t/Plack-Middleware-Auth-Complex.t

   1 #!/usr/bin/perl
   2 use strict;
   3 use warnings;
   4
   5 use Test::More tests => 59;
   6 BEGIN { $ENV{EMAIL_SENDER_TRANSPORT} = 'Test' }
   7 BEGIN { use_ok('Plack::Middleware::Auth::Complex') };
   8
   9 use HTTP::Request::Common;
  10 use MIME::Base64 qw/encode_base64/;
  11 use Plack::Test;
  12
  13 sub app {
  14         my ($env) = shift;
  15         [200, [], [$env->{REMOTE_USER} || 'Anon']]
  16 }
  17
  18 my $auth;
  19
  20 sub set_auth {
  21         my ($user, $pass) = @_;
  22         $auth = 'Basic ' . encode_base64 "$user:$pass"
  23 }
  24
  25 sub is_http {
  26         my ($resp, $code, $body, $name) = @_;
  27         is $resp->code, $code, "$name - code";
  28         is $resp->content, $body, "$name - body";
  29 }
  30
  31 my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
  32 my $ac = Plack::Middleware::Auth::Complex->new({
  33         dbi_connect     => ['dbi:SQLite:dbname=:memory:'],
  34         post_connect_cb => sub { shift->{dbh}->do($create_table) },
  35 });
  36
  37 my $app = $ac->wrap(\&app);
  38 my @register_args = (username => 'user', password => 'password', confirm_password => 'password', email => 'user@example.org');
  39 my @passwd_args = (password => 'password', new_password => 'newpassword', confirm_new_password => 'newpassword');
  40 my @reset_args = (username => 'user', new_password => 'password', confirm_new_password => 'password', token => '???:???');
  41
  42 test_psgi $app, sub {
  43         my ($cb) = @_;
  44         is_http $cb->(GET '/'), 200, 'Anon', 'GET /';
  45         is_http $cb->(POST '/'), 200, 'Anon', 'POST /';
  46         is_http $cb->(GET '/register'), 200, 'Anon', 'GET /register';
  47         set_auth 'user', 'password';
  48         is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
  49         is_http $cb->(POST '/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
  50         is_http $cb->(POST '/register', [@register_args, username => '???'] ), 400, 'Username must match (?^a:^\w{2,20}$)', 'POST /register with bad username';
  51         is_http $cb->(POST '/register', [@register_args, password => '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
  52         is_http $cb->(POST '/register', \@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
  53         is_http $cb->(POST '/register', \@register_args), 400, 'Username already in use', 'POST /register with existing user',
  54         is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
  55
  56         is_http $cb->(POST '/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
  57         is_http $cb->(POST '/passwd', Authorization => $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
  58         is_http $cb->(POST '/passwd', [@passwd_args, password => '???'], Authorization => $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
  59         is_http $cb->(POST '/passwd', [@passwd_args, new_password => '???'], Authorization => $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
  60         is_http $cb->(POST '/passwd', \@passwd_args, Authorization => $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
  61         is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
  62         set_auth 'user', 'newpassword';
  63         is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
  64
  65         is_http $cb->(POST '/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
  66         $ac->{mail_from} = 'nobody <nobody@example.org>';
  67         is_http $cb->(POST '/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
  68         is_http $cb->(POST '/request-reset', [username => '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
  69         is_http $cb->(POST '/request-reset', [username => 'user']), 200, 'Email sent', 'POST /request-reset with correct user';
  70
  71         my ($mail) = Email::Sender::Simple->default_transport->deliveries;
  72         my ($token) = $mail->{email}->get_body =~ /token: (.*)$/m;
  73         chomp $token; # Remove final \n
  74         chop $token;  # Remove final \r
  75
  76         is_http $cb->(POST '/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
  77         is_http $cb->(POST '/reset', [@reset_args, username => '???']), 400, 'No such user', 'POST /reset with inexistent username';
  78         is_http $cb->(POST '/reset', [@reset_args, new_password => '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
  79         is_http $cb->(POST '/reset', \@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
  80         is_http $cb->(POST '/reset', [@reset_args, token => $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
  81         is_http $cb->(POST '/reset', [@reset_args, token => $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
  82         is_http $cb->(GET '/', Authorization => $auth), 200, 'Anon', 'GET / with bad user/pass';
  83         set_auth 'user', 'password';
  84         is_http $cb->(GET '/', Authorization => $auth), 200, 'user', 'GET / with correct user/pass';
  85 }