4 # This file is part of Koha
6 # Koha is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 3 of the License, or
9 # (at your option) any later version.
11 # Koha is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use Test::More tests => 4;
24 use t::lib::TestBuilder;
29 my $schema = Koha::Database->new->schema;
30 my $builder = t::lib::TestBuilder->new;
32 my $t = Test::Mojo->new('Koha::REST::V1');
33 t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
35 $schema->storage->txn_begin;
37 # create a privileged user
38 my $librarian = $builder->build_object(
40 class => 'Koha::Patrons',
41 value => { flags => 2 ** 4 } # borrowers flag = 4
44 my $password = 'thePassword123';
45 $librarian->set_password( { password => $password, skip_validation => 1 } );
46 my $userid = $librarian->userid;
48 subtest 'password validation - account lock out' => sub {
52 $schema->storage->txn_begin;
54 t::lib::Mocks::mock_preference( 'FailedLoginAttempts', 1 );
57 identifier => $userid,
61 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
63 ->json_is({ error => q{Validation failed} });
65 $json->{password} = $password;
67 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
69 ->json_is({ error => q{Validation failed} });
71 $schema->storage->txn_rollback;
74 subtest 'password validation - unauthorized user' => sub {
78 $schema->storage->txn_begin;
80 my $patron = $builder->build_object(
82 class => 'Koha::Patrons',
83 value => { flags => 2 ** 2 } # catalogue flag = 2
86 my $password = 'thePassword123';
87 $patron->set_password( { password => $password, skip_validation => 1 } );
88 my $userid = $patron->userid;
91 identifier => $userid,
95 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
97 ->json_is('/error' => 'Authorization failure. Missing required permission(s).');
99 $schema->storage->txn_rollback;
102 subtest 'password validation - unauthenticated user' => sub {
105 $schema->storage->txn_begin;
108 identifier => "banana",
112 $t->post_ok( "/api/v1/auth/password/validation" => json => $json )
113 ->json_is( '/error' => 'Authentication failure.' )
116 $schema->storage->txn_rollback;
119 subtest 'Password validation - authorized requests tests' => sub {
123 $schema->storage->txn_begin;
125 # generate a random unused userid
126 my $patron_to_delete = $builder->build_object( { class => 'Koha::Patrons' } );
128 my $deleted_userid = $patron_to_delete->userid;
129 my $deleted_cardnumber = $patron_to_delete->cardnumber;
131 $patron_to_delete->delete;
134 identifier => $librarian->userid,
135 password => $password,
138 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
139 ->status_is(204, 'Validating using `cardnumber` works')
143 identifier => $librarian->cardnumber,
144 password => $password,
147 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
148 ->status_is(204, 'Validating using `cardnumber` works')
152 identifier => $deleted_cardnumber,
153 password => $password,
156 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
157 ->status_is(400, 'Validating using and invalid identifier fails')
158 ->json_is({ error => 'Validation failed' });
161 identifier => $deleted_userid,
162 password => $password,
165 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
166 ->status_is(400, 'Validating using and invalid identifier fails')
167 ->json_is({ error => 'Validation failed' });
170 password => $password,
171 userid => $deleted_userid,
174 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
175 ->status_is(400, 'Validating using and invalid userid fails')
176 ->json_is({ error => 'Validation failed' });
179 password => $password,
183 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
184 ->status_is(204, 'Validating using the `userid` attribute works')
188 password => $password,
189 userid => $librarian->cardnumber,
192 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
193 ->status_is( 400, 'Validating using a cardnumber as userid fails' )->json_is( { error => 'Validation failed' } );
196 identifier => $userid,
197 password => $password,
201 $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )
202 ->status_is(400, 'Passing both parameters forbidden')
203 ->json_is({ error => 'Bad request. Only one identifier attribute can be passed.' });
205 $schema->storage->txn_rollback;
208 $schema->storage->txn_rollback;