oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webgui/t/Operation/User/service.t
Colin Kuskie 6c3369d0cb Revert "use temp config file for testing" 
This reverts commit 9b725c6d42.
2010-06-14 15:19:54 -07:00

457 lines
16 KiB
Perl
Raw Blame History

# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2009 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# Test the user services from WebGUI::Operation::User
#
#
use FindBin;
use strict;
use lib "$FindBin::Bin/../../lib";
use Test::More;
use Test::Deep;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Session;
use XML::Simple;
use JSON;
use WebGUI::Operation::User;
use WebGUI::Operation::Auth;
use Data::Dumper;
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
WebGUI::Test->originalConfig( "serviceSubnets" );
$session->config->delete('serviceSubnets');
my ( $response, $responseObj, $auth, $userAndy, $userRed );
#----------------------------------------------------------------------------
# Tests
plan tests => 56; # Increment this number for each test you create
#----------------------------------------------------------------------------
# www_ajaxCreateUser
# Permissions
# - user
$session->user({ userId => 1 });
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
# - serviceSubnets
$ENV{REMOTE_ADDR} = '2.2.2.2';
$session->config->set('serviceSubnets',['1.1.1.1/32']);
$session->user({ userId => 3 });
$session->request->setup_body({
as => "xml",
});
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/xml', "Correct mime type (as => xml)" );
cmp_deeply(
XML::Simple::XMLin( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
$session->request->setup_body({});
$session->config->delete('serviceSubnets');
# Invalid parameters
# - username missing
$session->request->setup_body({
as => "json",
'auth:WebGUI:identifier' => 'somethingorother',
firstName => "Andy",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (as => json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'username',
message => ignore(),
},
"Missing username gets correct error object",
);
# - username exists
$session->request->setup_body({
username => "Visitor",
firstName => 'Jake',
});
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'username',
message => ignore(),
},
"Existing username gets correct error object",
);
# Correct operation
# - with webgui password
$session->request->setup_body({
username => "ADufresne",
'auth:WebGUI:identifier' => 'Zihuatanejo',
'auth:WebGUI:changePassword'=> 1,
firstName => "Andy",
lastName => "Dufresne",
'auth:LDAP:connectDN' => 'u=andy;o=block-e;dc=shawshank;dc=me',
});
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json" );
$responseObj = JSON->new->decode( $response );
cmp_deeply(
$responseObj,
{
user => superhashof({
userId => re(qr/^.{22}$/),
username => 'ADufresne',
firstName => 'Andy',
lastName => 'Dufresne',
authMethod => 'WebGUI', # default auth method
}),
},
"Success response contains new users information",
);
$userAndy = WebGUI::User->new( $session, $responseObj->{user}->{userId} );
is( $userAndy->get("username"), "ADufresne", "User exists and username is correct" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'WebGUI', $userAndy->getId );
is( $auth->getParams->{identifier}, $auth->hashPassword('Zihuatanejo'), "Password is correct" );
is( $auth->getParams->{changePassword}, 1, "Auth param set correctly (WebGUI)" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'LDAP', $userAndy->getId );
is( $auth->getParams->{connectDN}, 'u=andy;o=block-e;dc=shawshank;dc=me', "Auth param set correctly (LDAP)" );
# - without webgui password
$session->request->setup_body({
username => "EBRedding",
'auth:WebGUI:changePassword'=> 1,
firstName => "Ellis",
lastName => "Redding",
'auth:LDAP:connectDN' => 'u=red;o=block-e;dc=shawshank;dc=me',
});
$response = WebGUI::Operation::User::www_ajaxCreateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json" );
$responseObj = JSON->new->decode( $response );
cmp_deeply(
$responseObj,
{
user => superhashof({
userId => re(qr/^.{22}$/),
username => 'EBRedding',
firstName => 'Ellis',
lastName => 'Redding',
authMethod => 'WebGUI', # default auth method
}),
},
"Success response contains new users information",
) or diag explain $responseObj;
$userRed = WebGUI::User->new( $session, $responseObj->{user}->{userId} );
is( $userRed->get("username"), "EBRedding", "User exists and username is correct" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'WebGUI', $userRed->getId );
is( $auth->getParams->{changePassword}, 1, "Auth param set correctly (WebGUI)" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'LDAP', $userRed->getId );
is( $auth->getParams->{connectDN}, 'u=red;o=block-e;dc=shawshank;dc=me', "Auth param set correctly (LDAP)" );
#----------------------------------------------------------------------------
# www_ajaxUpdateUser
# Permissions
# - user
$session->user({ userId => 1 });
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
# - serviceSubnets
$ENV{REMOTE_ADDR} = '2.2.2.2';
$session->config->set('serviceSubnets',['1.1.1.1/32']);
$session->user({ userId => 3 });
$session->request->setup_body({
as => "xml",
});
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/xml', "Correct mime type (as => xml)" );
cmp_deeply(
XML::Simple::XMLin( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
$session->request->setup_body({});
$session->config->delete('serviceSubnets');
# Invalid parameters
# - no userId parameter
$session->request->setup_body({
as => "json",
'auth:WebGUI:identifier' => 'somethingorother',
firstName => "Andy",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (as => json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Missing userId gets correct error object",
);
# - userId doesn't exist
$session->request->setup_body({
userId => "MORGANFREEMANREDHRNG",
'auth:WebGUI:identifier' => 'somethingorother',
firstName => "Andy",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Invalid userId gets correct error object",
);
# Correct operation
# - with webgui password
$session->request->setup_body({
userId => $userAndy->getId,
'auth:WebGUI:identifier' => 'RichardsHotelAndFishing',
'auth:WebGUI:changeUsername'=> 1,
firstName => "Richard",
lastName => "Stevens",
'auth:LDAP:connectDN' => 'u=rich;o=escapee;dc=shawshank;dc=me',
});
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json" );
$responseObj = JSON->new->decode( $response );
cmp_deeply(
$responseObj,
{
user => superhashof({
userId => $userAndy->getId,
username => 'ADufresne',
firstName => 'Richard',
lastName => 'Stevens',
authMethod => 'WebGUI', # default auth method
}),
},
"Success response contains new users information",
);
$userAndy = WebGUI::User->new( $session, $responseObj->{user}->{userId} );
is( $userAndy->get("username"), "ADufresne", "User exists and username is correct" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'WebGUI', $userAndy->getId );
is( $auth->getParams->{identifier}, $auth->hashPassword('RichardsHotelAndFishing'), "Password is correct" );
is( $auth->getParams->{changeUsername}, 1, "Auth param set correctly (WebGUI)" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'LDAP', $userAndy->getId );
is( $auth->getParams->{connectDN}, 'u=rich;o=escapee;dc=shawshank;dc=me', "Auth param set correctly (LDAP)" );
# - without webgui password
$session->request->setup_body({
userId => $userRed->userId,
'auth:WebGUI:changeUsername'=> 1,
firstName => "Red",
'auth:LDAP:connectDN' => 'u=red;o=parollee;dc=shawshank;dc=me',
});
$response = WebGUI::Operation::User::www_ajaxUpdateUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json" );
$responseObj = JSON->new->decode( $response );
cmp_deeply(
$responseObj,
{
user => superhashof({
userId => $userRed->userId,
username => 'EBRedding',
firstName => 'Red',
lastName => 'Redding',
authMethod => 'WebGUI', # default auth method
}),
},
"Success response contains new users information",
) or diag explain $responseObj;
$userRed = WebGUI::User->new( $session, $responseObj->{user}->{userId} );
is( $userRed->get("username"), "EBRedding", "User exists and username is correct" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'WebGUI', $userRed->getId );
is( $auth->getParams->{changeUsername}, 1, "Auth param set correctly (WebGUI)" );
$auth = WebGUI::Operation::Auth::getInstance( $session, 'LDAP', $userRed->getId );
is( $auth->getParams->{connectDN}, 'u=red;o=parollee;dc=shawshank;dc=me', "Auth param set correctly (LDAP)" );
#----------------------------------------------------------------------------
# www_ajaxDeleteUser
# Permissions
# - user
$session->user({ userId => 1 });
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
# - serviceSubnets
$ENV{REMOTE_ADDR} = '2.2.2.2';
$session->config->set('serviceSubnets',['1.1.1.1/32']);
$session->user({ userId => 3 });
$session->request->setup_body({
as => "xml",
});
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/xml', "Correct mime type (as => xml)" );
cmp_deeply(
XML::Simple::XMLin( $response ),
{
error => 'WebGUI::Error::Unauthorized',
message => ignore(),
},
"Unauthorized user gets correct error object",
);
$session->request->setup_body({});
$session->config->delete('serviceSubnets');
# Invalid parameters
# - no userId parameter
$session->request->setup_body({
as => "json",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (as => json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Missing userId gets correct error object",
);
# - userId doesn't exist
$session->request->setup_body({
userId => "MORGANFREEMANREDHRNG",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Invalid userId gets correct error object",
);
# - Cannot delete Visitor
$session->request->setup_body({
userId => "1",
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Cannot delete Visitor",
);
# - Cannot delete Admin
$session->request->setup_body({
userId => '3',
});
$session->user({ userId => 3 });
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', "Correct mime type (default: json)" );
cmp_deeply(
JSON->new->decode( $response ),
{
error => 'WebGUI::Error::InvalidParam',
param => 'userId',
message => ignore(),
},
"Cannot delete Admin",
);
# Correct operation
$session->request->setup_body({
userId => $userAndy->getId,
});
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', 'Correct mime type (default: json)' );
cmp_deeply(
JSON->new->decode( $response ),
{
message => ignore(),
},
"Success returns only message, no error",
);
ok( !WebGUI::User->validUserId( $session, $userAndy->getId ), "UserId no longer exists" );
$session->request->setup_body({
userId => $userRed->getId,
});
$response = WebGUI::Operation::User::www_ajaxDeleteUser( $session );
is( $session->http->getMimeType, 'application/json', 'Correct mime type (default: json)' );
cmp_deeply(
JSON->new->decode( $response ),
{
message => ignore(),
},
"Success returns only message, no error",
);
ok( !WebGUI::User->validUserId( $session, $userRed->getId ), "UserId no longer exists" );
#vim:ft=perl
Reference in a new issue View git blame Copy permalink