3 # Copyright 2022 Theke Solutions
5 # This file is part of Koha
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use Test::More tests => 4;
28 use JSON qw(encode_json);
29 use MIME::Base64 qw{ encode_base64url };
31 use Koha::Auth::Client;
32 use Koha::Auth::Client::OAuth;
35 use t::lib::TestBuilder;
38 my $schema = Koha::Database->new->schema;
39 my $builder = t::lib::TestBuilder->new;
41 subtest 'get_user() tests' => sub {
44 $schema->storage->txn_begin;
46 my $client = Koha::Auth::Client::OAuth->new;
47 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
48 my $domain = $builder->build_object(
49 { class => 'Koha::Auth::Identity::Provider::Domains',
50 value => { identity_provider_id => $provider->id, domain => '', update_on_auth => 0, allow_opac => 1, allow_staff => 0 }
53 my $patron = $builder->build_object( { class => 'Koha::Patrons', value => { email => 'patron@test.com' } } );
55 email => 'electronic_mail',
56 firstname => 'given_name',
57 surname => 'family_name'
59 $provider->set_mapping($mapping)->store;
61 my $id_token = 'header.'
64 { electronic_mail => 'patron@test.com',
65 given_name => 'test name'
70 my $data = { id_token => $id_token };
72 my ( $resolved_patron, $mapped_data, $resolved_domain ) = $client->get_user( { provider => $provider->code, data => $data, interface => 'opac' } );
74 $resolved_patron->to_api( { user => $patron } ), $patron->to_api( { user => $patron } ),
75 'Patron correctly retrieved'
77 is( $mapped_data->{firstname}, 'test name', 'Data mapped correctly' );
78 is( $mapped_data->{surname}, undef, 'No surname mapped' );
79 is( $domain->identity_provider_domain_id, $resolved_domain->identity_provider_domain_id, 'Is the same domain' );
81 $schema->storage->txn_rollback;
84 subtest 'get_valid_domain_config() tests' => sub {
87 $schema->storage->txn_begin;
89 my $client = Koha::Auth::Client->new;
90 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
91 my $domain1 = $builder->build_object(
92 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '', allow_opac => 0, allow_staff => 0 } } );
93 my $domain2 = $builder->build_object(
94 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '*library.com', allow_opac => 1, allow_staff => 0 } } );
95 my $domain3 = $builder->build_object(
96 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '*.library.com', allow_opac => 1, allow_staff => 0 } }
98 my $domain4 = $builder->build_object(
99 { class => 'Koha::Auth::Identity::Provider::Domains',
100 value => { identity_provider_id => $provider->id, domain => 'student.library.com', allow_opac => 1, allow_staff => 0 }
103 my $domain5 = $builder->build_object(
104 { class => 'Koha::Auth::Identity::Provider::Domains',
105 value => { identity_provider_id => $provider->id, domain => 'staff.library.com', allow_opac => 1, allow_staff => 1 }
109 my $retrieved_domain;
112 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'opac' } );
113 is( $retrieved_domain, undef, 'gmail user cannot enter opac' );
114 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'staff' } );
115 is( $retrieved_domain, undef, 'gmail user cannot enter staff' );
117 # Test @otherlibrary.com
118 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@otherlibrary.com', interface => 'opac' } );
119 is( $retrieved_domain->identity_provider_domain_id, $domain2->identity_provider_domain_id, 'otherlibaray user can enter opac with domain2' );
120 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@otherlibrary.com', interface => 'staff' } );
121 is( $retrieved_domain, undef, 'otherlibrary user cannot enter staff' );
123 # Test @provider.library.com
124 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@provider.library.com', interface => 'opac' } );
125 is( $retrieved_domain->identity_provider_domain_id, $domain3->identity_provider_domain_id, 'provider.library user can enter opac with domain3' );
126 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@provider.library.com', interface => 'staff' } );
127 is( $retrieved_domain, undef, 'provider.library user cannot enter staff' );
129 # Test @student.library.com
130 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@student.library.com', interface => 'opac' } );
131 is( $retrieved_domain->identity_provider_domain_id, $domain4->identity_provider_domain_id, 'student.library user can enter opac with domain4' );
132 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@student.library.com', interface => 'staff' } );
133 is( $retrieved_domain, undef, 'student.library user cannot enter staff' );
135 # Test @staff.library.com
136 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@staff.library.com', interface => 'opac' } );
137 is( $retrieved_domain->identity_provider_domain_id, $domain5->identity_provider_domain_id, 'staff.library user can enter opac with domain5' );
138 $retrieved_domain = $client->get_valid_domain_config( { provider => $provider, email => 'user@staff.library.com', interface => 'staff' } );
139 is( $retrieved_domain->identity_provider_domain_id, $domain5->identity_provider_domain_id, 'staff.library user can enter staff with domain5' );
141 $schema->storage->txn_rollback;
144 subtest 'has_valid_domain_config() tests' => sub {
146 $schema->storage->txn_begin;
148 my $client = Koha::Auth::Client->new;
149 my $provider = $builder->build_object( { class => 'Koha::Auth::Identity::Providers', value => { matchpoint => 'email' } } );
150 my $domain1 = $builder->build_object(
151 { class => 'Koha::Auth::Identity::Provider::Domains', value => { identity_provider_id => $provider->id, domain => '', allow_opac => 1, allow_staff => 0 } } );
154 my $retrieved_domain = $client->has_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'opac' } );
155 is( $retrieved_domain->identity_provider_domain_id, $domain1->identity_provider_domain_id, 'gmail user can enter opac with domain1' );
156 throws_ok { $client->has_valid_domain_config( { provider => $provider, email => 'user@gmail.com', interface => 'staff' } ) } 'Koha::Exceptions::Auth::NoValidDomain',
157 'gmail user cannot enter staff';
159 $schema->storage->txn_rollback;
162 subtest '_traverse_hash() tests' => sub {
165 my $client = Koha::Auth::Client->new;
168 a => { hash => { with => 'complicated structure' } },
169 an => { array => [ { inside => 'a hash' }, { inside => 'second element' } ] }
172 my $first_result = $client->_traverse_hash(
174 keys => 'a.hash.with'
177 is( $first_result, 'complicated structure', 'get the value within a hash structure' );
179 my $second_result = $client->_traverse_hash(
181 keys => 'an.array.0.inside'
184 is( $second_result, 'a hash', 'get the value of the first element of an array within a hash structure' );
186 my $third_result = $client->_traverse_hash(
188 keys => 'an.array.1.inside'
191 is( $third_result, 'second element', 'get the value of the second element of an array within a hash structure' );