3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # Koha is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with Koha; if not, see <http://www.gnu.org/licenses>.
21 use Module::Load::Conditional qw/check_install/;
25 use File::Temp qw(tempdir);
31 if ( check_install( module => 'Test::DBIx::Class' ) ) {
35 plan skip_all => "Need Test::DBIx::Class";
39 use Test::DBIx::Class {
40 schema_class => 'Koha::Schema',
41 connect_info => [ 'dbi:SQLite:dbname=:memory:', '', '' ]
45 my $matchpoint = 'userid';
49 'userid' => { 'is' => 'uid' },
50 'surname' => { 'is' => 'sn' },
51 'dateexpiry' => { 'is' => 'exp' },
52 'categorycode' => { 'is' => 'cat' },
53 'address' => { 'is' => 'add' },
54 'city' => { 'is' => 'city' },
56 $ENV{'uid'} = "test1234";
65 my $context = new Test::MockModule('C4::Context');
68 $context->mock( 'config', \&mockedConfig );
71 my $OPACBaseURL = "testopac.com";
72 my $staffClientBaseURL = "teststaff.com";
73 $context->mock( 'preference', \&mockedPref );
76 $context->mock( 'timezone', sub { return 'local'; } );
79 my $interface = 'opac';
80 $context->mock( 'interface', \&mockedInterface );
83 my $database = new Test::MockModule('Koha::Database');
86 $database->mock( 'schema', \&mockedSchema );
89 ##############################################################
92 use C4::Auth_with_shibboleth;
93 require_ok('C4::Auth_with_shibboleth');
94 $C4::Auth_with_shibboleth::debug = '0';
98 subtest "shib_ok tests" => sub {
102 # correct config, no debug
103 is( shib_ok(), '1', "good config" );
105 # bad config, no debug
107 warnings_are { $result = shib_ok() }
108 [ { carped => 'shibboleth matchpoint not defined' }, ],
109 "undefined matchpoint = fatal config, warning given";
110 is( $result, '0', "bad config" );
112 $matchpoint = 'email';
113 warnings_are { $result = shib_ok() }
114 [ { carped => 'shibboleth matchpoint not mapped' }, ],
115 "unmapped matchpoint = fatal config, warning given";
116 is( $result, '0', "bad config" );
118 # add test for undefined shibboleth block
124 #my $query = CGI->new();
125 #is(logout_shib($query),"https://".$opac."/Shibboleth.sso/Logout?return="."https://".$opac,"logout_shib");
128 subtest "login_shib_url tests" => sub {
131 my $query_string = 'language=en-GB';
133 local $ENV{REQUEST_METHOD} = 'GET';
134 local $ENV{QUERY_STRING} = $query_string;
135 local $ENV{SCRIPT_NAME} = '/cgi-bin/koha/opac-user.pl';
136 my $query = CGI->new($query_string);
138 login_shib_url($query),
139 'https://testopac.com'
140 . '/Shibboleth.sso/Login?target='
141 . 'https://testopac.com/cgi-bin/koha/opac-user.pl' . '%3F'
146 my $post_params = 'user=bob&password=wideopen';
147 local $ENV{REQUEST_METHOD} = 'POST';
148 local $ENV{CONTENT_LENGTH} = length($post_params);
150 my $dir = tempdir( CLEANUP => 1 );
151 my $infile = "$dir/in.txt";
152 open my $fh_write, '>', $infile or die "Could not open '$infile' $!";
153 print $fh_write $post_params;
156 open my $fh_read, '<', $infile or die "Could not open '$infile' $!";
158 $query = CGI->new($fh_read);
160 login_shib_url($query),
161 'https://testopac.com'
162 . '/Shibboleth.sso/Login?target='
163 . 'https://testopac.com/cgi-bin/koha/opac-user.pl',
171 subtest "get_login_shib tests" => sub {
177 $C4::Auth_with_shibboleth::debug = '0';
178 warnings_are { $login = get_login_shib() }[],
179 "good config with debug off, no warnings received";
180 is( $login, "test1234",
181 "good config with debug off, attribute value returned" );
184 $C4::Auth_with_shibboleth::debug = '1';
185 warnings_are { $login = get_login_shib() }[
186 "koha borrower field to match: userid",
187 "shibboleth attribute to match: uid",
188 "uid value: test1234"
190 "good config with debug enabled, correct warnings received";
191 is( $login, "test1234",
192 "good config with debug enabled, attribute value returned" );
194 # bad config - with shib_ok implemented, we should never reach this sub with a bad config
198 subtest "checkpw_shib tests" => sub {
202 my ( $retval, $retcard, $retuserid );
204 # Setup Mock Database Data
207 [qw/cardnumber userid surname address city/],
208 [qw/testcardnumber test1234 renvoize myaddress johnston/],
210 'Category' => [ [qw/categorycode default_privacy/], [qw/S never/], ]
212 'Installed some custom fixtures via the Populate fixture class';
215 $C4::Auth_with_shibboleth::debug = '0';
218 $shib_login = "test1234";
220 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
222 [], "good user with no debug";
223 is( $retval, "1", "user authenticated" );
224 is( $retcard, "testcardnumber", "expected cardnumber returned" );
225 is( $retuserid, "test1234", "expected userid returned" );
228 $shib_login = 'martin';
230 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
232 [], "bad user with no debug";
233 is( $retval, "0", "user not authenticated" );
237 $shib_login = 'test4321';
238 $ENV{'uid'} = 'test4321';
240 $ENV{'exp'} = "2017";
242 $ENV{'add'} = 'Address';
243 $ENV{'city'} = 'City';
245 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
247 [], "new user added with no debug";
248 is( $retval, "1", "user authenticated" );
249 is( $retuserid, "test4321", "expected userid returned" );
250 ok my $new_user = ResultSet('Borrower')
251 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "new user found";
252 is_fields [qw/surname dateexpiry address city/], $new_user->next,
253 [qw/pika 2017 Address City/],
254 'Found $new_users surname';
259 $ENV{'city'} = 'AnotherCity';
261 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
263 [], "good user with sync";
265 ok my $sync_user = ResultSet('Borrower')
266 ->search( { 'userid' => 'test4321' }, { rows => 1 } ), "sync user found";
268 is_fields [qw/surname dateexpiry address city/], $sync_user->next,
269 [qw/pika 2017 Address AnotherCity/],
270 'Found $sync_user synced city';
274 $C4::Auth_with_shibboleth::debug = '1';
277 $shib_login = "test1234";
279 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
283 qr/koha borrower field to match: userid/,
284 qr/shibboleth attribute to match: uid/,
285 qr/User Shibboleth-authenticated as:/
287 "good user with debug enabled";
288 is( $retval, "1", "user authenticated" );
289 is( $retcard, "testcardnumber", "expected cardnumber returned" );
290 is( $retuserid, "test1234", "expected userid returned" );
293 $shib_login = "martin";
295 ( $retval, $retcard, $retuserid ) = checkpw_shib($shib_login);
299 qr/koha borrower field to match: userid/,
300 qr/shibboleth attribute to match: uid/,
301 qr/User Shibboleth-authenticated as:/,
302 qr/not a valid Koha user/
304 "bad user with debug enabled";
305 is( $retval, "0", "user not authenticated" );
310 $OPACBaseURL = "testopac.com";
311 is( C4::Auth_with_shibboleth::_get_uri(),
312 "https://testopac.com", "https opac uri returned" );
314 $OPACBaseURL = "http://testopac.com";
316 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
317 "shibboleth interface: $interface",
318 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
320 "improper protocol - received expected warning";
321 is( $result, "https://testopac.com", "https opac uri returned" );
323 $OPACBaseURL = "https://testopac.com";
324 is( C4::Auth_with_shibboleth::_get_uri(),
325 "https://testopac.com", "https opac uri returned" );
327 $OPACBaseURL = undef;
328 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
329 [ "shibboleth interface: $interface", "OPACBaseURL not set!" ],
330 "undefined OPACBaseURL - received expected warning";
331 is( $result, "https://", "https $interface uri returned" );
333 ## _get_uri - intranet
334 $interface = 'intranet';
335 $staffClientBaseURL = "teststaff.com";
336 is( C4::Auth_with_shibboleth::_get_uri(),
337 "https://teststaff.com", "https $interface uri returned" );
339 $staffClientBaseURL = "http://teststaff.com";
340 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }[
341 "shibboleth interface: $interface",
342 "Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!"
344 "improper protocol - received expected warning";
345 is( $result, "https://teststaff.com", "https $interface uri returned" );
347 $staffClientBaseURL = "https://teststaff.com";
348 is( C4::Auth_with_shibboleth::_get_uri(),
349 "https://teststaff.com", "https $interface uri returned" );
351 $staffClientBaseURL = undef;
352 warnings_are { $result = C4::Auth_with_shibboleth::_get_uri() }
353 [ "shibboleth interface: $interface", "staffClientBaseURL not set!" ],
354 "undefined staffClientBaseURL - received expected warning";
355 is( $result, "https://", "https $interface uri returned" );
358 # Internal helper function, covered in tests above
364 'autocreate' => $autocreate,
366 'matchpoint' => $matchpoint,
367 'mapping' => \%mapping
377 if ( $param eq 'OPACBaseURL' ) {
378 $return = $OPACBaseURL;
381 if ( $param eq 'staffClientBaseURL' ) {
382 $return = $staffClientBaseURL;
388 sub mockedInterface {
396 ## Convenience method to reset config
398 $matchpoint = 'userid';
402 'userid' => { 'is' => 'uid' },
403 'surname' => { 'is' => 'sn' },
404 'dateexpiry' => { 'is' => 'exp' },
405 'categorycode' => { 'is' => 'cat' },
406 'address' => { 'is' => 'add' },
407 'city' => { 'is' => 'city' },
409 $ENV{'uid'} = "test1234";
414 $ENV{'city'} = undef;