5 use Test
::More tests
=> 121;
6 BEGIN { $ENV{EMAIL_SENDER_TRANSPORT
} = 'Test' }
7 BEGIN { use_ok
('Plack::Middleware::Auth::Complex') };
9 use HTTP
::Request
::Common
;
10 use MIME
::Base64 qw
/encode_base64/;
15 [200, [], [$env->{REMOTE_USER
} || 'Anon']]
21 my ($user, $pass) = @_;
22 $auth = 'Basic ' . encode_base64
"$user:$pass"
26 my ($resp, $code, $body, $name) = @_;
27 is
$resp->code, $code, "$name - code";
28 is
$resp->content, $body, "$name - body";
31 my $has_scrypt = !!eval 'use Authen::Passphrase::Scrypt; 1';
32 note
"Failed to load Authen::Passphrase::Scrypt: $@" unless $has_scrypt;
34 my $create_table = 'CREATE TABLE users (id TEXT PRIMARY KEY, passphrase TEXT, email TEXT)';
36 for my $use_scrypt (qw
/0 1/) {
37 if ($use_scrypt && !$has_scrypt) {
39 skip
'Authen::Passphrase::Scrypt not installed', 60
44 my $ac = Plack
::Middleware
::Auth
::Complex
->new({
45 dbi_connect
=> ['dbi:SQLite:dbname=:memory:'],
46 post_connect_cb
=> sub { shift->{dbh
}->do($create_table) },
47 register_url
=> '/register',
48 passwd_url
=> '/passwd',
49 request_reset_url
=> '/request-reset',
50 reset_url
=> '/reset',
52 use_scrypt
=> $use_scrypt,
55 my $app = $ac->wrap(\
&app
);
56 my @register_args = (username
=> 'user', password
=> 'password', confirm_password
=> 'password', email
=> 'user@example.org');
57 my @passwd_args = (password
=> 'password', new_password
=> 'newpassword', confirm_new_password
=> 'newpassword');
58 my @reset_args = (username
=> 'user', new_password
=> 'password', confirm_new_password
=> 'password', token
=> '???:???');
62 is_http
$cb->(GET
'/'), 200, 'Anon', 'GET /';
63 is_http
$cb->(POST
'/'), 200, 'Anon', 'POST /';
64 is_http
$cb->(GET
'/register'), 200, 'Anon', 'GET /register';
65 set_auth
'user', 'password';
66 is_http
$cb->(GET
'/', Authorization
=> 'Hello'), 200, 'Anon', 'GET / with invalid Authorization';
67 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
68 is_http
$cb->(POST
'/register'), 400, 'Missing parameter username', 'POST /register with no parameters';
69 is_http
$cb->(POST
'/register', [@register_args, username
=> '???'] ), 400, 'Invalid username', 'POST /register with bad username';
70 is_http
$cb->(POST
'/register', [@register_args, password
=> '???'] ), 400, 'The two passwords do not match', 'POST /register with different passwords';
71 is_http
$cb->(POST
'/register', \
@register_args), 200, 'Registered successfully', 'POST /register with correct parameters',
72 is_http
$cb->(POST
'/register', \
@register_args), 400, 'Username already in use', 'POST /register with existing user',
73 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
75 is_http
$cb->(POST
'/passwd'), 401, 'Authorization required', 'POST /passwd without authorization';
76 is_http
$cb->(POST
'/passwd', Authorization
=> $auth), 400, 'Missing parameter password', 'POST /passwd with no parameters';
77 is_http
$cb->(POST
'/passwd', [@passwd_args, password
=> '???'], Authorization
=> $auth), 400, 'Incorrect password', 'POST /passwd with incorrect old password';
78 is_http
$cb->(POST
'/passwd', [@passwd_args, new_password
=> '???'], Authorization
=> $auth), 400, 'The two passwords do not match', 'POST /passwd with different new passwords';
79 is_http
$cb->(POST
'/passwd', \
@passwd_args, Authorization
=> $auth), 200, 'Password changed successfully', 'POST /passwd with correct parameters';
80 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
81 set_auth
'user', 'newpassword';
82 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
84 is_http
$cb->(POST
'/request-reset'), 500, 'Password resets are disabled', 'POST /request-reset with password resets disabled';
85 $ac->{mail_from
} = 'nobody <nobody@example.org>';
86 is_http
$cb->(POST
'/request-reset'), 400, 'No such user', 'POST /request-reset with no username';
87 is_http
$cb->(POST
'/request-reset', [username
=> '???']), 400, 'No such user', 'POST /request-reset with inexistent username';
88 is_http
$cb->(POST
'/request-reset', [username
=> 'user']), 200, 'Email sent', 'POST /request-reset with correct user';
90 my ($mail) = Email
::Sender
::Simple
->default_transport->deliveries;
91 Email
::Sender
::Simple
->default_transport->clear_deliveries;
92 my ($token) = $mail->{email
}->get_body =~ /token: (.*)$/m;
93 chomp $token; # Remove final \n
94 chop $token; # Remove final \r
95 note
"Reset token is $token";
97 is_http
$cb->(POST
'/reset'), 400, 'Missing parameter username', 'POST /reset with no parameters';
98 is_http
$cb->(POST
'/reset', [@reset_args, username
=> '???']), 400, 'No such user', 'POST /reset with inexistent username';
99 is_http
$cb->(POST
'/reset', [@reset_args, new_password
=> '???']), 400, 'The two passwords do not match', 'POST /reset with different passwords';
100 is_http
$cb->(POST
'/reset', \
@reset_args), 400, 'Bad reset token', 'POST /reset with bad token';
101 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $ac->make_reset_hmac('user', 0) . ':0']), 400, 'Reset token has expired', 'POST /reset with expired token';
102 is_http
$cb->(POST
'/reset', [@reset_args, token
=> $token]), 200, 'Password reset successfully', 'POST /reset with correct token';
103 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'Anon', 'GET / with bad user/pass';
104 set_auth
'user', 'password';
105 is_http
$cb->(GET
'/', Authorization
=> $auth), 200, 'user', 'GET / with correct user/pass';
This page took 0.037042 seconds and 5 git commands to generate.