From 12305c89d745cfb4d02b7a8600c4550b83465eec Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 8 Jul 2022 09:38:55 +0000 Subject: [PATCH] Bug 28787: (follow-up) Typo and additional test Adding a test for a 403 status when lowering authorization. The Auth mock for check_cookie_auth is not needed here. Reading back the session after flush either. Signed-off-by: Marcel de Rooy Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- Koha/REST/V1/Auth.pm | 2 +- t/db_dependent/api/v1/two_factor_auth.t | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index ba90ac4ab4..1b315df0f3 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -288,7 +288,7 @@ sub authenticate_api_request { return 1; } else { - # We are required authorizarion, there needs + # We are required authorization, there needs # to be an identified user Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' ) diff --git a/t/db_dependent/api/v1/two_factor_auth.t b/t/db_dependent/api/v1/two_factor_auth.t index 325a5de370..fc9796dba5 100755 --- a/t/db_dependent/api/v1/two_factor_auth.t +++ b/t/db_dependent/api/v1/two_factor_auth.t @@ -43,7 +43,7 @@ $mocked_koha_email->mock( 'send_or_die', sub { subtest 'send_otp_token' => sub { - plan tests => 9; + plan tests => 11; $schema->storage->txn_begin; @@ -73,11 +73,6 @@ subtest 'send_otp_token' => sub { $session->param('waiting-for-2FA', 1); $session->flush; - $session = C4::Auth::get_session($session->id); - - my $auth = Test::MockModule->new("C4::Auth"); - $auth->mock('check_cookie_auth', sub { return 'additional-auth-needed'}); - $patron->library->set( { branchemail => 'from@example.org', @@ -105,6 +100,14 @@ subtest 'send_otp_token' => sub { # Everything is ok, the email will be sent $t->request_ok($tx)->status_is(200); + # Change flags: not enough authorization anymore + $patron->flags(16)->store; + $tx = $t->ua->build_tx( POST => "/api/v1/auth/otp/token_delivery" ); + $tx->req->cookies( { name => 'CGISESSID', value => $session->id } ); + $tx->req->env( { REMOTE_ADDR => $remote_address } ); + $t->request_ok($tx)->status_is(403); + $patron->flags(20)->store; + $session->param('waiting-for-2FA', 0); $session->flush; $tx = $t->ua->build_tx( POST => "/api/v1/auth/otp/token_delivery" ); -- 2.39.5