From 5092970ae1c30ef67d205f8d89d06cd0f4ddbb49 Mon Sep 17 00:00:00 2001 From: David Cook Date: Wed, 16 Aug 2023 02:21:40 +0000 Subject: [PATCH] Bug 34513: Add end-to-end test for authorization check after first failed authorization Signed-off-by: Nick Clemens Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass --- t/db_dependent/selenium/authentication.t | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/t/db_dependent/selenium/authentication.t b/t/db_dependent/selenium/authentication.t index dce1cbd8df..47778dd84b 100755 --- a/t/db_dependent/selenium/authentication.t +++ b/t/db_dependent/selenium/authentication.t @@ -42,7 +42,7 @@ SKIP: { my $driver = $s->driver; subtest 'Staff interface authentication' => sub { - plan tests => 6; + plan tests => 7; my $mainpage = $s->base_url . q|mainpage.pl|; $driver->get($mainpage); like( $driver->get_title, qr(Log in to Koha), 'Hitting the main page should redirect to the login form'); @@ -52,10 +52,14 @@ SKIP: { t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 ); $patron->set_password({ password => $password }); - # Patron does not have permission to access staff interface + # Patron is authenticated but is not authorized to access staff interface $s->auth( $patron->userid, $password ); like( $driver->get_title, qr(Access denied), 'Patron without permission should be redirected to the login form' ); + # Try logging in as someone else (even a non-existent patron) and you should still be denied access + $s->auth('Bond','James Bond'); + like( $driver->get_title, qr(Invalid username or password), 'Trying to change to a non-existent user should fail login' ); + $driver->get($mainpage . q|?logout.x=1|); $patron->flags(4)->store; # catalogue permission $s->auth( $patron->userid, $password ); -- 2.39.5