3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19 use Test::More tests => 3;
23 use Koha::Auth::TwoFactorAuth;
26 use t::lib::TestBuilder;
29 my $pref_value = C4::Context->preference('TwoFactorAuthentication');
32 eval { require Selenium::Remote::Driver; };
33 skip "Selenium::Remote::Driver is needed for selenium tests.", 2 if $@;
35 my $builder = t::lib::TestBuilder->new;
37 my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => 1 }});
38 $patron->flags(1)->store; # superlibrarian permission
39 my $password = Koha::AuthUtils::generate_password($patron->category);
40 t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 );
41 $patron->set_password({ password => $password });
43 push @data_to_cleanup, $patron, $patron->category, $patron->library;
45 my $s = t::lib::Selenium->new({ login => $patron->userid, password => $password });
46 my $driver = $s->driver;
48 subtest 'Setup' => sub {
51 my $mainpage = $s->base_url . q|mainpage.pl|;
52 $driver->get($mainpage);
53 like( $driver->get_title, qr(Log in to Koha), 'Hitting the main page should redirect to the login form');
56 like( $driver->get_title, qr(Koha staff interface), 'Patron with flags superlibrarian should be able to login' );
58 C4::Context->set_preference('TwoFactorAuthentication', 0);
59 $driver->get($s->base_url . q|members/two_factor_auth.pl|);
60 like( $driver->get_title, qr(Error 404), 'Must be redirected to 404 is the pref is off' );
62 C4::Context->set_preference('TwoFactorAuthentication', 1);
63 $driver->get($s->base_url . q|members/two_factor_auth.pl|);
64 like( $driver->get_title, qr(Two-factor authentication), 'Must be on the page with the pref on' );
66 is( $driver->find_element('//div[@class="two-factor-status"]')->get_text(), 'Status: Disabled', '2FA is disabled' );
68 $driver->find_element('//form[@id="two-factor-auth"]//input[@type="submit"]')->click;
69 ok($driver->find_element('//img[@id="qr_code"]'), 'There is a QR code');
71 $s->fill_form({pin_code => 'wrong_code'});
73 ok($driver->find_element('//div[@class="dialog error"][contains(text(), "Invalid PIN code")]'));
74 is( $patron->get_from_storage->secret, undef, 'secret is not set in DB yet' );
76 my $secret32 = $driver->find_element('//form[@id="two-factor-auth"]//input[@name="secret32"]')->get_value();
77 my $auth = Koha::Auth::TwoFactorAuth->new({patron => $patron, secret32 => $secret32});
78 my $code = $auth->code();
79 $s->fill_form({pin_code => $code});
81 is( $driver->find_element('//div[@class="two-factor-status"]')->get_text(), 'Status: Enabled', '2FA is enabled' );
82 $patron = $patron->get_from_storage;
83 is( $patron->decoded_secret, $secret32, 'encrypted secret is set in DB' );
87 subtest 'Login' => sub {
90 my $mainpage = $s->base_url . q|mainpage.pl|;
92 my $secret32 = $patron->decoded_secret;
94 $driver->get($mainpage . q|?logout.x=1|);
95 $driver->get($s->base_url . q|circ/circulation.pl?borrowernumber=|.$patron->borrowernumber);
96 like( $driver->get_title, qr(Log in to Koha), 'Must be on the first auth screen' );
97 $driver->capture_screenshot('selenium_failure_2.png');
99 like( $driver->get_title, qr(Two-factor authentication), 'Must be on the second auth screen' );
100 is( login_error($s), undef );
102 my $auth = Koha::Auth::TwoFactorAuth->new(
103 { patron => $patron, secret32 => $secret32 } );
104 my $code = $auth->code();
106 $driver->find_element('//form[@id="loginform"]//input[@id="otp_token"]')->send_keys($code);
107 $driver->find_element('//input[@type="submit"]')->click;
108 like( $driver->get_title, qr(Checking out to ), 'Must be redirected to the original page' );
111 { # second try and logout
112 $driver->get($mainpage . q|?logout.x=1|);
113 $driver->get($s->base_url . q|circ/circulation.pl?borrowernumber=|.$patron->borrowernumber);
114 like( $driver->get_title, qr(Log in to Koha), 'Must be on the first auth screen' );
116 like( $driver->get_title, qr(Two-factor authentication), 'Must be on the second auth screen' );
117 is( login_error($s), undef );
118 $driver->find_element('//form[@id="loginform"]//input[@id="otp_token"]')->send_keys('wrong_code');
119 $driver->find_element('//input[@type="submit"]')->click;
120 is( login_error($s), "Invalid two-factor code" );
122 $driver->get($mainpage);
123 like( $driver->get_title, qr(Two-factor authentication), 'Must still be on the second auth screen' );
124 is( login_error($s), undef );
125 $driver->find_element('//a[@id="logout"]')->click();
126 like( $driver->get_title, qr(Log in to Koha), 'Must be on the first auth screen' );
127 is( login_error($s), undef );
130 { # second try and success
132 $driver->get($mainpage . q|?logout.x=1|);
133 $driver->get($s->base_url . q|circ/circulation.pl?borrowernumber=|.$patron->borrowernumber);
134 like( $driver->get_title, qr(Log in to Koha), 'Must be on the first auth screen' );
135 like( login_error($s), qr(Session timed out) );
137 like( $driver->get_title, qr(Two-factor authentication), 'Must be on the second auth screen' );
138 is( login_error($s), undef );
139 $driver->find_element('//form[@id="loginform"]//input[@id="otp_token"]')->send_keys('wrong_code');
140 $driver->find_element('//input[@type="submit"]')->click;
141 is( login_error($s), "Invalid two-factor code" );
143 my $auth = Koha::Auth::TwoFactorAuth->new(
144 { patron => $patron, secret32 => $secret32 } );
145 my $code = $auth->code();
147 $driver->find_element('//form[@id="loginform"]//input[@id="otp_token"]')->send_keys($code);
148 $driver->find_element('//input[@type="submit"]')->click;
149 like( $driver->get_title, qr(Checking out to ), 'Must be redirected to the original page' );
153 subtest "Disable" => sub {
156 my $mainpage = $s->base_url . q|mainpage.pl|;
157 $driver->get( $mainpage . q|?logout.x=1| );
159 my $auth = Koha::Auth::TwoFactorAuth->new( { patron => $patron } );
160 my $code = $auth->code();
162 $driver->find_element('//form[@id="loginform"]//input[@id="otp_token"]')
164 $driver->find_element('//input[@type="submit"]')->click;
166 $driver->get( $s->base_url . q|members/two_factor_auth.pl| );
169 $driver->find_element('//div[@class="two-factor-status"]')->get_text(),
174 $driver->find_element('//form[@id="two-factor-auth"]//input[@type="submit"]')->click;
177 $driver->find_element('//div[@class="two-factor-status"]')->get_text(),
179 '2FA has been disabled'
182 $patron = $patron->get_from_storage;
183 is( $patron->secret, undef, "Secret has been cleared" );
184 is( $patron->auth_method(), 'password', 'auth_method has been reset to "password"' );
191 $_->delete for @data_to_cleanup;
192 C4::Context->set_preference('TwoFactorAuthentication', $pref_value);
198 my $driver = $s->driver;
200 $s->remove_error_handler;
201 my $login_error = eval {
202 my $elt = $driver->find_element('//div[@id="login_error"]');
203 return $elt->get_text if $elt && $elt->id;
205 $s->add_error_handler;
209 # Don't use the usual t::lib::Selenium->auth as we don't want the ->get($mainpage) to test the redirect
210 sub fill_login_form {
212 $s->fill_form({ userid => $s->login, password => $s->password });
213 $s->driver->find_element('//input[@id="submit-button"]')->click;