logged in' );
$session->user({ userId => 1 }); # Restore Visitor
#----------------------------------------------------------------------------
# Test anonymous registration
$session->setting->set('anonymousRegistration', 1);
$session->request->setup_body({
authLDAP_ldapId => 'Ellis Redding',
authLDAP_identifier => 'EllisRedding',
connection => $ldapProps->{ldapLinkId},
email => 'red@shawshank.com', # email is required by profile
});
$auth = WebGUI::Auth::LDAP->new( $session, 'LDAP' );
$out = $auth->createAccountSave;
is( $session->user->get('username'), 'Ellis Redding', 'Ellis was created' );
WebGUI::Test->addToCleanup( $session->user );
$session->user({ userId => 1 }); # Restore Visitor
$session->setting->set('anonymousRegistration', 0);
#----------------------------------------------------------------------------
# Test automatic registration
$session->setting->set('automaticLDAPRegistration', 1);
$session->request->setup_body({
username => 'Bogs Diamond',
identifier => 'BogsDiamond',
});
$auth = WebGUI::Auth::LDAP->new( $session, 'LDAP' );
$out = $auth->login;
is( $session->user->get('username'), 'Bogs Diamond', 'Bogs was created' )
or diag( $auth->error );
WebGUI::Test->addToCleanup( $session->user );
# Test the the automatically registered user is in the right group
ok( $session->user->isInGroup( $ldapGroup->getId ), 'Automatically registered user is in the correct group');
$session->setting->set('automaticLDAPRegistration', 0);
$session->user({ userId => 1 }); # Restore Visitor
#----------------------------------------------------------------------------
# Test DN reset from LDAP
$session->setting->set('automaticLDAPRegistration', 1);
my $result = $ldap->add( 'uid=Brooks Hatley,o=shawshank',
attr => [
uid => 'Brooks Hatley',
cn => 'Brooks Hatley',
givenName => 'Brooks',
sn => 'Hatley',
o => 'shawshank',
objectClass => [ qw( top inetOrgPerson ) ],
userPassword => 'BrooksHatley',
]
);
$session->request->setup_body({
username => 'Brooks Hatley',
identifier => 'BrooksHatley',
});
$auth = WebGUI::Auth::LDAP->new( $session, 'LDAP' );
$out = $auth->login;
is $session->user->get('username'), 'Brooks Hatley', 'Brooks was created';
cmp_deeply(
$auth->getParams,
{
connectDN => 'uid=Brooks Hatley,o=shawshank',
ldapConnection => '00000000000000testlink',
ldapUrl => 'ldaps://smoke.plainblack.com/o=shawshank',
},
'authentication information set after creating account'
);
WebGUI::Test->addToCleanup( $session->user, );
$out = $auth->logout;
is $session->user->get('username'), 'Visitor', 'Brooks was logged out';
$ldap->moddn( 'uid=Brooks Hatley,o=shawshank',
newrdn => 'uid=Brooks Hatlen',
);
$ldap->modify( 'uid=Brooks Hatlen,o=shawshank',
replace => {
cn => 'Brooks Hatlen',
sn => 'Hatlen',
userPassword => 'BrooksHatlen',
},
);
$session->request->setup_body({
username => 'Brooks Hatley',
identifier => 'BrooksHatlen',
});
$auth = WebGUI::Auth::LDAP->new( $session, 'LDAP' );
$out = $auth->login;
is $session->user->get('username'), 'Brooks Hatley', 'Brooks was logged in after name change';
cmp_deeply(
$auth->getParams,
{
connectDN => 'uid=Brooks Hatlen,o=shawshank',
ldapConnection => '00000000000000testlink',
ldapUrl => 'ldaps://smoke.plainblack.com/o=shawshank',
},
'authentication information updated after name change'
);
$ldap->delete( 'uid=Brooks Hatlen,o=shawshank' );
$ldap->delete( 'uid=Brooks Hatley,o=shawshank' );
$session->setting->set('automaticLDAPRegistration', 0);

103
t/Auth/Twitter.t Normal file
View file

@ -0,0 +1,103 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2009 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# Test the Auth::Twitter module
#
#
use FindBin;
use strict;
use lib "$FindBin::Bin/../lib";
use Test::More;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Session;
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
#----------------------------------------------------------------------------
# Tests
plan tests => 15; # Increment this number for each test you create
#----------------------------------------------------------------------------
# Object creation
use_ok( 'WebGUI::Auth::Twitter' );
my $auth = WebGUI::Auth::Twitter->new( $session, "Twitter" );
isa_ok( $auth, 'WebGUI::Auth::Twitter' );
#----------------------------------------------------------------------------
# API methods
my $user = $auth->createTwitterUser( "1234", "AndyDufresne" );
WebGUI::Test->addToCleanup( $user );
isa_ok( $user, 'WebGUI::User' );
is(
$session->db->quickScalar(
"SELECT fieldData FROM authentication WHERE userId=? AND authMethod=? AND fieldName=?",
[ $user->userId, "Twitter", "twitterUserId" ],
),
"1234",
"Twitter User ID saved in authentication table",
);
my $tmpl = $auth->getTemplateChooseUsername;
isa_ok( $tmpl, 'WebGUI::Asset::Template' );
is( $tmpl->getId, $session->setting->get('twitterTemplateIdChooseUsername'), "Template taken from settings" );
$session->setting->set( 'twitterConsumerKey' => '3hvJpBr73pa4FycNrqw' );
$session->setting->set( 'twitterConsumerSecret' => 'E4M5DJ66RAXiHgNCnJES96yTqglttsUes6OBcw9A' );
my $nt = $auth->getTwitter;
isa_ok( $nt, 'Net::Twitter' );
#----------------------------------------------------------------------------
# www_ methods
# www_login
is( $auth->www_login, "redirect", "www_login always returns redirect" );
ok( $session->scratch->get('AuthTwitterToken'), 'auth token gets set to scratch' );
ok( $session->scratch->get('AuthTwitterTokenSecret'), 'auth token secret gets set to scratch' );
like( $session->http->getRedirectLocation, qr/twitter[.]com/, "redirect to twitter.com" );
# www_callback
# I have no idea how to test this...
# www_setUsername
ok( !$auth->www_setUsername, "setUsername doesn't work unless a scratch is set" );
$session->scratch->set( 'AuthTwitterUserId' => '2345' );
$session->request->setup_body( {
newUsername => "RedHerring",
} );
$auth->www_setUsername;
# User gets created with given twitter user id
my $userId = $session->db->quickScalar(
"SELECT userId FROM authentication WHERE authMethod=? AND fieldName=? AND fieldData=?",
[ "Twitter", "twitterUserId", "2345" ],
);
ok( $userId, 'user exists in authentication table' );
$user = WebGUI::User->new( $session, $userId );
is( $user->username, "RedHerring", "correct username is set" );
WebGUI::Test->addToCleanup( $user );
like(
$auth->www_setUsername, qr/username "RedHerring" is taken/,
"setUsername with existing username returns error",
);
#vim:ft=perl

290
t/Auth/mech.t Normal file
View file

@ -0,0 +1,290 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2009 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# This script uses Test::WWW::Mechanize to test the operation of Auth
# NOTE: This mostly tests Auth's common methods, even though it uses
# WebGUI::Auth::WebGUI.
# no form: tests assume that the form exists on the page
# displayLogin: tests go to ?op=auth;method=displayLogin after going to
# unauthorized page
# returnUrl: tests use returnUrl= to try to return to the right place
use FindBin;
use strict;
use lib "$FindBin::Bin/../lib";
use Test::More;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Asset;
use WebGUI::VersionTag;
use WebGUI::Session;
plan skip_all => 'set WEBGUI_LIVE to enable this test' unless $ENV{WEBGUI_LIVE};
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
my $node = WebGUI::Asset->getImportNode( $session );
my @versionTags = ( WebGUI::VersionTag->getWorking( $session ) );
# Override some settings to make things easier to test
# userFunctionStyleId
$session->setting->set( 'userFunctionStyleId', 'PBtmpl0000000000000132' );
# specialState
$session->setting->set( 'specialState', '' );
# Create a user for testing purposes
my $USERNAME = 'dufresne';
my $IDENTIFIER = 'ritahayworth';
my $user = WebGUI::User->new( $session, "new", "something new" );
WebGUI::Test->addToCleanup($user);
$user->username( $USERNAME );
$user->addToGroups( ['3'] );
my $auth = WebGUI::Operation::Auth::getInstance( $session, $user->authMethod, $user->userId );
$auth->saveParams( $user->userId, $user->authMethod, {
'identifier' => Digest::MD5::md5_base64( $IDENTIFIER ),
});
my ($mech, $redirect, $response, $url);
# Get the site's base URL
my $baseUrl = 'http://' . $session->config->get('sitename')->[0];
# $baseUrl .= ':8000'; # no easy way to automatically find this
$baseUrl .= $session->config->get('gateway');
my $httpAuthUrl = 'http://' . $USERNAME . ':' . $IDENTIFIER . '@' . $session->config->get('sitename')->[0];
# $httpAuthUrl .= ':8000'; # no easy way to automatically find this
$httpAuthUrl .= $session->config->get('gateway');
# Make an asset we can login on
my $asset
= $node->addChild({
className => 'WebGUI::Asset::Wobject::Article',
description => "ARTICLE",
url => time . 'loginAsset',
groupIdView => 2, # Registered Users
groupIdEdit => 3, # Admins
styleTemplateId => 'PBtmpl0000000000000132',
});
$versionTags[-1]->commit;
my $assetUrl = $baseUrl . $asset->get('url');
WebGUI::Test->addToCleanup(@versionTags);
#----------------------------------------------------------------------------
# Tests
if ( !eval { require Test::WWW::Mechanize; 1; } ) {
plan skip_all => 'Cannot load Test::WWW::Mechanize. Will not test.';
}
$mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl );
if ( !$mech->success ) {
plan skip_all => "Cannot load URL '$baseUrl'. Will not test.";
}
plan tests => 42; # Increment this number for each test you create
#----------------------------------------------------------------------------
# no form: Test logging in on a normal page sends the user back to the same page
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$url = $assetUrl . '?op=auth;method=login;username=' . $USERNAME . ';identifier=' . $IDENTIFIER;
$mech->get_ok( $url );
$mech->base_is( $assetUrl, "We weren't redirected anywhere" );
$mech->content_contains( "ARTICLE", "We are shown the article" );
#----------------------------------------------------------------------------
# no form: Test logging in on a normal page sends user back to same page AFTER at least one
# failed attempt
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$url = $assetUrl . '?op=auth;method=login;username=' . $USERNAME . ';identifier=nowai';
$mech->get( $url );
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We weren't redirected anywhere" );
$mech->content_contains( "ARTICLE", "We are shown the article" );
#----------------------------------------------------------------------------
# displayLogin: Test logging in on a normal page sends the user back to the same page
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form_ok(
{
with_fields => {
op => 'auth',
method => 'login',
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We were redirected to the same page after login" );
#----------------------------------------------------------------------------
# displayLogin: Test logging in on a normal page sends user back to same page AFTER at least one
# failed attempt
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form(
with_fields => {
username => $USERNAME,
identifier => 'innocence',
},
);
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We were redirected to the same page after login and failing once");
#----------------------------------------------------------------------------
# displayLogin: Test logging in on an operation other than ?op=auth
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl . '?op=listUsers' );
$mech->base_is( $assetUrl . '?op=listUsers', "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We weren't redirected");
#----------------------------------------------------------------------------
# displayLogin: Test logging in on an operation other than ?op=auth after at least one
# failed attempt
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl . '?op=listUsers' );
$mech->base_is( $assetUrl . '?op=listUsers', "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form(
with_fields => {
username => $USERNAME,
identifier => 'innocence',
},
);
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We weren't redirected" );
#----------------------------------------------------------------------------
# displayLogin: Test logging in after directly going to ?op=auth;method=init
$mech = Test::WWW::Mechanize->new;
$mech->get_ok( $assetUrl . '?op=auth;method=init' );
$mech->base_is( $assetUrl . '?op=auth;method=init', "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We were redirected to the right page" );
#----------------------------------------------------------------------------
# displayLogin: Test logging in after directly going to ?op=auth;method=init and failing
# at least once.
$mech = Test::WWW::Mechanize->new;
$mech->get_ok( $assetUrl . '?op=auth;method=init' );
$mech->base_is( $assetUrl . '?op=auth;method=init', "We got the page we were expecting" );
$mech->get_ok( $assetUrl . "?op=auth;method=displayLogin" );
$mech->submit_form(
with_fields => {
username => $USERNAME,
identifier => 'innocence',
},
);
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We were redirected to the right place" );
#----------------------------------------------------------------------------
# returnUrl: Test logging in on a normal page sends the user back to the same page
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$url = $assetUrl
. '?op=auth;returnUrl=%2Froot%2Fimport;method=login;username='
. $USERNAME . ';identifier=' . $IDENTIFIER;
$mech->get_ok( $url );
$mech->base_is( $baseUrl . 'root/import', "We were redirected properly" );
#----------------------------------------------------------------------------
# returnUrl: Test logging in on a normal page sends user back to same page AFTER at least one
# failed attempt
$mech = Test::WWW::Mechanize->new;
$mech->get( $assetUrl );
$mech->base_is( $assetUrl, "We got the page we were expecting" );
$url = $assetUrl
. '?op=auth;returnUrl=%2Froot%2Fimport;method=login;username='
. $USERNAME . ';identifier=nowai';
$mech->get( $url );
$mech->submit_form_ok(
{
with_fields => {
username => $USERNAME,
identifier => $IDENTIFIER,
},
},
);
$mech->base_is( $assetUrl, "We don't get redirected" );
#----------------------------------------------------------------------------
# HTTP basic auth
$mech = Test::WWW::Mechanize->new;
$mech->get( $httpAuthUrl );
$mech->content_contains( "Hello, $USERNAME", "We are greeted by name" );
$mech->get( $httpAuthUrl . $asset->get('url') );
$mech->content_contains( "ARTICLE", "We are shown the article" );