search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 12721 - Prevent software error if incorrect fieldnames given in sypref Statistics...
[koha.git] / t / db_dependent / Auth.t
blob68e3ebc4b748ebbe1c8a8a7c773e547d6f470c7a
1 #!/usr/bin/perl
2 #
3 # This Koha test module is a stub!
4 # Add more tests here!!!
5
6 use Modern::Perl;
7
8 use CGI qw ( -utf8 );
9 use Test::MockModule;
10 use List::MoreUtils qw/all any none/;
11 use Test::More tests => 13;
12 use Test::Warn;
13 use t::lib::Mocks;
14 use C4::Members;
15 use Koha::AuthUtils qw/hash_password/;
16
17 BEGIN {
18 use_ok('C4::Auth');
19 }
20
21 my $dbh = C4::Context->dbh;
22
23 # Start transaction
24 $dbh->{AutoCommit} = 0;
25 $dbh->{RaiseError} = 1;
26
27
28 # get_template_and_user tests
29
30 { # Tests for the language URL parameter
31
32 sub MockedCheckauth {
33 my ($query,$authnotrequired,$flagsrequired,$type) = @_;
34 # return vars
35 my $userid = 'cobain';
36 my $sessionID = 234;
37 # we don't need to bother about permissions for this test
38 my $flags = {
39 superlibrarian => 1, acquisition => 0,
40 borrow => 0, borrowers => 0,
41 catalogue => 1, circulate => 0,
42 coursereserves => 0, editauthorities => 0,
43 editcatalogue => 0, management => 0,
44 parameters => 0, permissions => 0,
45 plugins => 0, reports => 0,
46 reserveforothers => 0, serials => 0,
47 staffaccess => 0, tools => 0,
48 updatecharges => 0
49 };
50
51 my $session_cookie = $query->cookie(
52 -name => 'CGISESSID',
53 -value => 'nirvana',
54 -HttpOnly => 1
55 );
56
57 return ( $userid, $session_cookie, $sessionID, $flags );
58 }
59
60 # Mock checkauth, build the scenario
61 my $auth = new Test::MockModule( 'C4::Auth' );
62 $auth->mock( 'checkauth', \&MockedCheckauth );
63
64 # Make sure 'EnableOpacSearchHistory' is set
65 t::lib::Mocks::mock_preference('EnableOpacSearchHistory',1);
66 # Enable es-ES for the OPAC and staff interfaces
67 t::lib::Mocks::mock_preference('opaclanguages','en,es-ES');
68 t::lib::Mocks::mock_preference('language','en,es-ES');
69
70 # we need a session cookie
71 $ENV{"SERVER_PORT"} = 80;
72 $ENV{"HTTP_COOKIE"} = 'CGISESSID=nirvana';
73
74 my $query = new CGI;
75 $query->param('language','es-ES');
76
77 my ( $template, $loggedinuser, $cookies ) = get_template_and_user(
78 {
79 template_name => "about.tt",
80 query => $query,
81 type => "opac",
82 authnotrequired => 1,
83 flagsrequired => { catalogue => 1 },
84 debug => 1
85 }
86 );
87
88 ok ( ( all { ref($_) eq 'CGI::Cookie' } @$cookies ),
89 'BZ9735: the cookies array is flat' );
90
91 # new query, with non-existent language (we only have en and es-ES)
92 $query->param('language','tomas');
93
94 ( $template, $loggedinuser, $cookies ) = get_template_and_user(
95 {
96 template_name => "about.tt",
97 query => $query,
98 type => "opac",
99 authnotrequired => 1,
100 flagsrequired => { catalogue => 1 },
101 debug => 1
102 }
103 );
104
105 ok( ( none { $_->name eq 'KohaOpacLanguage' and $_->value eq 'tomas' } @$cookies ),
106 'BZ9735: invalid language, it is not set');
107
108 ok( ( any { $_->name eq 'KohaOpacLanguage' and $_->value eq 'en' } @$cookies ),
109 'BZ9735: invalid language, then default to en');
110
111 for my $template_name (
112 qw(
113 ../../../../../../../../../../../../../../../etc/passwd
114 test/../../../../../../../../../../../../../../etc/passwd
115 /etc/passwd
116 test/does_not_finished_by_tt_t
117 )
118 ) {
119 eval {
120 ( $template, $loggedinuser, $cookies ) = get_template_and_user(
121 {
122 template_name => $template_name,
123 query => $query,
124 type => "intranet",
125 authnotrequired => 1,
126 flagsrequired => { catalogue => 1 },
127 }
128 );
129 };
130 like ( $@, qr(^bad template path), 'The file $template_name should not be accessible' );
131 }
132 ( $template, $loggedinuser, $cookies ) = get_template_and_user(
133 {
134 template_name => 'errors/errorpage.tt',
135 query => $query,
136 type => "intranet",
137 authnotrequired => 1,
138 flagsrequired => { catalogue => 1 },
139 }
140 );
141 my $file_exists = ( -f $template->{filename} ) ? 1 : 0;
142 is ( $file_exists, 1, 'The file errors/errorpage.tt should be accessible (contains integers)' );
143 }
144
145 # Check that there is always an OPACBaseURL set.
146 my $input = CGI->new();
147 my ( $template1, $borrowernumber, $cookie );
148 ( $template1, $borrowernumber, $cookie ) = get_template_and_user(
149 {
150 template_name => "opac-detail.tt",
151 type => "opac",
152 query => $input,
153 authnotrequired => 1,
154 }
155 );
156
157 ok( ( any { 'OPACBaseURL' eq $_ } keys %{$template1->{VARS}} ),
158 'OPACBaseURL is in OPAC template' );
159
160 my ( $template2 );
161 ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
162 {
163 template_name => "catalogue/detail.tt",
164 type => "intranet",
165 query => $input,
166 authnotrequired => 1,
167 }
168 );
169
170 ok( ( any { 'OPACBaseURL' eq $_ } keys %{$template2->{VARS}} ),
171 'OPACBaseURL is in Staff template' );
172
173 my $hash1 = hash_password('password');
174 my $hash2 = hash_password('password');
175
176 ok(C4::Auth::checkpw_hash('password', $hash1), 'password validates with first hash');
177 ok(C4::Auth::checkpw_hash('password', $hash2), 'password validates with second hash');
178
179 $dbh->rollback;
Koha ILS