5 use RT::Test tests => 122;
7 RT->Config->Set( GnuPG => Enable => 0 );
9 my ($baseurl, $agent) = RT::Test->started_ok;
11 my $url = $agent->rt_base_url;
12 diag $url if $ENV{TEST_VERBOSE};
14 # test a login from the main page
17 is($agent->{'status'}, 200, "Loaded a page");
18 is($agent->uri, $url, "didn't redirect to /NoAuth/Login.html for base URL");
19 ok($agent->current_form->find_input('user'));
20 ok($agent->current_form->find_input('pass'));
21 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
23 ok($agent->content =~ /username:/i);
24 $agent->field( 'user' => 'root' );
25 $agent->field( 'pass' => 'password' );
27 # the field isn't named, so we have to click link 0
29 is( $agent->status, 200, "Fetched the page ok");
30 ok( $agent->content =~ /Logout/i, "Found a logout link");
31 is( $agent->uri, $url, "right URL" );
32 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html$}, "We redirected from login");
36 # test a bogus login from the main page
39 is($agent->{'status'}, 200, "Loaded a page");
40 is($agent->uri, $url, "didn't redirect to /NoAuth/Login.html for base URL");
41 ok($agent->current_form->find_input('user'));
42 ok($agent->current_form->find_input('pass'));
43 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
45 ok($agent->content =~ /username:/i);
46 $agent->field( 'user' => 'root' );
47 $agent->field( 'pass' => 'wrongpass' );
49 # the field isn't named, so we have to click link 0
51 is( $agent->status, 200, "Fetched the page ok");
53 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
54 like( $agent->uri, qr{/NoAuth/Login\.html$}, "now on /NoAuth/Login.html" );
55 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
60 # test a login from a non-front page, both with a double leading slash and without
61 for my $path (qw(Prefs/Other.html /Prefs/Other.html)) {
62 my $requested = $url.$path;
63 $agent->get_ok($requested);
64 is($agent->status, 200, "Loaded a page");
65 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
66 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
68 ok($agent->current_form->find_input('user'));
69 ok($agent->current_form->find_input('pass'));
70 ok($agent->current_form->find_input('next'));
71 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
72 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
74 ok($agent->content =~ /username:/i);
75 $agent->field( 'user' => 'root' );
76 $agent->field( 'pass' => 'password' );
78 # the field isn't named, so we have to click link 0
80 is( $agent->status, 200, "Fetched the page ok");
81 ok( $agent->content =~ /Logout/i, "Found a logout link");
84 (my $collapsed = $path) =~ s{^/}{};
85 is( $agent->uri, $url.$collapsed, "right URL, with leading slashes in path collapsed" );
87 is( $agent->uri, $requested, "right URL" );
90 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
94 # test a bogus login from a non-front page
96 my $requested = $url.'Prefs/Other.html';
97 $agent->get_ok($requested);
98 is($agent->status, 200, "Loaded a page");
99 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
100 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
102 ok($agent->current_form->find_input('user'));
103 ok($agent->current_form->find_input('pass'));
104 ok($agent->current_form->find_input('next'));
105 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
106 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
108 ok($agent->content =~ /username:/i);
109 $agent->field( 'user' => 'root' );
110 $agent->field( 'pass' => 'wrongpass' );
112 # the field isn't named, so we have to click link 0
114 is( $agent->status, 200, "Fetched the page ok");
116 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
117 like( $agent->uri, qr{/NoAuth/Login\.html$}, "still on /NoAuth/Login.html" );
118 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
121 ok($agent->current_form->find_input('user'));
122 ok($agent->current_form->find_input('pass'));
123 ok($agent->current_form->find_input('next'));
124 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
125 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
127 ok($agent->content =~ /username:/i);
128 $agent->field( 'user' => 'root' );
129 $agent->field( 'pass' => 'password' );
131 # the field isn't named, so we have to click link 0
133 is( $agent->status, 200, "Fetched the page ok");
135 # check out where we got to
136 is( $agent->uri, $requested, "right URL" );
137 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
141 # test a login from the main page with query params
143 my $requested = $url."?user=root;pass=password";
144 $agent->get_ok($requested);
145 is($agent->{'status'}, 200, "Loaded a page");
146 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for base URL");
147 ok($agent->content =~ /Logout/i, "Found a logout link - we're logged in");
151 # test a bogus login from the main page with query params
153 my $requested = $url."?user=root;pass=wrongpass";
154 $agent->get_ok($requested);
155 is($agent->{'status'}, 200, "Loaded a page");
156 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for base URL");
158 ok($agent->content =~ /Your username or password is incorrect/i, "Found the error message");
159 ok($agent->current_form->find_input('user'));
160 ok($agent->current_form->find_input('pass'));
161 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
162 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
165 # test a bogus login from a non-front page with query params
167 my $requested = $url."Prefs/Other.html?user=root;pass=wrongpass";
168 $agent->get_ok($requested);
169 is($agent->status, 200, "Loaded a page");
170 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
171 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
172 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
174 ok($agent->current_form->find_input('user'));
175 ok($agent->current_form->find_input('pass'));
176 ok($agent->current_form->find_input('next'));
177 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
178 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
179 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
182 ok($agent->content =~ /username:/i);
183 $agent->field( 'user' => 'root' );
184 $agent->field( 'pass' => 'password' );
186 # the field isn't named, so we have to click link 0
188 is( $agent->status, 200, "Fetched the page ok");
190 # check out where we got to
191 is( $agent->uri, $requested, "right URL" );
192 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
196 # test REST login response
198 $agent = RT::Test::Web->new;
199 my $requested = $url."REST/1.0/?user=root;pass=password";
200 $agent->get($requested);
201 is($agent->status, 200, "Loaded a page");
202 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
203 $agent->get_ok($url."REST/1.0");
206 # test REST login response for wrong pass
208 $agent = RT::Test::Web->new;
209 my $requested = $url."REST/1.0/?user=root;pass=passwrong";
210 $agent->get_ok($requested);
211 is($agent->status, 200, "Loaded a page");
212 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
213 like($agent->content, qr/401 Credentials required/i, "got error status");
214 like($agent->content, qr/Your username or password is incorrect/, "got error message");
215 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
218 # test REST login response for no creds
220 $agent = RT::Test::Web->new;
221 my $requested = $url."REST/1.0/";
222 $agent->get_ok($requested);
223 is($agent->status, 200, "Loaded a page");
224 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
225 like($agent->content, qr/401 Credentials required/i, "got error status");
226 unlike($agent->content, qr/Your username or password is incorrect/, "didn't get any error message");
229 # XXX TODO: we should also be testing WebExternalAuth here, but we don't have
230 # the framework for dealing with that