3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test
::More tests
=> 2;
25 use t
::lib
::TestBuilder
;
30 my $schema = Koha
::Database
->new->schema;
31 my $builder = t
::lib
::TestBuilder
->new;
33 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
34 # this affects the other REST api tests
35 t
::lib
::Mocks
::mock_preference
( 'SessionStorage', 'tmp' );
37 my $remote_address = '127.0.0.1';
38 my $t = Test
::Mojo
->new('Koha::REST::V1');
40 subtest
'set() (authorized user tests)' => sub {
44 $schema->storage->txn_begin;
46 my ( $patron, $session ) = create_user_and_session
({ authorized
=> 1 });
48 t
::lib
::Mocks
::mock_preference
( 'minPasswordLength', 3 );
49 t
::lib
::Mocks
::mock_preference
( 'RequireStrongPassword', 0 );
51 my $new_password = 'abc';
54 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
56 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
58 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
59 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
60 $t->request_ok($tx)->status_is(200)->json_is( '' );
63 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
65 . "/password" => json
=> { password
=> $new_password, password_2
=> 'cde' } );
67 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
68 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
69 $t->request_ok($tx)->status_is(400)->json_is({ error
=> 'Passwords don\'t match' });
71 t
::lib
::Mocks
::mock_preference
( 'minPasswordLength', 5 );
73 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
75 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
77 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
78 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
79 $t->request_ok($tx)->status_is(400)->json_is({ error
=> 'Password length (3) is shorter than required (5)' });
81 $new_password = 'abc ';
83 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
85 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
87 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
88 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
89 $t->request_ok($tx)->status_is(400)->json_is({ error
=> '[Password contains leading/trailing whitespace character(s)]' });
91 $new_password = 'abcdefg';
93 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
95 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
97 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
98 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
99 $t->request_ok($tx)->status_is(200)->json_is('');
101 t
::lib
::Mocks
::mock_preference
( 'RequireStrongPassword', 1);
103 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
105 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
107 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
108 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
109 $t->request_ok($tx)->status_is(400)->json_is({ error
=> '[Password is too weak]' });
111 $new_password = 'ABcde123%&';
113 = $t->ua->build_tx( POST
=> "/api/v1/patrons/"
115 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password } );
117 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
118 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
119 $t->request_ok($tx)->status_is(200)->json_is('');
121 $schema->storage->txn_rollback;
124 subtest
'set_public() (unprivileged user tests)' => sub {
128 $schema->storage->txn_begin;
130 my ( $patron, $session ) = create_user_and_session
({ authorized
=> 0 });
131 my $other_patron = $builder->build_object({ class => 'Koha::Patrons' });
133 # Enable the public API
134 t
::lib
::Mocks
::mock_preference
( 'RESTPublicAPI', 1 );
136 t
::lib
::Mocks
::mock_preference
( 'OpacPasswordChange', 0 );
137 t
::lib
::Mocks
::mock_preference
( 'minPasswordLength', 3 );
138 t
::lib
::Mocks
::mock_preference
( 'RequireStrongPassword', 0 );
140 my $new_password = 'abc';
143 = $t->ua->build_tx( POST
=> "/api/v1/public/patrons/"
145 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password, old_password
=> 'blah' } );
147 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
148 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
152 error
=> 'Configuration prevents password changes by unprivileged users'
155 t
::lib
::Mocks
::mock_preference
( 'OpacPasswordChange', 1 );
157 my $password = 'holapassword';
158 $patron->set_password( $password );
160 = $t->ua->build_tx( POST
=> "/api/v1/public/patrons/"
162 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password, old_password
=> $password } );
164 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
165 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
169 error
=> "Changing other patron's password is forbidden"
173 = $t->ua->build_tx( POST
=> "/api/v1/public/patrons/"
175 . "/password" => json
=> { password
=> $new_password, password_2
=> 'wrong_password', old_password
=> $password } );
177 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
178 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
182 error
=> "Passwords don't match"
186 = $t->ua->build_tx( POST
=> "/api/v1/public/patrons/"
188 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password, old_password
=> 'badpassword' } );
190 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
191 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
195 error
=> "Invalid password"
199 = $t->ua->build_tx( POST
=> "/api/v1/public/patrons/"
201 . "/password" => json
=> { password
=> $new_password, password_2
=> $new_password, old_password
=> $password } );
203 $tx->req->cookies( { name
=> 'CGISESSID', value
=> $session->id } );
204 $tx->req->env( { REMOTE_ADDR
=> '127.0.0.1' } );
209 $schema->storage->txn_rollback;
212 sub create_user_and_session
{
215 my $flags = ( $args->{authorized
} ) ?
16 : 0;
217 my $user = $builder->build_object(
219 class => 'Koha::Patrons',
220 value
=> { flags
=> $flags }
224 # Create a session for the authorized user
225 my $session = C4
::Auth
::get_session
('');
226 $session->param( 'number', $user->borrowernumber );
227 $session->param( 'id', $user->userid );
228 $session->param( 'ip', '127.0.0.1' );
229 $session->param( 'lasttime', time() );
232 return ( $user, $session );