search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 21316: Handle control fields in the ACQ frameworks
[koha.git] / t / Auth_with_shibboleth.t
blob9e9617897222d1674508feb4ac4bbafb6bacd2f9
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
17
18 use Modern::Perl;
19
20 $| = 1;
21 use Module::Load::Conditional qw/check_install/;
22 use Test::More;
23 use Test::MockModule;
24 use Test::Warn;
25
26 use CGI;
27 use C4::Context;
28
29 BEGIN {
30 if ( check_install( module => 'Test::DBIx::Class' ) ) {
31 plan tests => 17;
32 }
33 else {
34 plan skip_all => "Need Test::DBIx::Class";
35 }
36 }
37
38 use Test::DBIx::Class {
39 schema_class => 'Koha::Schema',
40 connect_info => [ 'dbi:SQLite:dbname=:memory:', '', '' ]
41 };
42
43 # Mock Variables
44 my $matchpoint = 'userid';
45 my $autocreate = 0;
46 my $sync = 0;
47 my %mapping = (
48 'userid' => { 'is' => 'uid' },
49 'surname' => { 'is' => 'sn' },
50 'dateexpiry' => { 'is' => 'exp' },
51 'categorycode' => { 'is' => 'cat' },
52 'address' => { 'is' => 'add' },
53 'city' => { 'is' => 'city' },
54 );
55 $ENV{'uid'} = "test1234";
56 $ENV{'sn'} = undef;
57 $ENV{'exp'} = undef;
58 $ENV{'cat'} = undef;
59 $ENV{'add'} = undef;
60 $ENV{'city'} = undef;
61
62 # Setup Mocks
63 ## Mock Context
64 my $context = new Test::MockModule('C4::Context');
65
66 ### Mock ->config
67 $context->mock( 'config', \&mockedConfig );
68
69 ### Mock ->preference
70 my $OPACBaseURL = "testopac.com";
71 my $staffClientBaseURL = "teststaff.com";
72 $context->mock( 'preference', \&mockedPref );
73
74 ### Mock ->tz
75 $context->mock( 'timezone', sub { return 'local'; } );
76
77 ### Mock ->interface
78 my $interface = 'opac';
79 $context->mock( 'interface', \&mockedInterface );
80
81 ## Mock Database
82 my $database = new Test::MockModule('Koha::Database');
83
84 ### Mock ->schema
85 $database->mock( 'schema', \&mockedSchema );
86
87 # Tests
88 ##############################################################
89
90 # Can module load
91 use C4::Auth_with_shibboleth;
92 require_ok('C4::Auth_with_shibboleth');
93 $C4::Auth_with_shibboleth::debug = '0';
94
95 # Subroutine tests
96 ## shib_ok
97 subtest "shib_ok tests" => sub {
98 plan tests => 5;
99 my $result;
100
101 # correct config, no debug
102 is( shib_ok(), '1', "good config" );
103
104 # bad config, no debug
105 $matchpoint = undef;
106 warnings_are { $result = shib_ok() }
107 [ { carped => 'shibboleth matchpoint not defined' }, ],
108 "undefined matchpoint = fatal config, warning given";
109 is( $result, '0', "bad config" );
110
111 $matchpoint = 'email';
112 warnings_are { $result = shib_ok() }
113 [ { carped => 'shibboleth matchpoint not mapped' }, ],
114 "unmapped matchpoint = fatal config, warning given";
115 is( $result, '0', "bad config" );
116
117 # add test for undefined shibboleth block
118
119 reset_config();
120 };
121
122 ## logout_shib
123 #my $query = CGI->new();
124 #is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib");
125
126 ## login_shib_url
127 my $query_string = 'language=en-GB';
128 $ENV{QUERY_STRING} = $query_string;
129 $ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl';
130 my $query = CGI->new($query_string);
131 is(
132 login_shib_url($query),
133 'https://testopac.com'
134 . '/Shibboleth.sso/Login?target='
135 . 'https://testopac.com/cgi-bin/koha/opac-user.pl' . '%3F'
136 . $query_string,
137 "login shib url"
138 );
139
140 ## get_login_shib
141 subtest "get_login_shib tests" => sub {
142 plan tests => 4;
143 my $login;
144
145 # good config
146 ## debug off
147 $C4::Auth_with_shibboleth::debug = '0';
148 warnings_are { $login = get_login_shib() }[],
149 "good config with debug off, no warnings received";
150 is( $login, "test1234",
151 "good config with debug off, attribute value returned" );
152
153 ## debug on
154 $C4::Auth_with_shibboleth::debug = '1';
155 warnings_are { $login = get_login_shib() }[
156 "koha borrower field to match: userid",
157 "shibboleth attribute to match: uid",
158 "uid value: test1234"
159 ],
160 "good config with debug enabled, correct warnings received";
161 is( $login, "test1234",
162 "good config with debug enabled, attribute value returned" );
163
164 # bad config - with shib_ok implemented, we should never reach this sub with a bad config
165 };
166
167 ## checkpw_shib
168 subtest "checkpw_shib tests" => sub {
169 plan tests => 21;
170
171 my $shib_login;
172 my ( $retval, $retcard, $retuserid );
173
174 # Setup Mock Database Data
175 fixtures_ok [
176 'Borrower' => [
177 [qw/cardnumber userid surname address city/],
178 [qw/testcardnumber test1234 renvoize myaddress johnston/],
179 ],
180 'Category' => [ [qw/categorycode default_privacy/], [qw/S never/], ]
181 ],
182 'Installed some custom fixtures via the Populate fixture class';
183
184 # debug off
185 $C4::Auth_with_shibboleth::debug = '0';
186
187 # good user
188 $shib_login = "test1234";
189 warnings_are {
190 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
191 }
192 [], "good user with no debug";
193 is( $retval, "1", "user authenticated" );
194 is( $retcard, "testcardnumber", "expected cardnumber returned" );
195 is( $retuserid, "test1234", "expected userid returned" );
196
197 # bad user
198 $shib_login = 'martin';
199 warnings_are {
200 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
201 }
202 [], "bad user with no debug";
203 is( $retval, "0", "user not authenticated" );
204
205 # autocreate user
206 $autocreate = 1;
207 $shib_login = 'test4321';
208 $ENV{'uid'} = 'test4321';
209 $ENV{'sn'} = "pika";
210 $ENV{'exp'} = "2017";
211 $ENV{'cat'} = "S";
212 $ENV{'add'} = 'Address';
213 $ENV{'city'} = 'City';
214 warnings_are {
215 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
216 }
217 [], "new user added with no debug";
218 is( $retval, "1", "user authenticated" );
219 is( $retuserid, "test4321", "expected userid returned" );
220 ok my $new_user = ResultSet('Borrower')
221 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "new user found";
222 is_fields [qw/surname dateexpiry address city/], $new_user->next,
223 [qw/pika 2017 Address City/],
224 'Found $new_users surname';
225 $autocreate = 0;
226
227 # sync user
228 $sync = 1;
229 $ENV{'city'} = 'AnotherCity';
230 warnings_are {
231 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
232 }
233 [], "good user with sync";
234
235 ok my $sync_user = ResultSet('Borrower')
236 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "sync user found";
237
238 is_fields [qw/surname dateexpiry address city/], $sync_user->next,
239 [qw/pika 2017 Address AnotherCity/],
240 'Found $sync_user synced city';
241 $sync = 0;
242
243 # debug on
244 $C4::Auth_with_shibboleth::debug = '1';
245
246 # good user
247 $shib_login = "test1234";
248 warnings_exist {
249 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
250 }
251 [
252 qr/checkpw_shib/,
253 qr/koha borrower field to match: userid/,
254 qr/shibboleth attribute to match: uid/,
255 qr/User Shibboleth-authenticated as:/
256 ],
257 "good user with debug enabled";
258 is( $retval, "1", "user authenticated" );
259 is( $retcard, "testcardnumber", "expected cardnumber returned" );
260 is( $retuserid, "test1234", "expected userid returned" );
261
262 # bad user
263 $shib_login = "martin";
264 warnings_exist {
265 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
266 }
267 [
268 qr/checkpw_shib/,
269 qr/koha borrower field to match: userid/,
270 qr/shibboleth attribute to match: uid/,
271 qr/User Shibboleth-authenticated as:/,
272 qr/not a valid Koha user/
273 ],
274 "bad user with debug enabled";
275 is( $retval, "0", "user not authenticated" );
276
277 };
278
279 ## _get_uri - opac
280 $OPACBaseURL = "testopac.com";
281 is( C4::Auth_with_shibboleth::_get_uri(),
282 "https://testopac.com", "https opac uri returned" );
283
284 $OPACBaseURL = "http://testopac.com";
285 my $result;
286 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
287 "shibboleth interface: $interface",
288 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
289 ],
290 "improper protocol - received expected warning";
291 is( $result, "https://testopac.com", "https opac uri returned" );
292
293 $OPACBaseURL = "https://testopac.com";
294 is( C4::Auth_with_shibboleth::_get_uri(),
295 "https://testopac.com", "https opac uri returned" );
296
297 $OPACBaseURL = undef;
298 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
299 [ "shibboleth interface: $interface", "OPACBaseURL not set!" ],
300 "undefined OPACBaseURL - received expected warning";
301 is( $result, "https://", "https $interface uri returned" );
302
303 ## _get_uri - intranet
304 $interface = 'intranet';
305 $staffClientBaseURL = "teststaff.com";
306 is( C4::Auth_with_shibboleth::_get_uri(),
307 "https://teststaff.com", "https $interface uri returned" );
308
309 $staffClientBaseURL = "http://teststaff.com";
310 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
311 "shibboleth interface: $interface",
312 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
313 ],
314 "improper protocol - received expected warning";
315 is( $result, "https://teststaff.com", "https $interface uri returned" );
316
317 $staffClientBaseURL = "https://teststaff.com";
318 is( C4::Auth_with_shibboleth::_get_uri(),
319 "https://teststaff.com", "https $interface uri returned" );
320
321 $staffClientBaseURL = undef;
322 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
323 [ "shibboleth interface: $interface", "staffClientBaseURL not set!" ],
324 "undefined staffClientBaseURL - received expected warning";
325 is( $result, "https://", "https $interface uri returned" );
326
327 ## _get_shib_config
328 # Internal helper function, covered in tests above
329
330 sub mockedConfig {
331 my $param = shift;
332
333 my %shibboleth = (
334 'autocreate' => $autocreate,
335 'sync' => $sync,
336 'matchpoint' => $matchpoint,
337 'mapping' => \%mapping
338 );
339
340 return \%shibboleth;
341 }
342
343 sub mockedPref {
344 my $param = $_[1];
345 my $return;
346
347 if ( $param eq 'OPACBaseURL' ) {
348 $return = $OPACBaseURL;
349 }
350
351 if ( $param eq 'staffClientBaseURL' ) {
352 $return = $staffClientBaseURL;
353 }
354
355 return $return;
356 }
357
358 sub mockedInterface {
359 return $interface;
360 }
361
362 sub mockedSchema {
363 return Schema();
364 }
365
366 ## Convenience method to reset config
367 sub reset_config {
368 $matchpoint = 'userid';
369 $autocreate = 0;
370 $sync = 0;
371 %mapping = (
372 'userid' => { 'is' => 'uid' },
373 'surname' => { 'is' => 'sn' },
374 'dateexpiry' => { 'is' => 'exp' },
375 'categorycode' => { 'is' => 'cat' },
376 'address' => { 'is' => 'add' },
377 'city' => { 'is' => 'city' },
378 );
379 $ENV{'uid'} = "test1234";
380 $ENV{'sn'} = undef;
381 $ENV{'exp'} = undef;
382 $ENV{'cat'} = undef;
383 $ENV{'add'} = undef;
384 $ENV{'city'} = undef;
385
386 return 1;
387 }
388
Koha ILS