Commit e7317764 authored by Francesc Guasch's avatar Francesc Guasch Committed by frankiejol
Browse files

test(auth); check that login fails properly (#1395)

parent 379451d7
......@@ -162,7 +162,7 @@ hook before_routes => sub {
return access_denied($c)
if $url =~ /(screenshot|\.json)/
&& !_logged_in($c);
return login($c) if !_logged_in($c);
return login($c,401) if !_logged_in($c);
if ($USER && $USER->is_admin && $CONFIG_FRONT->{monitoring}) {
if (!defined $c->session('monitoring')) {
......@@ -1510,8 +1510,7 @@ sub _detect_languages($c) {
}
sub login {
my $c = shift;
sub login($c, $status=200) {
$c->session(login => undef);
my $login = $c->param('login');
......@@ -1555,7 +1554,7 @@ sub login {
." no-repeat bottom center scroll;\n\t}"];
sleep 5 if scalar(@error);
my @error_status;
my @error_status = ( status => $status );
@error_status = ( status => 403) if @error;
$c->render(
......
......@@ -28,6 +28,8 @@ ok($row->{name} eq 'test' ,"I can't find test user in the database ".Dumper($row
ok(Ravada::Auth::SQL::login('test',$$),"I can't login test/$$");
my $login = Ravada::Auth::SQL::login('test','fail');
ok(!$login,"Expecting error login failed");
end();
done_testing();
......@@ -66,6 +66,7 @@ create_domain
mojo_clean
mojo_create_domain
mojo_login
mojo_check_login
mojo_request
remove_old_user
......@@ -121,6 +122,8 @@ my $FH_FW;
my $FH_NODE;
my %LOCKED_FH;
my ($MOJO_USER, $MOJO_PASSWORD);
sub user_admin {
return $USER_ADMIN if $USER_ADMIN;
......@@ -582,12 +585,21 @@ sub mojo_clean {
return remove_old_domains_req();
}
sub mojo_check_login( $t, $user=$MOJO_USER , $pass=$MOJO_PASSWORD ) {
$t->ua->get("/user.json");
return if $t->tx->res->code =~ /^(200|302)$/;
warn $t->tx->res->code();
mojo_login($t, $user,$pass);
}
sub mojo_login( $t, $user, $pass ) {
$t->ua->get($URL_LOGOUT);
$t->post_ok('/login' => form => {login => $user, password => $pass});
like($t->tx->res->code(),qr/^(200|302)$/);
# ->status_is(302);
$MOJO_USER = $user;
$MOJO_PASSWORD = $pass;
return $t->success;
}
......
......@@ -155,6 +155,21 @@ sub _init_mojo_client {
$t->get_ok('/')->status_is(200)->content_like(qr/choose a machine/i);
}
sub test_login_fail {
$t->post_ok('/login' => form => {login => "fail", password => 'bigtime'});
is($t->tx->res->code(),403);
$t->get_ok("/admin/machines")->status_is(401);
is($t->tx->res->dom->at("button#submit")->text,'Login') or exit;
login();
$t->post_ok('/login' => form => {login => "fail", password => 'bigtime'});
is($t->tx->res->code(),403);
$t->get_ok("/admin/machines")->status_is(401);
is($t->tx->res->dom->at("button#submit")->text,'Login') or exit;
}
sub test_copy_without_prepare($clone) {
is ($clone->is_base,0) or die "Clone ".$clone->name." is supposed to be non-base";
......@@ -188,7 +203,9 @@ $t->ua->connect_timeout(60);
my @bases;
my @clones;
for my $vm_name ( vm_names() ) {
test_login_fail();
for my $vm_name (@{rvd_front->list_vm_types} ) {
diag("Testing new machine in $vm_name");
......
......@@ -40,6 +40,7 @@ sub _init_mojo_client {
=cut
sub list_machines_user($t, $headers={}){
mojo_check_login($t);
$t->websocket_ok("/ws/subscribe" => $headers)->send_ok("list_machines_user")->message_ok->finish_ok;
return if !$t->message || !$t->message->[1];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment