3 # Copyright 2022 Theke Solutions
5 # This file is part of Koha
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use Test::More tests => 4;
27 use JSON qw(encode_json);
28 use MIME::Base64 qw{ encode_base64url };
30 use Koha::Auth::Client;
31 use Koha::Auth::Client::OAuth;
34 use t::lib::TestBuilder;
37 my $schema = Koha::Database->new->schema;
38 my $builder = t::lib::TestBuilder->new;
40 subtest 'get_user() tests' => sub {
43 $schema->storage->txn_begin;
45 my $client = Koha::Auth::Client::OAuth->new;
46 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
47 my $domain = $builder->build_object(
48 { class => 'Koha::Auth::Identity::Provider::Domains',
49 value => { identity_provider_id => $provider->id, domain => '', update_on_auth => 0, allow_opac => 1, allow_staff => 0 }
52 my $patron = $builder->build_object( { class => 'Koha::Patrons', value => { email => 'patron@test.com' } } );
54 email => 'electronic_mail',
55 firstname => 'given_name',
56 surname => 'family_name'
58 $provider->set_mapping($mapping)->store;
60 my $id_token = 'header.'
63 { electronic_mail => 'patron@test.com',
64 given_name => 'test name'
69 my $data = { id_token => $id_token };
71 my ( $resolved_patron, $mapped_data, $resolved_domain ) = $client->get_user( { provider => $provider->code, data => $data, interface => 'opac' } );
72 is_deeply( $resolved_patron->to_api, $patron->to_api, 'Patron correctly retrieved' );
73 is( $mapped_data->{firstname}, 'test name', 'Data mapped correctly' );
74 is( $mapped_data->{surname}, undef, 'No surname mapped' );
75 is( $domain->identity_provider_domain_id, $resolved_domain->identity_provider_domain_id, 'Is the same domain' );
77 $schema->storage->txn_rollback;
81 subtest 'get_valid_domain_config() tests' => sub {
84 $schema->storage->txn_begin;
86 my $client = Koha::Auth::Client->new;
87 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
88 my $domain1 = $builder->build_object(
89 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '', allow_opac => 0, allow_staff => 0 } } );
90 my $domain2 = $builder->build_object(
91 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '*library.com', allow_opac => 1, allow_staff => 0 } } );
92 my $domain3 = $builder->build_object(
93 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '*.library.com', allow_opac => 1, allow_staff => 0 } }
95 my $domain4 = $builder->build_object(
96 { class => 'Koha::Auth::Identity::Provider::Domains',
97 value => { identity_provider_id => $provider->id, domain => 'student.library.com', allow_opac => 1, allow_staff => 0 }
100 my $domain5 = $builder->build_object(
101 { class => 'Koha::Auth::Identity::Provider::Domains',
102 value => { identity_provider_id => $provider->id, domain => 'staff.library.com', allow_opac => 1, allow_staff => 1 }
106 my $retrieved_domain;
109 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'opac' } );
110 is( $retrieved_domain, undef, 'gmail user cannot enter opac' );
111 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'staff' } );
112 is( $retrieved_domain, undef, 'gmail user cannot enter staff' );
114 # Test @otherlibrary.com
115 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@otherlibrary.com', interface => 'opac' } );
116 is( $retrieved_domain->identity_provider_domain_id, $domain2->identity_provider_domain_id, 'otherlibaray user can enter opac with domain2' );
117 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@otherlibrary.com', interface => 'staff' } );
118 is( $retrieved_domain, undef, 'otherlibrary user cannot enter staff' );
120 # Test @provider.library.com
121 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@provider.library.com', interface => 'opac' } );
122 is( $retrieved_domain->identity_provider_domain_id, $domain3->identity_provider_domain_id, 'provider.library user can enter opac with domain3' );
123 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@provider.library.com', interface => 'staff' } );
124 is( $retrieved_domain, undef, 'provider.library user cannot enter staff' );
126 # Test @student.library.com
127 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@student.library.com', interface => 'opac' } );
128 is( $retrieved_domain->identity_provider_domain_id, $domain4->identity_provider_domain_id, 'student.library user can enter opac with domain4' );
129 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@student.library.com', interface => 'staff' } );
130 is( $retrieved_domain, undef, 'student.library user cannot enter staff' );
132 # Test @staff.library.com
133 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@staff.library.com', interface => 'opac' } );
134 is( $retrieved_domain->identity_provider_domain_id, $domain5->identity_provider_domain_id, 'staff.library user can enter opac with domain5' );
135 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@staff.library.com', interface => 'staff' } );
136 is( $retrieved_domain->identity_provider_domain_id, $domain5->identity_provider_domain_id, 'staff.library user can enter staff with domain5' );
138 $schema->storage->txn_rollback;
141 subtest 'has_valid_domain_config() tests' => sub {
143 $schema->storage->txn_begin;
145 my $client = Koha::Auth::Client->new;
146 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
147 my $domain1 = $builder->build_object(
148 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '', allow_opac => 1, allow_staff => 0 } } );
151 my $retrieved_domain = $client->has_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'opac' } );
152 is( $retrieved_domain->identity_provider_domain_id, $domain1->identity_provider_domain_id, 'gmail user can enter opac with domain1' );
153 throws_ok { $client->has_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'staff' } ) } 'Koha::Exceptions::Auth::NoValidDomain',
154 'gmail user cannot enter staff';
156 $schema->storage->txn_rollback;
159 subtest '_traverse_hash() tests' => sub {
162 my $client = Koha::Auth::Client->new;
165 a => { hash => { with => 'complicated structure' } },
166 an => { array => [ { inside => 'a hash' }, { inside => 'second element' } ] }
169 my $first_result = $client->_traverse_hash(
171 keys => 'a.hash.with'
174 is( $first_result, 'complicated structure', 'get the value within a hash structure' );
176 my $second_result = $client->_traverse_hash(
178 keys => 'an.array.0.inside'
181 is( $second_result, 'a hash', 'get the value of the first element of an array within a hash structure' );
183 my $third_result = $client->_traverse_hash(
185 keys => 'an.array.1.inside'
188 is( $third_result, 'second element', 'get the value of the second element of an array within a hash structure' );