6 use RT::Test tests => 122;
8 RT->Config->Set( GnuPG => Enable => 0 );
10 my ($baseurl, $agent) = RT::Test->started_ok;
12 my $url = $agent->rt_base_url;
13 diag $url if $ENV{TEST_VERBOSE};
15 # test a login from the main page
18 is($agent->{'status'}, 200, "Loaded a page");
19 is($agent->uri, $url, "didn't redirect to /NoAuth/Login.html for base URL");
20 ok($agent->current_form->find_input('user'));
21 ok($agent->current_form->find_input('pass'));
22 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
24 ok($agent->content =~ /username:/i);
25 $agent->field( 'user' => 'root' );
26 $agent->field( 'pass' => 'password' );
28 # the field isn't named, so we have to click link 0
30 is( $agent->status, 200, "Fetched the page ok");
31 ok( $agent->content =~ /Logout/i, "Found a logout link");
32 is( $agent->uri, $url, "right URL" );
33 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html$}, "We redirected from login");
37 # test a bogus login from the main page
40 is($agent->{'status'}, 200, "Loaded a page");
41 is($agent->uri, $url, "didn't redirect to /NoAuth/Login.html for base URL");
42 ok($agent->current_form->find_input('user'));
43 ok($agent->current_form->find_input('pass'));
44 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
46 ok($agent->content =~ /username:/i);
47 $agent->field( 'user' => 'root' );
48 $agent->field( 'pass' => 'wrongpass' );
50 # the field isn't named, so we have to click link 0
52 is( $agent->status, 200, "Fetched the page ok");
54 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
55 like( $agent->uri, qr{/NoAuth/Login\.html$}, "now on /NoAuth/Login.html" );
56 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
61 # test a login from a non-front page, both with a double leading slash and without
62 for my $path (qw(Prefs/Other.html /Prefs/Other.html)) {
63 my $requested = $url.$path;
64 $agent->get_ok($requested);
65 is($agent->status, 200, "Loaded a page");
66 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
67 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
69 ok($agent->current_form->find_input('user'));
70 ok($agent->current_form->find_input('pass'));
71 ok($agent->current_form->find_input('next'));
72 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
73 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
75 ok($agent->content =~ /username:/i);
76 $agent->field( 'user' => 'root' );
77 $agent->field( 'pass' => 'password' );
79 # the field isn't named, so we have to click link 0
81 is( $agent->status, 200, "Fetched the page ok");
82 ok( $agent->content =~ /Logout/i, "Found a logout link");
85 (my $collapsed = $path) =~ s{^/}{};
86 is( $agent->uri, $url.$collapsed, "right URL, with leading slashes in path collapsed" );
88 is( $agent->uri, $requested, "right URL" );
91 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
95 # test a bogus login from a non-front page
97 my $requested = $url.'Prefs/Other.html';
98 $agent->get_ok($requested);
99 is($agent->status, 200, "Loaded a page");
100 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
101 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
103 ok($agent->current_form->find_input('user'));
104 ok($agent->current_form->find_input('pass'));
105 ok($agent->current_form->find_input('next'));
106 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
107 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
109 ok($agent->content =~ /username:/i);
110 $agent->field( 'user' => 'root' );
111 $agent->field( 'pass' => 'wrongpass' );
113 # the field isn't named, so we have to click link 0
115 is( $agent->status, 200, "Fetched the page ok");
117 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
118 like( $agent->uri, qr{/NoAuth/Login\.html$}, "still on /NoAuth/Login.html" );
119 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
122 ok($agent->current_form->find_input('user'));
123 ok($agent->current_form->find_input('pass'));
124 ok($agent->current_form->find_input('next'));
125 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
126 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
128 ok($agent->content =~ /username:/i);
129 $agent->field( 'user' => 'root' );
130 $agent->field( 'pass' => 'password' );
132 # the field isn't named, so we have to click link 0
134 is( $agent->status, 200, "Fetched the page ok");
136 # check out where we got to
137 is( $agent->uri, $requested, "right URL" );
138 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
142 # test a login from the main page with query params
144 my $requested = $url."?user=root;pass=password";
145 $agent->get_ok($requested);
146 is($agent->{'status'}, 200, "Loaded a page");
147 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for base URL");
148 ok($agent->content =~ /Logout/i, "Found a logout link - we're logged in");
152 # test a bogus login from the main page with query params
154 my $requested = $url."?user=root;pass=wrongpass";
155 $agent->get_ok($requested);
156 is($agent->{'status'}, 200, "Loaded a page");
157 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for base URL");
159 ok($agent->content =~ /Your username or password is incorrect/i, "Found the error message");
160 ok($agent->current_form->find_input('user'));
161 ok($agent->current_form->find_input('pass'));
162 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
163 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
166 # test a bogus login from a non-front page with query params
168 my $requested = $url."Prefs/Other.html?user=root;pass=wrongpass";
169 $agent->get_ok($requested);
170 is($agent->status, 200, "Loaded a page");
171 like($agent->uri, qr'/NoAuth/Login\.html\?next=[a-z0-9]{32}', "on login page, with next page hash");
172 is($agent->{redirected_uri}, $requested, "redirected from our requested page");
173 ok( $agent->content =~ /Your username or password is incorrect/i, "Found the error message");
175 ok($agent->current_form->find_input('user'));
176 ok($agent->current_form->find_input('pass'));
177 ok($agent->current_form->find_input('next'));
178 like($agent->value('next'), qr/^[a-z0-9]{32}$/i, "next page argument is a hash");
179 like($agent->current_form->action, qr{/NoAuth/Login\.html$}, "login form action is correct");
180 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
183 ok($agent->content =~ /username:/i);
184 $agent->field( 'user' => 'root' );
185 $agent->field( 'pass' => 'password' );
187 # the field isn't named, so we have to click link 0
189 is( $agent->status, 200, "Fetched the page ok");
191 # check out where we got to
192 is( $agent->uri, $requested, "right URL" );
193 like( $agent->{redirected_uri}, qr{/NoAuth/Login\.html}, "We redirected from login");
197 # test REST login response
199 $agent = RT::Test::Web->new;
200 my $requested = $url."REST/1.0/?user=root;pass=password";
201 $agent->get($requested);
202 is($agent->status, 200, "Loaded a page");
203 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
204 $agent->get_ok($url."REST/1.0");
207 # test REST login response for wrong pass
209 $agent = RT::Test::Web->new;
210 my $requested = $url."REST/1.0/?user=root;pass=passwrong";
211 $agent->get_ok($requested);
212 is($agent->status, 200, "Loaded a page");
213 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
214 like($agent->content, qr/401 Credentials required/i, "got error status");
215 like($agent->content, qr/Your username or password is incorrect/, "got error message");
216 $agent->warning_like(qr/FAILED LOGIN for root/, "got failed login warning");
219 # test REST login response for no creds
221 $agent = RT::Test::Web->new;
222 my $requested = $url."REST/1.0/";
223 $agent->get_ok($requested);
224 is($agent->status, 200, "Loaded a page");
225 is($agent->uri, $requested, "didn't redirect to /NoAuth/Login.html for REST");
226 like($agent->content, qr/401 Credentials required/i, "got error status");
227 unlike($agent->content, qr/Your username or password is incorrect/, "didn't get any error message");
230 # XXX TODO: we should also be testing WebExternalAuth here, but we don't have
231 # the framework for dealing with that