Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/t/Auth_with_shibboleth.t
Mark Tompsett 1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol 
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00

266 lines
7.2 KiB
Perl
Raw Blame History

#!/usr/bin/perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Module::Load::Conditional qw/check_install/;
use Test::More;
use Test::MockModule;
use Test::Warn;
use CGI;
use C4::Context;
BEGIN {
if ( check_install( module => 'Test::DBIx::Class' ) ) {
plan tests => 9;
} else {
plan skip_all => "Need Test::DBIx::Class"
}
}
use Test::DBIx::Class { schema_class => 'Koha::Schema', connect_info => ['dbi:SQLite:dbname=:memory:','',''] };
# Mock Variables
my $matchpoint = 'userid';
my %mapping = ( 'userid' => { 'is' => 'uid' }, );
$ENV{'uid'} = "test1234";
# Setup Mocks
## Mock Context
my $context = new Test::MockModule('C4::Context');
### Mock ->config
$context->mock( 'config', \&mockedConfig );
sub mockedConfig {
my $param = shift;
my %shibboleth = (
'matchpoint' => $matchpoint,
'mapping' => \%mapping
);
return \%shibboleth;
}
### Mock ->preference
my $OPACBaseURL = "testopac.com";
$context->mock( 'preference', \&mockedPref );
sub mockedPref {
my $param = $_[1];
my $return;
if ( $param eq 'OPACBaseURL' ) {
$return = $OPACBaseURL;
}
return $return;
}
## Mock Database
my $database = new Test::MockModule('Koha::Database');
### Mock ->schema
$database->mock( 'schema', \&mockedSchema );
sub mockedSchema {
return Schema();
}
## Convenience method to reset config
sub reset_config {
$matchpoint = 'userid';
%mapping = ( 'userid' => { 'is' => 'uid' }, );
$ENV{'uid'} = "test1234";
return 1;
}
# Tests
##############################################################
# Can module load
use_ok('C4::Auth_with_shibboleth');
$C4::Auth_with_shibboleth::debug = '0';
# Subroutine tests
## shib_ok
subtest "shib_ok tests" => sub {
plan tests => 5;
my $result;
# correct config, no debug
is( shib_ok(), '1', "good config" );
# bad config, no debug
$matchpoint = undef;
warnings_are { $result = shib_ok() }
[ { carped => 'shibboleth matchpoint not defined' }, ],
"undefined matchpoint = fatal config, warning given";
is( $result, '0', "bad config" );
$matchpoint = 'email';
warnings_are { $result = shib_ok() }
[ { carped => 'shibboleth matchpoint not mapped' }, ],
"unmapped matchpoint = fatal config, warning given";
is( $result, '0', "bad config" );
# add test for undefined shibboleth block
reset_config();
};
## logout_shib
#my $query = CGI->new();
#is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib");
## login_shib_url
my $query_string = 'language=en-GB';
$ENV{QUERY_STRING} = $query_string;
$ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl';
my $query = CGI->new($query_string);
is(
login_shib_url($query),
'https://testopac.com'
. '/Shibboleth.sso/Login?target='
. 'https://testopac.com/cgi-bin/koha/opac-user.pl' . '%3F'
. $query_string,
"login shib url"
);
## get_login_shib
subtest "get_login_shib tests" => sub {
plan tests => 4;
my $login;
# good config
## debug off
$C4::Auth_with_shibboleth::debug = '0';
warnings_are { $login = get_login_shib() }[],
"good config with debug off, no warnings recieved";
is( $login, "test1234",
"good config with debug off, attribute value returned" );
## debug on
$C4::Auth_with_shibboleth::debug = '1';
warnings_are { $login = get_login_shib() }[
"koha borrower field to match: userid",
"shibboleth attribute to match: uid",
"uid value: test1234"
],
"good config with debug enabled, correct warnings recieved";
is( $login, "test1234",
"good config with debug enabled, attribute value returned" );
# bad config - with shib_ok implimented, we should never reach this sub with a bad config
};
## checkpw_shib
subtest "checkpw_shib tests" => sub {
plan tests => 13;
my $shib_login;
my ( $retval, $retcard, $retuserid );
# Setup Mock Database Data
fixtures_ok [
'Borrower' => [
[qw/cardnumber userid surname address city/],
[qw/testcardnumber test1234 renvoize myaddress johnston/],
],
],
'Installed some custom fixtures via the Populate fixture class';
# debug off
$C4::Auth_with_shibboleth::debug = '0';
# good user
$shib_login = "test1234";
warnings_are {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[], "good user with no debug";
is( $retval, "1", "user authenticated" );
is( $retcard, "testcardnumber", "expected cardnumber returned" );
is( $retuserid, "test1234", "expected userid returned" );
# bad user
$shib_login = 'martin';
warnings_are {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[], "bad user with no debug";
is( $retval, "0", "user not authenticated" );
# debug on
$C4::Auth_with_shibboleth::debug = '1';
# good user
$shib_login = "test1234";
warnings_exist {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[ qr/checkpw_shib/, qr/User Shibboleth-authenticated as:/ ],
"good user with debug enabled";
is( $retval, "1", "user authenticated" );
is( $retcard, "testcardnumber", "expected cardnumber returned" );
is( $retuserid, "test1234", "expected userid returned" );
# bad user
$shib_login = "martin";
warnings_exist {
( $retval, $retcard, $retuserid ) = checkpw_shib( $shib_login );
}
[
qr/checkpw_shib/,
qr/User Shibboleth-authenticated as:/,
qr/not a valid Koha user/
],
"bad user with debug enabled";
is( $retval, "0", "user not authenticated" );
};
## _get_uri
$OPACBaseURL = "testopac.com";
is( C4::Auth_with_shibboleth::_get_uri(),
"https://testopac.com", "https opac uri returned" );
$OPACBaseURL = "http://testopac.com";
my $result;
warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
[ { carped =>
'Shibboleth requires OPACBaseURL to use the https protocol!' },
],
"improper protocol - received expected warning";
is( $result, "https://testopac.com", "https opac uri returned" );
$OPACBaseURL = "https://testopac.com";
is( C4::Auth_with_shibboleth::_get_uri(),
"https://testopac.com", "https opac uri returned" );
$OPACBaseURL = undef;
warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
[ { carped => 'OPACBaseURL not set!' },
],
"undefined OPACBaseURL - received expected warning";
is( $result, "https://", "https opac uri returned" );
## _get_shib_config
# Internal helper function, covered in tests above
View git blame Copy permalink