5 use Test
::More tests
=> 59;
6 BEGIN { $ENV{EMAIL_SENDER_TRANSPORT
} = 'Test' }
7 BEGIN { use_ok
('Plack::Middleware::Auth::Complex') };
9 use HTTP
::Request
::Common
;
10 use MIME
::Base64 qw
/encode_base64/;
15 [200, [], [$env->{REMOTE_USER
} || 'Anon']]
21 my ($user, $pass) = @_;
22 $auth = 'Basic ' . encode_base64
"$user:$pass"
26 my ($resp, $code, $body, $name) = @_;
27 is
$resp->code, $code, "$name - code";
28 is
$resp->content, $body, "$name - body";
31 my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
32 my $ac = Plack
::Middleware
::Auth
::Complex
->new({
33 dbi_connect
=> ['dbi:SQLite:dbname=:memory:'],
34 post_connect_cb
=> sub { shift->{dbh
}->do($create_table) },
37 my $app = $ac->wrap(\
&app
);
38 my @register_args = (username
=> 'user', password
=> 'password', confirm_password
=> 'password', email
=> 'user@example.org');
39 my @passwd_args = (password
=> 'password', new_password
=> 'newpassword', confirm_new_password
=> 'newpassword');
40 my @reset_args = (username
=> 'user', new_password
=> 'password', confirm_new_password
=> 'password', token
=> '???:???');
44 is_http
$cb->(GET
'/'), 200, 'Anon', 'GET /';
45 is_http
$cb->(POST
'/'), 200, 'Anon', 'POST /';
46 is_http
$cb->(GET
'/register'), 200, 'Anon', 'GET /register';
47 set_auth
'user', 'password';
48 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
49 is_http
$cb->(POST
'/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
50 is_http
$cb->(POST
'/register', [@register_args, username
=> '???'] ), 400, 'Username must match (?^a:^\w{2,20}$)', 'POST /register with bad username';
51 is_http
$cb->(POST
'/register', [@register_args, password
=> '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
52 is_http
$cb->(POST
'/register', \
@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
53 is_http
$cb->(POST
'/register', \
@register_args), 400, 'Username already in use', 'POST /register with existing user',
54 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
56 is_http
$cb->(POST
'/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
57 is_http
$cb->(POST
'/passwd', Authorization
=> $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
58 is_http
$cb->(POST
'/passwd', [@passwd_args, password
=> '???'], Authorization
=> $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
59 is_http
$cb->(POST
'/passwd', [@passwd_args, new_password
=> '???'], Authorization
=> $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
60 is_http
$cb->(POST
'/passwd', \
@passwd_args, Authorization
=> $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
61 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
62 set_auth
'user', 'newpassword';
63 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
65 is_http
$cb->(POST
'/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
66 $ac->{mail_from
} = 'nobody <nobody@example.org>';
67 is_http
$cb->(POST
'/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
68 is_http
$cb->(POST
'/request-reset', [username
=> '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
69 is_http
$cb->(POST
'/request-reset', [username
=> 'user']), 200, 'Email sent', 'POST /request-reset with correct user';
71 my ($mail) = Email
::Sender
::Simple
->default_transport->deliveries;
72 my ($token) = $mail->{email
}->get_body =~ /token: (.*)$/m;
73 chomp $token; # Remove final \n
74 chop $token; # Remove final \r
76 is_http
$cb->(POST
'/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
77 is_http
$cb->(POST
'/reset', [@reset_args, username
=> '???']), 400, 'No such user', 'POST /reset with inexistent username';
78 is_http
$cb->(POST
'/reset', [@reset_args, new_password
=> '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
79 is_http
$cb->(POST
'/reset', \
@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
80 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
81 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
82 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
83 set_auth
'user', 'password';
84 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
This page took 0.035787 seconds and 4 git commands to generate.