1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
use strict;
use warnings;
use RT;
use RT::Test plan => 'no_plan';
sub stop_server {
my $mech = shift;
# Ensure we're logged in for the final warnings check
$$mech->auth("root");
# Force the warnings check before we stop the server
undef $$mech;
RT::Test->stop_server;
}
diag "Continuous + Fallback";
{
RT->Config->Set( DevelMode => 0 );
RT->Config->Set( WebRemoteUserAuth => 1 );
RT->Config->Set( WebRemoteUserAuthContinuous => 1 );
RT->Config->Set( WebFallbackToRTLogin => 1 );
RT->Config->Set( WebRemoteUserAutocreate => 0 );
my ( $url, $m ) = RT::Test->started_ok( basic_auth => 'anon' );
diag "Internal auth";
{
# Empty REMOTE_USER
$m->auth("");
# First request gets the login form
$m->get_ok($url, "No basic auth is OK");
$m->content_like(qr/Login/, "Login form");
# Log in using RT's form
$m->submit_form_ok({
with_fields => {
user => 'root',
pass => 'password',
},
}, "Submitted login form");
ok $m->logged_in_as("root"), "Logged in as root";
# Still logged in on another request without REMOTE_USER
$m->follow_link_ok({ text => 'My Tickets' });
ok $m->logged_in_as("root"), "Logged in as root";
ok $m->logout, "Logged out";
# We're definitely logged out?
$m->get_ok($url);
$m->content_like(qr/Login/, "Login form");
}
diag "External auth";
{
# REMOTE_USER of root
$m->auth("root");
# Automatically logged in as root without Login page
$m->get_ok($url);
ok $m->logged_in_as("root"), "Logged in as root";
# Still logged in on another request
$m->follow_link_ok({ text => 'My Tickets' });
ok $m->logged_in_as("root"), "Still logged in as root";
# Drop credentials and...
$m->auth("");
# ...see if RT notices
$m->get($url);
is $m->status, 403, "403 Forbidden from RT";
# Next request gets us the login form
$m->get_ok($url);
$m->content_like(qr/Login/, "Login form");
}
diag "External auth with invalid user, login internally";
{
# REMOTE_USER of invalid
$m->auth("invalid");
# Login internally via the login link
$m->get("$url/Search/Build.html");
is $m->status, 403, "403 Forbidden";
$m->follow_link_ok({ url_regex => qr'NoAuth/Login\.html' }, "follow logout link");
$m->content_like(qr/Login/, "Login form");
# Log in using RT's form
$m->submit_form_ok({
with_fields => {
user => 'root',
pass => 'password',
},
}, "Submitted login form");
ok $m->logged_in_as("root"), "Logged in as root";
like $m->uri, qr'Search/Build\.html', "at our originally requested page";
# Still logged in on another request
$m->follow_link_ok({ text => 'Tools' });
ok $m->logged_in_as("root"), "Logged in as root";
ok $m->logout, "Logged out";
$m->next_warning_like(qr/Couldn't find internal user for 'invalid'/, "found warning for first request");
$m->next_warning_like(qr/Couldn't find internal user for 'invalid'/, "found warning for second request");
}
stop_server(\$m);
}
diag "Fallback OFF";
{
RT->Config->Set( DevelMode => 0 );
RT->Config->Set( WebRemoteUserAuth => 1 );
RT->Config->Set( WebRemoteUserContinuous => 0 );
RT->Config->Set( WebFallbackToRTLogin => 0 );
RT->Config->Set( WebRemoteUserAutocreate => 0 );
my ( $url, $m ) = RT::Test->started_ok( basic_auth => 'anon' );
diag "No remote user";
{
$m->auth("");
$m->get($url);
is $m->status, 403, "Forbidden";
}
stop_server(\$m);
}
diag "WebRemoteUserAutocreate";
{
RT->Config->Set( DevelMode => 0 );
RT->Config->Set( WebRemoteUserAuth => 1 );
RT->Config->Set( WebRemoteUserContinuous => 1 );
RT->Config->Set( WebFallbackToRTLogin => 0 );
RT->Config->Set( WebRemoteUserAutocreate => 1 );
RT->Config->Set( UserAutocreateDefaultsOnLogin => { Organization => "BPS" } );
my ( $url, $m ) = RT::Test->started_ok( basic_auth => 'anon' );
diag "New user";
{
$m->auth("anewuser");
$m->get_ok($url);
ok $m->logged_in_as("anewuser"), "Logged in as anewuser";
my $user = RT::User->new( RT->SystemUser );
$user->Load("anewuser");
ok $user->id, "Found newly created user";
is $user->Organization, "BPS", "Found Organization from UserAutocreateDefaultsOnLogin hash";
ok $user->Privileged, "Privileged by default";
}
stop_server(\$m);
RT->Config->Set(
UserAutocreateDefaultsOnLogin => {
Privileged => 0,
EmailAddress => 'foo@example.com',
},
);
( $url, $m ) = RT::Test->started_ok( basic_auth => 'anon' );
diag "Create unprivileged users";
{
$m->auth("unpriv");
$m->get_ok($url);
ok $m->logged_in_as("unpriv"), "Logged in as an unpriv user";
like $m->uri->path, RT->Config->Get('SelfServiceRegex'), "SelfService URL";
my $user = RT::User->new( RT->SystemUser );
$user->Load("unpriv");
ok $user->id, "Found newly created user";
ok !$user->Privileged, "Unprivileged per config";
is $user->EmailAddress, 'foo@example.com', "Email address per config";
}
diag "User creation failure";
{
$m->auth("conflicting");
$m->get($url);
is $m->status, 403, "Forbidden";
$m->next_warning_like(qr/Couldn't auto-create user 'conflicting' when attempting WebRemoteUser: Email address in use/, 'found failed auth warning');
my $user = RT::User->new( RT->SystemUser );
$user->Load("conflicting");
ok !$user->id, "Couldn't find conflicting user";
}
stop_server(\$m);
}
|
