Apache2-AuthCookieDBI
view release on metacpan or search on metacpan
use strict;
use warnings;
use English qw(-no_match_vars);
use FindBin qw($Bin);
use lib "$Bin/mock_libs";
use Apache2::RequestRec; # from mocks
use Apache2::Const -compile => qw( OK HTTP_FORBIDDEN );
use Crypt::CBC; # from mocks
use Digest::MD5 qw( md5_hex ); # from mocks
use Digest::SHA;
use Data::Dumper;
use Mock::Tieable;
use Test::More tests => 71;
use constant CLASS_UNDER_TEST => 'Apache2::AuthCookieDBI';
use constant EMPTY_STRING => q{};
use constant TRUE => 1;
use_ok(CLASS_UNDER_TEST);
test_authen_cred();
test_check_password();
test_defined_or_empty();
test_decrypt_session_key();
test_encrypt_session_key();
test_dir_config_var();
test_authen_ses_key();
test_get_cipher_for_type();
test_group();
test__dbi_connect();
test_get_crypted_password();
test_user_is_active();
test__get_new_session();
exit;
sub set_up {
my $auth_name = shift;
my $mock_config = shift || _mock_config_for_auth_name($auth_name);
my $r = Apache2::RequestRec->new(
auth_name => $auth_name,
mock_config => $mock_config
); # from mock_libs
return $r;
}
sub _mock_config_for_auth_name {
my ($auth_name) = @_;
my %mock_config = (
"${auth_name}DBI_DSN" => 'test_DBI_DSN',
"${auth_name}DBI_User" => 'test_DBI_User',
"${auth_name}DBI_Password" => 'test_DBI_Password',
"${auth_name}DBI_SecretKey" => 'test_DBI_SecretKey',
"${auth_name}DBI_PasswordField" => 'test_DBI_PasswordField',
"${auth_name}DBI_UsersTable" => 'test_DBI_Userstable',
"${auth_name}DBI_UserField" => 'test_DBI_UserField',
"${auth_name}DBI_UserActiveField" => EMPTY_STRING,
);
return \%mock_config;
}
sub test_authen_cred {
my $auth_name = 'testing_authen_cred';
my $secret_key = 'test secret key';
my $mock_config = {
$auth_name . 'DBI_DSN' => 'test DSN',
$auth_name . 'DBI_SecretKey' => $secret_key,
$auth_name . 'DBI_User' => $auth_name,
$auth_name . 'DBI_Password' => 'test DBI password',
$auth_name . 'DBI_UsersTable' => 'users',
$auth_name . 'DBI_UserField' => 'user',
$auth_name . 'DBI_passwordfield' => 'password',
$auth_name . 'DBI_crypttype' => 'none',
$auth_name . 'DBI_groupstable' => 'groups',
$auth_name . 'DBI_groupfield' => 'grp',
$auth_name . 'DBI_groupuserfield' => 'user',
$auth_name . 'DBI_encryptiontype' => 'none',
$auth_name . 'DBI_sessionlifetime' => '00-24-00-00',
$auth_name . 'DBI_sessionmodule' => 'none',
};
my $r = set_up( $auth_name, $mock_config );
my $empty_user = EMPTY_STRING;
my $test_password = 'test password';
my @extra_data = qw(extra_1 extra_2);
my $got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $empty_user, $test_password,
@extra_data );
Test::More::is( $got_session_key, undef,
'authen_cred returns undef when user is an empty string.' );
my $test_user = 'username';
my $empty_password = EMPTY_STRING;
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $empty_password,
@extra_data );
Test::More::is( $got_session_key, undef,
'authen_cred returns undef when password is an empty string.' );
$r = set_up( $auth_name, $mock_config );
{
my $stub_get_crypted_password = sub { return $test_password };
no warnings qw(redefine);
local *Apache2::AuthCookieDBI::_get_crypted_password
= $stub_get_crypted_password;
$got_session_key
= CLASS_UNDER_TEST->authen_cred( $r, $test_user, $test_password,
@extra_data );
}
Test::More::like(
$got_session_key,
qr/\A ${test_user}:/x,
'authen_cred returns session key starting with username when all OK.'
)
|| Test::More::diag( 'Mock request object contains: ',
Data::Dumper::Dumper($r) );
}
sub test_authen_ses_key {
my $auth_name = 'testing_authen_ses_key';
my $secret_key = 'test secret key';
my $mock_config = {
$auth_name . 'DBI_DSN' => 'test DSN',
$auth_name . 'DBI_SecretKey' => $secret_key,
$auth_name . 'DBI_User' => $auth_name,
$auth_name . 'DBI_Password' => 'test DBI password',
$auth_name . 'DBI_UsersTable' => 'users',
$auth_name . 'DBI_UserField' => 'user',
$auth_name . 'DBI_passwordfield' => 'password',
$auth_name . 'DBI_crypttype' => 'none',
$auth_name . 'DBI_groupstable' => 'groups',
$auth_name . 'DBI_groupfield' => 'grp',
$auth_name . 'DBI_groupuserfield' => 'user',
$auth_name . 'DBI_encryptiontype' => 'none',
$auth_name . 'DBI_sessionlifetime' => '00-24-00-00',
$auth_name . 'DBI_sessionmodule' => 'Mock::Tieable',
};
my $r = set_up( $auth_name, $mock_config );
my $expected_user = 'expected_username';
my $issue_time = '2006-02-04-10-34-23';
my $expire_time = '9999-02-04-10-45-00';
my $session_id = 'test_session_id';
my $extra_session_info = 'extra:info';
my $hashed_string = 'bad-key-stored-in-ticket'; # not a 32 char hex string
my $encrypted_session_key = join( q{:},
$expected_user, $issue_time, $expire_time,
$session_id, $hashed_string );
CLASS_UNDER_TEST->authen_ses_key( $r, $encrypted_session_key );
like(
$r->log->error->[-1],
qr/ bad \s encrypted \s session_key /xm,
'authen_ses_key() on bad encrypted key'
) || Test::More::diag( '$r contains: ', Data::Dumper::Dumper($r) );
$r = set_up( $auth_name, $mock_config );
my $seperator = q{:};
my $public_part = join( $seperator,
$expected_user, $issue_time, $expire_time,
$session_id, $extra_session_info );
my $plaintext_key = join( $seperator, $public_part, $secret_key );
( run in 0.497 second using v1.01-cache-2.11-cpan-39bf76dae61 )