3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use Module::Load::Conditional qw/check_install/;
30 if ( check_install( module => 'Test::DBIx::Class' ) ) {
34 plan skip_all => "Need Test::DBIx::Class";
38 use Test::DBIx::Class {
39 schema_class => 'Koha::Schema',
40 connect_info => [ 'dbi:SQLite:dbname=:memory:', '', '' ]
44 my $matchpoint = 'userid';
48 'userid' => { 'is' => 'uid' },
49 'surname' => { 'is' => 'sn' },
50 'dateexpiry' => { 'is' => 'exp' },
51 'categorycode' => { 'is' => 'cat' },
52 'address' => { 'is' => 'add' },
53 'city' => { 'is' => 'city' },
55 $ENV{'uid'} = "test1234";
64 my $context = new Test::MockModule('C4::Context');
67 $context->mock( 'config', \&mockedConfig );
70 my $OPACBaseURL = "testopac.com";
71 my $staffClientBaseURL = "teststaff.com";
72 $context->mock( 'preference', \&mockedPref );
75 $context->mock( 'timezone', sub { return 'local'; } );
78 my $interface = 'opac';
79 $context->mock( 'interface', \&mockedInterface );
82 my $database = new Test::MockModule('Koha::Database');
85 $database->mock( 'schema', \&mockedSchema );
88 ##############################################################
91 use C4::Auth_with_shibboleth;
92 require_ok('C4::Auth_with_shibboleth');
93 $C4::Auth_with_shibboleth::debug = '0';
97 subtest "shib_ok tests" => sub {
101 # correct config, no debug
102 is( shib_ok(), '1', "good config" );
104 # bad config, no debug
106 warnings_are { $result = shib_ok() }
107 [ { carped => 'shibboleth matchpoint not defined' }, ],
108 "undefined matchpoint = fatal config, warning given";
109 is( $result, '0', "bad config" );
111 $matchpoint = 'email';
112 warnings_are { $result = shib_ok() }
113 [ { carped => 'shibboleth matchpoint not mapped' }, ],
114 "unmapped matchpoint = fatal config, warning given";
115 is( $result, '0', "bad config" );
117 # add test for undefined shibboleth block
123 #my $query = CGI->new();
124 #is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib");
127 my $query_string = 'language=en-GB';
128 $ENV{QUERY_STRING} = $query_string;
129 $ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl';
130 my $query = CGI->new($query_string);
132 login_shib_url($query),
133 'https://testopac.com'
134 . '/Shibboleth.sso/Login?target='
135 . 'https://testopac.com/cgi-bin/koha/opac-user.pl?'
141 subtest "get_login_shib tests" => sub {
147 $C4::Auth_with_shibboleth::debug = '0';
148 warnings_are { $login = get_login_shib() }[],
149 "good config with debug off, no warnings received";
150 is( $login, "test1234",
151 "good config with debug off, attribute value returned" );
154 $C4::Auth_with_shibboleth::debug = '1';
155 warnings_are { $login = get_login_shib() }[
156 "koha borrower field to match: userid",
157 "shibboleth attribute to match: uid",
158 "uid value: test1234"
160 "good config with debug enabled, correct warnings received";
161 is( $login, "test1234",
162 "good config with debug enabled, attribute value returned" );
164 # bad config - with shib_ok implemented, we should never reach this sub with a bad config
168 subtest "checkpw_shib tests" => sub {
172 my ( $retval, $retcard, $retuserid );
174 # Setup Mock Database Data
177 [qw/cardnumber userid surname address city email/],
178 [qw/testcardnumber test1234 renvoize myaddress johnston /],
179 [qw/testcardnumber1 test12345 clamp1 myaddress quechee kid@clamp.io/],
180 [qw/testcardnumber2 test123456 clamp2 myaddress quechee kid@clamp.io/],
182 'Category' => [ [qw/categorycode default_privacy/], [qw/S never/], ]
184 'Installed some custom fixtures via the Populate fixture class';
187 $C4::Auth_with_shibboleth::debug = '0';
190 $shib_login = "test1234";
192 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
194 [], "good user with no debug";
195 is( $retval, "1", "user authenticated" );
196 is( $retcard, "testcardnumber", "expected cardnumber returned" );
197 is( $retuserid, "test1234", "expected userid returned" );
200 $shib_login = 'martin';
202 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
204 [], "bad user with no debug";
205 is( $retval, "0", "user not authenticated" );
207 # duplicated matchpoint
208 $matchpoint = 'email';
209 $mapping{'email'} = { is => 'email' };
210 $shib_login = 'kid@clamp.io';
212 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
214 [], "bad user with no debug";
215 is( $retval, "0", "user not authenticated if duplicated matchpoint" );
216 $C4::Auth_with_shibboleth::debug = '1';
218 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
222 q/koha borrower field to match: email/,
223 q/shibboleth attribute to match: email/,
224 q/User Shibboleth-authenticated as: kid@clamp.io/,
225 q/There are several users with email of kid@clamp.io, matchpoints must be unique/
226 ], "duplicated matchpoint warned with debug";
227 $C4::Auth_with_shibboleth::debug = '0';
232 $shib_login = 'test4321';
233 $ENV{'uid'} = 'test4321';
235 $ENV{'exp'} = "2017";
237 $ENV{'add'} = 'Address';
238 $ENV{'city'} = 'City';
240 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
242 [], "new user added with no debug";
243 is( $retval, "1", "user authenticated" );
244 is( $retuserid, "test4321", "expected userid returned" );
245 ok my $new_user = ResultSet('Borrower')
246 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "new user found";
247 is_fields [qw/surname dateexpiry address city/], $new_user->next,
248 [qw/pika 2017 Address City/],
249 'Found $new_users surname';
254 $ENV{'city'} = 'AnotherCity';
256 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
258 [], "good user with sync";
260 ok my $sync_user = ResultSet('Borrower')
261 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "sync user found";
263 is_fields [qw/surname dateexpiry address city/], $sync_user->next,
264 [qw/pika 2017 Address AnotherCity/],
265 'Found $sync_user synced city';
269 $C4::Auth_with_shibboleth::debug = '1';
272 $shib_login = "test1234";
274 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
278 qr/koha borrower field to match: userid/,
279 qr/shibboleth attribute to match: uid/,
280 qr/User Shibboleth-authenticated as:/
282 "good user with debug enabled";
283 is( $retval, "1", "user authenticated" );
284 is( $retcard, "testcardnumber", "expected cardnumber returned" );
285 is( $retuserid, "test1234", "expected userid returned" );
288 $shib_login = "martin";
290 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
294 qr/koha borrower field to match: userid/,
295 qr/shibboleth attribute to match: uid/,
296 qr/User Shibboleth-authenticated as:/,
297 qr/not a valid Koha user/
299 "bad user with debug enabled";
300 is( $retval, "0", "user not authenticated" );
305 $OPACBaseURL = "testopac.com";
306 is( C4::Auth_with_shibboleth::_get_uri(),
307 "https://testopac.com", "https opac uri returned" );
309 $OPACBaseURL = "http://testopac.com";
311 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
312 "shibboleth interface: $interface",
313 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
315 "improper protocol - received expected warning";
316 is( $result, "https://testopac.com", "https opac uri returned" );
318 $OPACBaseURL = "https://testopac.com";
319 is( C4::Auth_with_shibboleth::_get_uri(),
320 "https://testopac.com", "https opac uri returned" );
322 $OPACBaseURL = undef;
323 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
324 [ "shibboleth interface: $interface", "OPACBaseURL not set!" ],
325 "undefined OPACBaseURL - received expected warning";
326 is( $result, "https://", "https $interface uri returned" );
328 ## _get_uri - intranet
329 $interface = 'intranet';
330 $staffClientBaseURL = "teststaff.com";
331 is( C4::Auth_with_shibboleth::_get_uri(),
332 "https://teststaff.com", "https $interface uri returned" );
334 $staffClientBaseURL = "http://teststaff.com";
335 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
336 "shibboleth interface: $interface",
337 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
339 "improper protocol - received expected warning";
340 is( $result, "https://teststaff.com", "https $interface uri returned" );
342 $staffClientBaseURL = "https://teststaff.com";
343 is( C4::Auth_with_shibboleth::_get_uri(),
344 "https://teststaff.com", "https $interface uri returned" );
346 $staffClientBaseURL = undef;
347 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
348 [ "shibboleth interface: $interface", "staffClientBaseURL not set!" ],
349 "undefined staffClientBaseURL - received expected warning";
350 is( $result, "https://", "https $interface uri returned" );
353 # Internal helper function, covered in tests above
359 'autocreate' => $autocreate,
361 'matchpoint' => $matchpoint,
362 'mapping' => \%mapping
372 if ( $param eq 'OPACBaseURL' ) {
373 $return = $OPACBaseURL;
376 if ( $param eq 'staffClientBaseURL' ) {
377 $return = $staffClientBaseURL;
383 sub mockedInterface {
391 ## Convenience method to reset config
393 $matchpoint = 'userid';
397 'userid' => { 'is' => 'uid' },
398 'surname' => { 'is' => 'sn' },
399 'dateexpiry' => { 'is' => 'exp' },
400 'categorycode' => { 'is' => 'cat' },
401 'address' => { 'is' => 'add' },
402 'city' => { 'is' => 'city' },
404 $ENV{'uid'} = "test1234";
409 $ENV{'city'} = undef;