Apache2-Controller
view release on metacpan or search on metacpan
'create database tables'
);
sleep 5;
diag("get login page: GET_STR('$user_area')");
my $login_first = GET_STR($user_area);
#diag($login_first);
ok t_cmp(
$login_first,
qr{ ^ This \s is \s the \s login \s page\. }mxs,
'first try redirects internally to login page',
);
# try the protected page with the param. it should redirect to registration.
my $protected_page_with_unk_openid_url = "$user_area?openid_url=$esc_openid_url";
diag("trying a protected page with unknown openid_url param: '$protected_page_with_unk_openid_url'");
my $register_when_unknown_protected
= GET_BODY($protected_page_with_unk_openid_url);
#diag($register_when_unknown_protected);
ok t_cmp(
$register_when_unknown_protected,
'Registration page - just testing.',
'protected page w/ unknown openid url internal redispatch to registration',
);
# accessing the login page should have given the same results
my $reg_unk_login_url = "$login_url?openid_url=$esc_openid_url";
diag("get login page with unknown url to dispatch to registration: $reg_unk_login_url");
my $register_when_unknown_login = GET_BODY($reg_unk_login_url);
ok t_cmp(
$register_when_unknown_login,
'Registration page - just testing.',
'login page w/ unknown openid url internal redispatch to registration',
);
# register the user for real (add them to the database
my $register_url = "$protected_url/register?for_real=1&openid_url=$esc_openid_url";
diag("register the user: $register_url");
my $register_for_real = GET_BODY($register_url);
diag($register_for_real);
ok t_cmp(
$register_for_real,
'Registration page - registered user.',
'registered openid_url in database for user',
);
# ok, now try accessing the login page with openid_url param -
# should redirect externally to the openid server
my $try_login_url = "$login_url?openid_url=$esc_openid_url";
diag("trying login for real, should redirect to openid server for login: $try_login_url");
my $try_login = GET_STR($try_login_url);
#diag("try_login\n$try_login");
my ($location_from_login) = $try_login =~ m{ ^ Location: \s+ (.*?) \n }mxs;
diag("location from login:\n$location_from_login");
my $redirect_verify_pat = qr{ \A \Q$openid_url_base\E /server \? }mxs;
ok t_cmp(
$location_from_login,
$redirect_verify_pat,
'redirect from login matches pattern'
);
# accessing the protected user area with the openid_url param
# should result in the same external redirection to the openid server
my $try_protected = GET_STR("$user_area?openid_url=$esc_openid_url");
#diag("try_protected\n$try_protected");
my ($location_from_user_area) = $try_protected =~ m{ ^ Location: \s (.*?) \n }mxs;
#diag("location from user area:\n$location_from_user_area");
ok t_cmp(
$location_from_user_area,
$redirect_verify_pat,
'redirect from user area matches pattern',
);
(my $test_location_from_login = $location_from_login)
=~ s{ oic\.time\%3D [^\&]+ }{oic.time%3D[oic.time placeholder]}mxs;
(my $test_location_from_user_area = $location_from_user_area)
=~ s{ oic\.time\%3D [^\&]+ }{oic.time%3D[oic.time placeholder]}mxs;
ok t_cmp(
$test_location_from_login,
$test_location_from_user_area,
'redirect from login (mostly) same as from user area',
);
# ok, try the full login sequence
login();
return;
# then try logging out
logout();
DEBUG "NEW TEST: ACCESS USER AREA AFTER LOGOUT";
# now accessing user area should redirect to login page again
my $login_again = GET_BODY($user_area);
#diag($login_again);
ok t_cmp(
$login_again,
'This is the login page.',
'trying user area after logout redirects to login page',
);
# but if we force timeout and then try user area, it should
# seamlessly redirect to the openid auth server
DEBUG "STARTING LOGIN SEQUENCE";
# log in again
login();
# force the session to timeout
my $force_timeout = GET_BODY('/openid/unprotected/setup/force_timeout');
ok t_cmp($force_timeout, 'Forced session timeout.', 'forced session timeout ok');
# try to access user area again, should redirect to auth server
my $user_area_after_timeout = GET_STR($user_area);
my ($location_relogin) = $user_area_after_timeout =~ m{ ^ Location: \s (.*?) \n }mxs;
ok t_cmp(
$location_relogin,
$redirect_verify_pat,
'Seamless re-login after timeout - redirected to server.',
);
# it should also have the return_to param set to the user area
ok t_cmp(
$location_relogin,
qr{ return_to= .*? \Q$user_area\E }mxs,
'relogin location got return to for user area',
);
# as long as auth server thinks we're still logged in, should get back
# a location to user area
my $relogin_after_timeout = GET_STR($location_relogin);
my ($location_relogin_back_to_user_area) = $relogin_after_timeout
=~ m{ ^ Location: \s (.*?) \n }mxs;
#diag("back to user area: $location_relogin_back_to_user_area");
ok t_cmp(
$location_relogin_back_to_user_area,
qr{ http://.*? \Q$user_area\E }mxs,
'relogin return location is back to user area',
);
my $relogin_get_user_area_authorized = GET_BODY($location_relogin_back_to_user_area);
ok t_cmp(
$relogin_get_user_area_authorized,
'Protected user area worked!',
'seamlessly redirected back to authorized user area',
);
# GET query string preservation
# now try logging out, get with some vars, and check those vars
# are read in after the redirect sequence
logout();
my $dump_url = "$protected_url/dump_params";
my %get_query_vars = (
captain => 'Capt. James T. Kirk',
science => 'First Office Spock',
medical => 'Lt. Cmdr. Leonard H. "Bones" McCoy',
awayteam => [
'Lt. Hikaru Sulu',
'Nameless Yeoman Monster Fodder #1',
'Nameless Yeoman Monster Fodder #2',
],
);
my $dump_url_get = "$dump_url?".qs( %get_query_vars );
diag("GETting query dump for '$dump_url_get'");
# should redirect thru openid server
my $redirect_for_get_vars = GET_STR($dump_url_get);
my ($location_openidserver_get_vars) = $redirect_for_get_vars
=~ m{ ^ Location: \s (.*?) \n }mxs;
diag("hrmm: $redirect_for_get_vars") if !defined $location_openidserver_get_vars;
diag("redirected to '$location_openidserver_get_vars'");
# POST body var preservation
}; # end of all-tests eval
diag("caught an error: '$EVAL_ERROR'") if $EVAL_ERROR;
killserver();
sub killserver {
return if !$openid_server_pid;
# kill the server
kill 9, $openid_server_pid
|| croak "Cannot kill openid_server in pid $openid_server_pid\n";
return;
}
my $try = 0;
sub login {
$try++;
DEBUG "GETTING LOGIN URL WITH OPENID PARAM";
my $try_login = GET_STR("$login_url?".qs(
openid_url => $openid_url,
test_try => $try
));
#diag("try_login\n$try_login");
my ($location_from_login) = $try_login =~ m{ ^ Location: \s+ (.*?) \n }mxs;
#diag("location from login:\n$location_from_login");
my $redirect_verify_pat = qr{ \A \Q$openid_url_base\E /server \? }mxs;
ok t_cmp(
$location_from_login,
$redirect_verify_pat,
'redirect from login matches pattern'
);
# get that location and expect a positive return response from openid server
DEBUG "GETTING LOCATION REDIRECT (OPENIDSERVER PAGE) FROM LOGIN '$location_from_login'";
my $try_openid = GET_STR("$location_from_login");
my ($location_return) = $try_openid =~ m{ ^ Location: \s+ (.*?) \n }mxs;
ok t_cmp(
$location_return,
qr{ \A \Q$test_server_url\E \Q$user_area\E \? }mxs,
"openid redirect return to user area with some params",
);
diag("openid return location:\n$location_return");
# ok, get that one and see what happens
DEBUG "GETTING RETURN LOCATION URI '$location_return'";
my $try_authd_access_firststep = GET_STR("$location_return");
my ($pass_id_url) = $try_authd_access_firststep
=~ m{ ^ Location: \s+ (.*?) \n }mxs;
#diag("authorized access?\n".$try_authd_access);
diag("got pass-identity url: $pass_id_url");
ok t_cmp(
$pass_id_url,
qr{ \A \Q$openid_url_base\E /pass-identity \? }mxs,
'pass-identity url returned from access after auth',
);
# ok, get the pass-identity url and see what happens
my $try_pass_id = GET_STR($pass_id_url);
diag($try_pass_id);
return;
# try user area again w/ no params and make sure we're still logged in
DEBUG "GETTING USER AREA '$user_area'";
DEBUG "current time = ".time;
my $try_authd_access_again = GET_BODY("$user_area?".qs(
test_try => $try,
tryagain => 1, # i don't do anything with these params
)); # in the module unless i'm stuck
#diag("trying again\n".$try_authd_access_again);
ok t_cmp(
$try_authd_access_again,
'Protected user area worked!',
'stayed logged in with no params.'
);
DEBUG "DONE WITH LOGIN SEQUENCE";
}
sub logout {
DEBUG "NEW TEST: logout";
# what happens when we try logout?
my $try_logout = GET_BODY("$protected_url/logout");
#diag('try logout: '.$try_logout);
ok t_cmp(
$try_logout,
( run in 0.664 second using v1.01-cache-2.11-cpan-437f7b0c052 )