Bug 34513: (QA follow-up) Tidy

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This commit is contained in:
Nick Clemens 2023-08-24 18:19:37 +00:00 committed by Tomas Cohen Arazi
parent abbbc5924d
commit 332b95b250
Signed by: tomascohen
GPG key ID: 0A272EA1B2F3C15F
2 changed files with 17 additions and 12 deletions

View file

@ -153,29 +153,31 @@ subtest 'checkauth() tests' => sub {
}; };
subtest 'Reset auth state when changing users' => sub { subtest 'Reset auth state when changing users' => sub {
#NOTE: It's easiest to detect this when changing to a non-existent user, since #NOTE: It's easiest to detect this when changing to a non-existent user, since
#that should trigger a redirect to login (instead of returning a session cookie) #that should trigger a redirect to login (instead of returning a session cookie)
plan tests => 2; plan tests => 2;
my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => undef } }); my $patron = $builder->build_object( { class => 'Koha::Patrons', value => { flags => undef } } );
my $session = C4::Auth::get_session(); my $session = C4::Auth::get_session();
$session->param( 'number', $patron->id ); $session->param( 'number', $patron->id );
$session->param( 'id', $patron->userid ); $session->param( 'id', $patron->userid );
$session->param( 'ip', '1.2.3.4' ); $session->param( 'ip', '1.2.3.4' );
$session->param( 'lasttime', time() ); $session->param( 'lasttime', time() );
$session->param( 'interface', 'intranet' ); $session->param( 'interface', 'intranet' );
$session->flush; $session->flush;
my $sessionID = $session->id; my $sessionID = $session->id;
C4::Context->_new_userenv($sessionID); C4::Context->_new_userenv($sessionID);
my ( $return ) = C4::Auth::check_cookie_auth( $sessionID, undef, { skip_version_check => 1, remote_addr => '1.2.3.4' } ); my ($return) =
C4::Auth::check_cookie_auth( $sessionID, undef, { skip_version_check => 1, remote_addr => '1.2.3.4' } );
is( $return, 'ok', 'Patron authenticated' ); is( $return, 'ok', 'Patron authenticated' );
my $mock1 = Test::MockModule->new('C4::Auth'); my $mock1 = Test::MockModule->new('C4::Auth');
$mock1->mock( 'safe_exit', sub {return 'safe_exit_redirect'} ); $mock1->mock( 'safe_exit', sub { return 'safe_exit_redirect' } );
my $mock2 = Test::MockModule->new('CGI'); my $mock2 = Test::MockModule->new('CGI');
$mock2->mock( 'request_method', 'POST' ); $mock2->mock( 'request_method', 'POST' );
$mock2->mock( 'cookie', sub { return $sessionID; } ); # oversimplified.. $mock2->mock( 'cookie', sub { return $sessionID; } ); # oversimplified..
my $cgi = CGI->new; my $cgi = CGI->new;
$cgi->param( -name => 'userid', -value => 'Bond' ); $cgi->param( -name => 'userid', -value => 'Bond' );
@ -190,7 +192,7 @@ subtest 'checkauth() tests' => sub {
@return = C4::Auth::checkauth( $cgi, 0, {} ); @return = C4::Auth::checkauth( $cgi, 0, {} );
close STDOUT; close STDOUT;
} }
is( $return[0], 'safe_exit_redirect', 'Changing to non-existent user causes a redirect to login'); is( $return[0], 'safe_exit_redirect', 'Changing to non-existent user causes a redirect to login' );
}; };

View file

@ -57,8 +57,11 @@ SKIP: {
like( $driver->get_title, qr(Access denied), 'Patron without permission should be redirected to the login form' ); like( $driver->get_title, qr(Access denied), 'Patron without permission should be redirected to the login form' );
# Try logging in as someone else (even a non-existent patron) and you should still be denied access # Try logging in as someone else (even a non-existent patron) and you should still be denied access
$s->auth('Bond','James Bond'); $s->auth( 'Bond', 'James Bond' );
like( $driver->get_title, qr(Invalid username or password), 'Trying to change to a non-existent user should fail login' ); like(
$driver->get_title, qr(Invalid username or password),
'Trying to change to a non-existent user should fail login'
);
$driver->get($mainpage . q|?logout.x=1|); $driver->get($mainpage . q|?logout.x=1|);
$patron->flags(4)->store; # catalogue permission $patron->flags(4)->store; # catalogue permission