From 6c1b969a1f5014c3ae4ea6405a91ff54f7c8afbe Mon Sep 17 00:00:00 2001 From: David Cook Date: Wed, 16 Aug 2023 02:51:43 +0000 Subject: [PATCH] Bug 34513: Add checkauth unit test for resetting auth state when changing users Signed-off-by: Nick Clemens Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit abbbc5924de287a73c7d91c0f8ab70f8d7461508) Signed-off-by: Fridolin Somers --- t/db_dependent/Auth.t | 44 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index 5de81401e1..3f25e3f917 100755 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -41,7 +41,7 @@ $schema->storage->txn_begin; subtest 'checkauth() tests' => sub { - plan tests => 8; + plan tests => 9; my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => undef } }); @@ -152,6 +152,48 @@ subtest 'checkauth() tests' => sub { }; }; + subtest 'Reset auth state when changing users' => sub { + #NOTE: It's easiest to detect this when changing to a non-existent user, since + #that should trigger a redirect to login (instead of returning a session cookie) + plan tests => 2; + my $patron = $builder->build_object({ class => 'Koha::Patrons', value => { flags => undef } }); + + my $session = C4::Auth::get_session(); + $session->param( 'number', $patron->id ); + $session->param( 'id', $patron->userid ); + $session->param( 'ip', '1.2.3.4' ); + $session->param( 'lasttime', time() ); + $session->param( 'interface', 'intranet' ); + $session->flush; + my $sessionID = $session->id; + C4::Context->_new_userenv($sessionID); + + my ( $return ) = C4::Auth::check_cookie_auth( $sessionID, undef, { skip_version_check => 1, remote_addr => '1.2.3.4' } ); + is( $return, 'ok', 'Patron authenticated' ); + + my $mock1 = Test::MockModule->new('C4::Auth'); + $mock1->mock( 'safe_exit', sub {return 'safe_exit_redirect'} ); + my $mock2 = Test::MockModule->new('CGI'); + $mock2->mock( 'request_method', 'POST' ); + $mock2->mock( 'cookie', sub { return $sessionID; } ); # oversimplified.. + my $cgi = CGI->new; + + $cgi->param( -name => 'userid', -value => 'Bond' ); + $cgi->param( -name => 'password', -value => 'James Bond' ); + $cgi->param( -name => 'koha_login_context', -value => 1 ); + my ( @return, $stdout ); + { + local *STDOUT; + local %ENV; + $ENV{REMOTE_ADDR} = '1.2.3.4'; + open STDOUT, '>', \$stdout; + @return = C4::Auth::checkauth( $cgi, 0, {} ); + close STDOUT; + } + is( $return[0], 'safe_exit_redirect', 'Changing to non-existent user causes a redirect to login'); + }; + + subtest 'While still logged in, relogin with another user' => sub { plan tests => 6; -- 2.39.5