99d18bf0f3
Test t/db_dependent/Auth.t seems to have an ineffective test data cleanup. Data generated by TestBuilder is left in borrowers, branches, categories, sms_providers and sessions tables after the test. To replicate: 1. Check the row count of borrowers, branches and categories tables 2. prove t/db_dependent/Auth.t 3. Repeat step 1 4. Observe borrowers the following tables have increased in row count: - borrowers - branches - categories - sessions - sms_providers To test: 1. Before applying the patch, go through steps at "To replicate" plan 2. Apply patch 3. Go through steps at "To replicate" plan 4. Observe step 4 no longer applies and those tables have the same number of rows as before executing the test. This issue has been happening in REST tests as well, and this solution is directly copy-pasted from t/db_dependent/api/v1/cities.t Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
239 lines
8.2 KiB
Perl
239 lines
8.2 KiB
Perl
#!/usr/bin/perl
|
|
#
|
|
# This Koha test module is a stub!
|
|
# Add more tests here!!!
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
|
|
use Test::MockObject;
|
|
use Test::MockModule;
|
|
use List::MoreUtils qw/all any none/;
|
|
use Test::More tests => 21;
|
|
use Test::Warn;
|
|
use t::lib::Mocks;
|
|
use t::lib::TestBuilder;
|
|
|
|
use C4::Auth qw(checkpw);
|
|
use C4::Members;
|
|
use Koha::AuthUtils qw/hash_password/;
|
|
use Koha::Database;
|
|
use Koha::Patrons;
|
|
|
|
BEGIN {
|
|
use_ok('C4::Auth');
|
|
}
|
|
|
|
my $schema = Koha::Database->schema;
|
|
my $builder = t::lib::TestBuilder->new;
|
|
my $dbh = C4::Context->dbh;
|
|
|
|
# FIXME: SessionStorage defaults to mysql, but it seems to break transaction
|
|
# handling
|
|
t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
|
|
|
|
$schema->storage->txn_begin;
|
|
|
|
subtest 'checkauth() tests' => sub {
|
|
|
|
plan tests => 2;
|
|
|
|
my $patron = $builder->build({ source => 'Borrower', value => { flags => undef } })->{userid};
|
|
|
|
# Mock a CGI object with real userid param
|
|
my $cgi = Test::MockObject->new();
|
|
$cgi->mock( 'param', sub { return $patron; } );
|
|
$cgi->mock( 'cookie', sub { return; } );
|
|
|
|
my $authnotrequired = 1;
|
|
my ( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, $authnotrequired );
|
|
|
|
is( $userid, undef, 'checkauth() returns undef for userid if no logged in user (Bug 18275)' );
|
|
|
|
my $db_user_id = C4::Context->config('user');
|
|
my $db_user_pass = C4::Context->config('pass');
|
|
$cgi = Test::MockObject->new();
|
|
$cgi->mock( 'cookie', sub { return; } );
|
|
$cgi->mock( 'param', sub {
|
|
my ( $self, $param ) = @_;
|
|
if ( $param eq 'userid' ) { return $db_user_id; }
|
|
elsif ( $param eq 'password' ) { return $db_user_pass; }
|
|
else { return; }
|
|
});
|
|
( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, $authnotrequired );
|
|
is ( $userid, $db_user_id, 'If DB user is logging in, it should be considered as logged in, i.e. checkauth return the relevant userid' );
|
|
C4::Context->_new_userenv; # For next tests
|
|
|
|
};
|
|
|
|
my $hash1 = hash_password('password');
|
|
my $hash2 = hash_password('password');
|
|
|
|
{ # tests no_set_userenv parameter
|
|
my $patron = $builder->build( { source => 'Borrower' } );
|
|
Koha::Patrons->find( $patron->{borrowernumber} )->update_password( $patron->{userid}, $hash1 );
|
|
my $library = $builder->build(
|
|
{
|
|
source => 'Branch',
|
|
}
|
|
);
|
|
|
|
ok( checkpw( $dbh, $patron->{userid}, 'password', undef, undef, 1 ), 'checkpw returns true' );
|
|
is( C4::Context->userenv, undef, 'Userenv should be undef as required' );
|
|
C4::Context->_new_userenv('DUMMY SESSION');
|
|
C4::Context->set_userenv(0,0,0,'firstname','surname', $library->{branchcode}, 'Library 1', 0, '', '');
|
|
is( C4::Context->userenv->{branch}, $library->{branchcode}, 'Userenv gives correct branch' );
|
|
ok( checkpw( $dbh, $patron->{userid}, 'password', undef, undef, 1 ), 'checkpw returns true' );
|
|
is( C4::Context->userenv->{branch}, $library->{branchcode}, 'Userenv branch is preserved if no_set_userenv is true' );
|
|
ok( checkpw( $dbh, $patron->{userid}, 'password', undef, undef, 0 ), 'checkpw still returns true' );
|
|
isnt( C4::Context->userenv->{branch}, $library->{branchcode}, 'Userenv branch is overwritten if no_set_userenv is false' );
|
|
}
|
|
|
|
# get_template_and_user tests
|
|
|
|
{ # Tests for the language URL parameter
|
|
|
|
sub MockedCheckauth {
|
|
my ($query,$authnotrequired,$flagsrequired,$type) = @_;
|
|
# return vars
|
|
my $userid = 'cobain';
|
|
my $sessionID = 234;
|
|
# we don't need to bother about permissions for this test
|
|
my $flags = {
|
|
superlibrarian => 1, acquisition => 0,
|
|
borrowers => 0,
|
|
catalogue => 1, circulate => 0,
|
|
coursereserves => 0, editauthorities => 0,
|
|
editcatalogue => 0, management => 0,
|
|
parameters => 0, permissions => 0,
|
|
plugins => 0, reports => 0,
|
|
reserveforothers => 0, serials => 0,
|
|
staffaccess => 0, tools => 0,
|
|
updatecharges => 0
|
|
};
|
|
|
|
my $session_cookie = $query->cookie(
|
|
-name => 'CGISESSID',
|
|
-value => 'nirvana',
|
|
-HttpOnly => 1
|
|
);
|
|
|
|
return ( $userid, $session_cookie, $sessionID, $flags );
|
|
}
|
|
|
|
# Mock checkauth, build the scenario
|
|
my $auth = new Test::MockModule( 'C4::Auth' );
|
|
$auth->mock( 'checkauth', \&MockedCheckauth );
|
|
|
|
# Make sure 'EnableOpacSearchHistory' is set
|
|
t::lib::Mocks::mock_preference('EnableOpacSearchHistory',1);
|
|
# Enable es-ES for the OPAC and staff interfaces
|
|
t::lib::Mocks::mock_preference('opaclanguages','en,es-ES');
|
|
t::lib::Mocks::mock_preference('language','en,es-ES');
|
|
|
|
# we need a session cookie
|
|
$ENV{"SERVER_PORT"} = 80;
|
|
$ENV{"HTTP_COOKIE"} = 'CGISESSID=nirvana';
|
|
|
|
my $query = new CGI;
|
|
$query->param('language','es-ES');
|
|
|
|
my ( $template, $loggedinuser, $cookies ) = get_template_and_user(
|
|
{
|
|
template_name => "about.tt",
|
|
query => $query,
|
|
type => "opac",
|
|
authnotrequired => 1,
|
|
flagsrequired => { catalogue => 1 },
|
|
debug => 1
|
|
}
|
|
);
|
|
|
|
ok ( ( all { ref($_) eq 'CGI::Cookie' } @$cookies ),
|
|
'BZ9735: the cookies array is flat' );
|
|
|
|
# new query, with non-existent language (we only have en and es-ES)
|
|
$query->param('language','tomas');
|
|
|
|
( $template, $loggedinuser, $cookies ) = get_template_and_user(
|
|
{
|
|
template_name => "about.tt",
|
|
query => $query,
|
|
type => "opac",
|
|
authnotrequired => 1,
|
|
flagsrequired => { catalogue => 1 },
|
|
debug => 1
|
|
}
|
|
);
|
|
|
|
ok( ( none { $_->name eq 'KohaOpacLanguage' and $_->value eq 'tomas' } @$cookies ),
|
|
'BZ9735: invalid language, it is not set');
|
|
|
|
ok( ( any { $_->name eq 'KohaOpacLanguage' and $_->value eq 'en' } @$cookies ),
|
|
'BZ9735: invalid language, then default to en');
|
|
|
|
for my $template_name (
|
|
qw(
|
|
../../../../../../../../../../../../../../../etc/passwd
|
|
test/../../../../../../../../../../../../../../etc/passwd
|
|
/etc/passwd
|
|
test/does_not_finished_by_tt_t
|
|
)
|
|
) {
|
|
eval {
|
|
( $template, $loggedinuser, $cookies ) = get_template_and_user(
|
|
{
|
|
template_name => $template_name,
|
|
query => $query,
|
|
type => "intranet",
|
|
authnotrequired => 1,
|
|
flagsrequired => { catalogue => 1 },
|
|
}
|
|
);
|
|
};
|
|
like ( $@, qr(^bad template path), 'The file $template_name should not be accessible' );
|
|
}
|
|
( $template, $loggedinuser, $cookies ) = get_template_and_user(
|
|
{
|
|
template_name => 'errors/errorpage.tt',
|
|
query => $query,
|
|
type => "intranet",
|
|
authnotrequired => 1,
|
|
flagsrequired => { catalogue => 1 },
|
|
}
|
|
);
|
|
my $file_exists = ( -f $template->{filename} ) ? 1 : 0;
|
|
is ( $file_exists, 1, 'The file errors/errorpage.tt should be accessible (contains integers)' );
|
|
}
|
|
|
|
# Check that there is always an OPACBaseURL set.
|
|
my $input = CGI->new();
|
|
my ( $template1, $borrowernumber, $cookie );
|
|
( $template1, $borrowernumber, $cookie ) = get_template_and_user(
|
|
{
|
|
template_name => "opac-detail.tt",
|
|
type => "opac",
|
|
query => $input,
|
|
authnotrequired => 1,
|
|
}
|
|
);
|
|
|
|
ok( ( any { 'OPACBaseURL' eq $_ } keys %{$template1->{VARS}} ),
|
|
'OPACBaseURL is in OPAC template' );
|
|
|
|
my ( $template2 );
|
|
( $template2, $borrowernumber, $cookie ) = get_template_and_user(
|
|
{
|
|
template_name => "catalogue/detail.tt",
|
|
type => "intranet",
|
|
query => $input,
|
|
authnotrequired => 1,
|
|
}
|
|
);
|
|
|
|
ok( ( any { 'OPACBaseURL' eq $_ } keys %{$template2->{VARS}} ),
|
|
'OPACBaseURL is in Staff template' );
|
|
|
|
ok(C4::Auth::checkpw_hash('password', $hash1), 'password validates with first hash');
|
|
ok(C4::Auth::checkpw_hash('password', $hash2), 'password validates with second hash');
|