5 use Test
::More tests
=> 61;
6 BEGIN { $ENV{EMAIL_SENDER_TRANSPORT
} = 'Test' }
7 BEGIN { use_ok
('Plack::Middleware::Auth::Complex') };
9 use HTTP
::Request
::Common
;
10 use MIME
::Base64 qw
/encode_base64/;
15 [200, [], [$env->{REMOTE_USER
} || 'Anon']]
21 my ($user, $pass) = @_;
22 $auth = 'Basic ' . encode_base64
"$user:$pass"
26 my ($resp, $code, $body, $name) = @_;
27 is
$resp->code, $code, "$name - code";
28 is
$resp->content, $body, "$name - body";
31 my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
32 my $ac = Plack
::Middleware
::Auth
::Complex
->new({
33 dbi_connect
=> ['dbi:SQLite:dbname=:memory:'],
34 post_connect_cb
=> sub { shift->{dbh
}->do($create_table) },
35 register_url
=> '/register',
36 passwd_url
=> '/passwd',
37 request_reset_url
=> '/request-reset',
38 reset_url
=> '/reset',
42 my $app = $ac->wrap(\
&app
);
43 my @register_args = (username
=> 'user', password
=> 'password', confirm_password
=> 'password', email
=> 'user@example.org');
44 my @passwd_args = (password
=> 'password', new_password
=> 'newpassword', confirm_new_password
=> 'newpassword');
45 my @reset_args = (username
=> 'user', new_password
=> 'password', confirm_new_password
=> 'password', token
=> '???:???');
49 is_http
$cb->(GET
'/'), 200, 'Anon', 'GET /';
50 is_http
$cb->(POST
'/'), 200, 'Anon', 'POST /';
51 is_http
$cb->(GET
'/register'), 200, 'Anon', 'GET /register';
52 set_auth
'user', 'password';
53 is_http
$cb->(GET
'/', Authorization
=> 'Hello'), 200, 'Anon', 'GET / with invalid Authorization';
54 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
55 is_http
$cb->(POST
'/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
56 is_http
$cb->(POST
'/register', [@register_args, username
=> '???'] ), 400, 'Username must match (?^a:^\w{2,20}$)', 'POST /register with bad username';
57 is_http
$cb->(POST
'/register', [@register_args, password
=> '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
58 is_http
$cb->(POST
'/register', \
@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
59 is_http
$cb->(POST
'/register', \
@register_args), 400, 'Username already in use', 'POST /register with existing user',
60 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
62 is_http
$cb->(POST
'/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
63 is_http
$cb->(POST
'/passwd', Authorization
=> $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
64 is_http
$cb->(POST
'/passwd', [@passwd_args, password
=> '???'], Authorization
=> $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
65 is_http
$cb->(POST
'/passwd', [@passwd_args, new_password
=> '???'], Authorization
=> $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
66 is_http
$cb->(POST
'/passwd', \
@passwd_args, Authorization
=> $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
67 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
68 set_auth
'user', 'newpassword';
69 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
71 is_http
$cb->(POST
'/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
72 $ac->{mail_from
} = 'nobody <nobody@example.org>';
73 is_http
$cb->(POST
'/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
74 is_http
$cb->(POST
'/request-reset', [username
=> '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
75 is_http
$cb->(POST
'/request-reset', [username
=> 'user']), 200, 'Email sent', 'POST /request-reset with correct user';
77 my ($mail) = Email
::Sender
::Simple
->default_transport->deliveries;
78 my ($token) = $mail->{email
}->get_body =~ /token: (.*)$/m;
79 chomp $token; # Remove final \n
80 chop $token; # Remove final \r
82 is_http
$cb->(POST
'/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
83 is_http
$cb->(POST
'/reset', [@reset_args, username
=> '???']), 400, 'No such user', 'POST /reset with inexistent username';
84 is_http
$cb->(POST
'/reset', [@reset_args, new_password
=> '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
85 is_http
$cb->(POST
'/reset', \
@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
86 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
87 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
88 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
89 set_auth
'user', 'password';
90 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
This page took 0.036436 seconds and 5 git commands to generate.