[plack-middleware-auth-complex.git] / t / Plack-Middleware-Auth-Complex.t

#!/usr/bin/perl
use strict;
use warnings;

use Test::More tests => 121;
BEGIN { $ENV{EMAIL_SENDER_TRANSPORT} = 'Test' }
BEGIN { use_ok('Plack::Middleware::Auth::Complex') };

use HTTP::Request::Common;
use MIME::Base64 qw/encode_base64/;
use Plack::Test;

sub app {
	my ($env) = shift;
	[200, [], [$env->{REMOTE_USER} || 'Anon']]
}

my $auth;

sub set_auth {
	my ($user, $pass) = @_;
	$auth = 'Basic ' . encode_base64 "$user:$pass"
}

sub is_http {
	my ($resp, $code, $body, $name) = @_;
	is $resp->code, $code, "$name - code";
	is $resp->content, $body, "$name - body";
}

my $has_scrypt = !!eval 'use Authen::Passphrase::Scrypt; 1';
note "Failed to load Authen::Passphrase::Scrypt: $@" unless $has_scrypt;

my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';

for my $use_scrypt (qw/0 1/) {
	if ($use_scrypt && !$has_scrypt) {
	  SKIP: {
			skip 'Authen::Passphrase::Scrypt not installed', 61
		}
		return
	}

	my $ac = Plack::Middleware::Auth::Complex->new({
		dbi_connect       => ['dbi:SQLite:dbname=:memory:'],
		post_connect_cb   => sub { shift->{dbh}->do($create_table) },
		register_url      => '/register',
		passwd_url        => '/passwd',
		request_reset_url => '/request-reset',
		reset_url         => '/reset',
		cache_max_age     => 0,
		use_scrypt        => $use_scrypt,
	});

	my $app = $ac->wrap(\&app);
	my @register_args = (username => 'user', password => 'password', confirm_password => 'password', email => 'user@example.org');
	my @passwd_args = (password => 'password', new_password => 'newpassword', confirm_new_password => 'newpassword');
	my @reset_args = (username => 'user', new_password => 'password', confirm_new_password => 'password', token => '???:???');

	test_psgi $app, sub {
		my ($cb) = @_;
		is_http $cb->(GET '/'), 200, 'Anon', 'GET /';
		is_http $cb->(POST '/'), 200, 'Anon', 'POST /';
		is_http $cb->(GET '/register'), 200, 'Anon', 'GET /register';
		set_auth 'user', 'password';
		is_http $cb->(GET '/', Authorization => 'Hello'), 200, 'Anon', 'GET / with invalid Authorization';
		is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
		is_http $cb->(POST '/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
		is_http $cb->(POST '/register', [@register_args, username => '???'] ), 400, 'Invalid username', 'POST /register with bad username';
		is_http $cb->(POST '/register', [@register_args, password => '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
		is_http $cb->(POST '/register', \@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
		  is_http $cb->(POST '/register', \@register_args), 400, 'Username already in use', 'POST /register with existing user',
		  is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';

		is_http $cb->(POST '/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
		is_http $cb->(POST '/passwd', Authorization => $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
		is_http $cb->(POST '/passwd', [@passwd_args, password => '???'], Authorization => $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
		is_http $cb->(POST '/passwd', [@passwd_args, new_password => '???'], Authorization => $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
		is_http $cb->(POST '/passwd', \@passwd_args, Authorization => $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
		is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
		set_auth 'user', 'newpassword';
		is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';

		is_http $cb->(POST '/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
		$ac->{mail_from} = 'nobody <nobody@example.org>';
		is_http $cb->(POST '/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
		is_http $cb->(POST '/request-reset', [username => '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
		is_http $cb->(POST '/request-reset', [username => 'user']), 200, 'Email sent', 'POST /request-reset with correct user';

		my ($mail) = Email::Sender::Simple->default_transport->deliveries;
		Email::Sender::Simple->default_transport->clear_deliveries;
		my ($token) = $mail->{email}->get_body =~ /token: (.*)$/m;
		chomp $token;			# Remove final \n
		chop $token;			# Remove final \r
		note "Reset token is $token";

		is_http $cb->(POST '/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
		is_http $cb->(POST '/reset', [@reset_args, username => '???']), 400, 'No such user', 'POST /reset with inexistent username';
		is_http $cb->(POST '/reset', [@reset_args, new_password => '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
		is_http $cb->(POST '/reset', \@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
		is_http $cb->(POST '/reset', [@reset_args, token => $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
		is_http $cb->(POST '/reset', [@reset_args, token => $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
		is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
		set_auth 'user', 'password';
		is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
	}
}
Commit	Line	Data
12aa0bc6 MG	1	#!/usr/bin/perl
	2	use strict;
	3	use warnings;
	4
58b36d0a	5	use Test::More tests => 121;
12aa0bc6 MG	6	BEGIN { $ENV{EMAIL_SENDER_TRANSPORT} = 'Test' }
	7	BEGIN { use_ok('Plack::Middleware::Auth::Complex') };
	8
	9	use HTTP::Request::Common;
	10	use MIME::Base64 qw/encode_base64/;
	11	use Plack::Test;
	12
	13	sub app {
	14	my ($env) = shift;
	15	[200, [], [$env->{REMOTE_USER} \|\| 'Anon']]
	16	}
	17
	18	my $auth;
	19
	20	sub set_auth {
	21	my ($user, $pass) = @_;
	22	$auth = 'Basic ' . encode_base64 "$user:$pass"
	23	}
	24
	25	sub is_http {
	26	my ($resp, $code, $body, $name) = @_;
	27	is $resp->code, $code, "$name - code";
	28	is $resp->content, $body, "$name - body";
	29	}
	30
58b36d0a MG	31	my $has_scrypt = !!eval 'use Authen::Passphrase::Scrypt; 1';
	32	note "Failed to load Authen::Passphrase::Scrypt: $@" unless $has_scrypt;
	33
12aa0bc6	34	my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
58b36d0a MG	35
	36	for my $use_scrypt (qw/0 1/) {
	37	if ($use_scrypt && !$has_scrypt) {
	38	SKIP: {
	39	skip 'Authen::Passphrase::Scrypt not installed', 61
	40	}
	41	return
	42	}
	43
	44	my $ac = Plack::Middleware::Auth::Complex->new({
	45	dbi_connect => ['dbi:SQLite:dbname=:memory:'],
	46	post_connect_cb => sub { shift->{dbh}->do($create_table) },
	47	register_url => '/register',
	48	passwd_url => '/passwd',
	49	request_reset_url => '/request-reset',
	50	reset_url => '/reset',
	51	cache_max_age => 0,
	52	use_scrypt => $use_scrypt,
	53	});
	54
	55	my $app = $ac->wrap(\&app);
	56	my @register_args = (username => 'user', password => 'password', confirm_password => 'password', email => 'user@example.org');
	57	my @passwd_args = (password => 'password', new_password => 'newpassword', confirm_new_password => 'newpassword');
	58	my @reset_args = (username => 'user', new_password => 'password', confirm_new_password => 'password', token => '???:???');
	59
	60	test_psgi $app, sub {
	61	my ($cb) = @_;
	62	is_http $cb->(GET '/'), 200, 'Anon', 'GET /';
	63	is_http $cb->(POST '/'), 200, 'Anon', 'POST /';
	64	is_http $cb->(GET '/register'), 200, 'Anon', 'GET /register';
	65	set_auth 'user', 'password';
	66	is_http $cb->(GET '/', Authorization => 'Hello'), 200, 'Anon', 'GET / with invalid Authorization';
	67	is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
	68	is_http $cb->(POST '/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
	69	is_http $cb->(POST '/register', [@register_args, username => '???'] ), 400, 'Invalid username', 'POST /register with bad username';
	70	is_http $cb->(POST '/register', [@register_args, password => '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
	71	is_http $cb->(POST '/register', \@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
	72	is_http $cb->(POST '/register', \@register_args), 400, 'Username already in use', 'POST /register with existing user',
	73	is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
	74
	75	is_http $cb->(POST '/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
	76	is_http $cb->(POST '/passwd', Authorization => $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
	77	is_http $cb->(POST '/passwd', [@passwd_args, password => '???'], Authorization => $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
	78	is_http $cb->(POST '/passwd', [@passwd_args, new_password => '???'], Authorization => $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
	79	is_http $cb->(POST '/passwd', \@passwd_args, Authorization => $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
	80	is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
	81	set_auth 'user', 'newpassword';
	82	is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
	83
	84	is_http $cb->(POST '/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
	85	$ac->{mail_from} = 'nobody <nobody@example.org>';
	86	is_http $cb->(POST '/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
	87	is_http $cb->(POST '/request-reset', [username => '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
	88	is_http $cb->(POST '/request-reset', [username => 'user']), 200, 'Email sent', 'POST /request-reset with correct user';
	89
	90	my ($mail) = Email::Sender::Simple->default_transport->deliveries;
	91	Email::Sender::Simple->default_transport->clear_deliveries;
	92	my ($token) = $mail->{email}->get_body =~ /token: (.*)$/m;
	93	chomp $token; # Remove final \n
	94	chop $token; # Remove final \r
	95	note "Reset token is $token";
	96
	97	is_http $cb->(POST '/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
	98	is_http $cb->(POST '/reset', [@reset_args, username => '???']), 400, 'No such user', 'POST /reset with inexistent username';
99	is_http $cb->(POST '/reset', [@reset_args, new_password => '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
100	is_http $cb->(POST '/reset', \@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
101	is_http $cb->(POST '/reset', [@reset_args, token => $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
102	is_http $cb->(POST '/reset', [@reset_args, token => $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
103	is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
104	set_auth 'user', 'password';
105	is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
106	}
12aa0bc6	107	}