| 1 | #!/usr/bin/perl |
| 2 | use strict; |
| 3 | use warnings; |
| 4 | |
| 5 | use Test::More tests => 121; |
| 6 | BEGIN { $ENV{EMAIL_SENDER_TRANSPORT} = 'Test' } |
| 7 | BEGIN { use_ok('Plack::Middleware::Auth::Complex') }; |
| 8 | |
| 9 | use HTTP::Request::Common; |
| 10 | use MIME::Base64 qw/encode_base64/; |
| 11 | use Plack::Test; |
| 12 | |
| 13 | sub app { |
| 14 | my ($env) = shift; |
| 15 | [200, [], [$env->{REMOTE_USER} || 'Anon']] |
| 16 | } |
| 17 | |
| 18 | my $auth; |
| 19 | |
| 20 | sub set_auth { |
| 21 | my ($user, $pass) = @_; |
| 22 | $auth = 'Basic ' . encode_base64 "$user:$pass" |
| 23 | } |
| 24 | |
| 25 | sub is_http { |
| 26 | my ($resp, $code, $body, $name) = @_; |
| 27 | is $resp->code, $code, "$name - code"; |
| 28 | is $resp->content, $body, "$name - body"; |
| 29 | } |
| 30 | |
| 31 | my $has_scrypt = !!eval 'use Authen::Passphrase::Scrypt; 1'; |
| 32 | note "Failed to load Authen::Passphrase::Scrypt: $@" unless $has_scrypt; |
| 33 | |
| 34 | my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)'; |
| 35 | |
| 36 | for my $use_scrypt (qw/0 1/) { |
| 37 | if ($use_scrypt && !$has_scrypt) { |
| 38 | SKIP: { |
| 39 | skip 'Authen::Passphrase::Scrypt not installed', 60 |
| 40 | } |
| 41 | next |
| 42 | } |
| 43 | |
| 44 | my $ac = Plack::Middleware::Auth::Complex->new({ |
| 45 | dbi_connect => ['dbi:SQLite:dbname=:memory:'], |
| 46 | post_connect_cb => sub { shift->{dbh}->do($create_table) }, |
| 47 | register_url => '/register', |
| 48 | passwd_url => '/passwd', |
| 49 | request_reset_url => '/request-reset', |
| 50 | reset_url => '/reset', |
| 51 | cache_max_age => 0, |
| 52 | use_scrypt => $use_scrypt, |
| 53 | }); |
| 54 | |
| 55 | my $app = $ac->wrap(\&app); |
| 56 | my @register_args = (username => 'user', password => 'password', confirm_password => 'password', email => 'user@example.org'); |
| 57 | my @passwd_args = (password => 'password', new_password => 'newpassword', confirm_new_password => 'newpassword'); |
| 58 | my @reset_args = (username => 'user', new_password => 'password', confirm_new_password => 'password', token => '???:???'); |
| 59 | |
| 60 | test_psgi $app, sub { |
| 61 | my ($cb) = @_; |
| 62 | is_http $cb->(GET '/'), 200, 'Anon', 'GET /'; |
| 63 | is_http $cb->(POST '/'), 200, 'Anon', 'POST /'; |
| 64 | is_http $cb->(GET '/register'), 200, 'Anon', 'GET /register'; |
| 65 | set_auth 'user', 'password'; |
| 66 | is_http $cb->(GET '/', Authorization => 'Hello'), 200, 'Anon', 'GET / with invalid Authorization'; |
| 67 | is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass'; |
| 68 | is_http $cb->(POST '/register'), 400, 'Missing parameter username', 'POST /register with no parameters'; |
| 69 | is_http $cb->(POST '/register', [@register_args, username => '???'] ), 400, 'Invalid username', 'POST /register with bad username'; |
| 70 | is_http $cb->(POST '/register', [@register_args, password => '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords'; |
| 71 | is_http $cb->(POST '/register', \@register_args), 200, 'Registered successfully', 'POST /register with correct parameters', |
| 72 | is_http $cb->(POST '/register', \@register_args), 400, 'Username already in use', 'POST /register with existing user', |
| 73 | is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass'; |
| 74 | |
| 75 | is_http $cb->(POST '/passwd'), 401, 'Authorization required', 'POST /passwd without authorization'; |
| 76 | is_http $cb->(POST '/passwd', Authorization => $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters'; |
| 77 | is_http $cb->(POST '/passwd', [@passwd_args, password => '???'], Authorization => $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password'; |
| 78 | is_http $cb->(POST '/passwd', [@passwd_args, new_password => '???'], Authorization => $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords'; |
| 79 | is_http $cb->(POST '/passwd', \@passwd_args, Authorization => $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters'; |
| 80 | is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass'; |
| 81 | set_auth 'user', 'newpassword'; |
| 82 | is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass'; |
| 83 | |
| 84 | is_http $cb->(POST '/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled'; |
| 85 | $ac->{mail_from} = 'nobody <nobody@example.org>'; |
| 86 | is_http $cb->(POST '/request-reset'), 400, 'No such user', 'POST /request-reset with no username'; |
| 87 | is_http $cb->(POST '/request-reset', [username => '???']), 400, 'No such user', 'POST /request-reset with inexistent username'; |
| 88 | is_http $cb->(POST '/request-reset', [username => 'user']), 200, 'Email sent', 'POST /request-reset with correct user'; |
| 89 | |
| 90 | my ($mail) = Email::Sender::Simple->default_transport->deliveries; |
| 91 | Email::Sender::Simple->default_transport->clear_deliveries; |
| 92 | my ($token) = $mail->{email}->get_body =~ /token: (.*)$/m; |
| 93 | chomp $token; # Remove final \n |
| 94 | chop $token; # Remove final \r |
| 95 | note "Reset token is $token"; |
| 96 | |
| 97 | is_http $cb->(POST '/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters'; |
| 98 | is_http $cb->(POST '/reset', [@reset_args, username => '???']), 400, 'No such user', 'POST /reset with inexistent username'; |
| 99 | is_http $cb->(POST '/reset', [@reset_args, new_password => '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords'; |
| 100 | is_http $cb->(POST '/reset', \@reset_args), 400, 'Bad reset token', 'POST /reset with bad token'; |
| 101 | is_http $cb->(POST '/reset', [@reset_args, token => $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token'; |
| 102 | is_http $cb->(POST '/reset', [@reset_args, token => $token]), 200, 'Password reset successfully', 'POST /reset with correct token'; |
| 103 | is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass'; |
| 104 | set_auth 'user', 'password'; |
| 105 | is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass'; |
| 106 | } |
| 107 | } |