5 # need at least 6.07 of LWP::Protocol::https to avoid
6 # an issue where it cannot successfully bypass a
7 # certificate check of localhost
8 eval 'use LWP::Protocol::https 6.07';
10 plan skip_all => 'LWP::Protocol::https 6.0.7 or later required for live tests of remoteauth' if $@;
15 diag("Tests RemoteAuth patron auth/retrieval");
17 use strict; use warnings;
18 use OpenILS::Utils::TestUtils;
22 use OpenILS::Utils::CStoreEditor qw/:funcs/;
23 use OpenILS::Application::AppUtils;
24 our $U = "OpenILS::Application::AppUtils";
26 OpenILS::Utils::TestUtils->new->bootstrap;
28 my $not_found = { barcode => '99999393000', password => 'nonexistentbarcode' };
29 my $expired = { barcode => '99999393001', password => 'marges1234' };
30 my $deleted = { barcode => '99999393002', password => 'homers1234' };
31 my $barred = { barcode => '99999393003', password => 'barts1234' };
32 my $valid = { barcode => '99999393004', password => 'lisas1234' };
33 my $inactive = { barcode => '99999393005', password => 'maggies1234' };
34 my $external = { barcode => '99999393100', password => 'shelbyvillem1234' };
36 # context org is SYS1, test user's home OU is BR1;
37 # use BR3 (under SYS2) to test external users
38 my $external_org = 6; # BR3
40 my $staff_login = $U->simplereq(
42 'open-ils.auth.login', {
44 password => 'demo123',
48 is($staff_login->{textcode}, 'SUCCESS', 'Staff login OK');
49 my $e = new_editor( authtoken => $staff_login->{payload}->{authtoken} );
52 my $client = LWP::UserAgent->new;
58 # my $res = $client->request( $method, $uri, $headers, $content, $request_timeout );
61 ######################################################################
64 # - validate barcode only?
65 # - validate barcode + PIN
66 # - retrieve user and check for required fields in response
69 # - valid user with username or barcode (opac.barcode_regex)
70 # - valid user with barcode prefix
71 # - valid user with barcode
77 # - user has non-blocking penalties, auth/retrieval succeeds
78 # - user has blocking penalties
79 # - user exists, but home OU is not in scope
81 # not currently supported:
82 # - AuthProxy: services should use the remote auth server directly
83 # - opted-in patrons: these are external patrons and thus not auth'd
85 ######################################################################
87 #---------------------------------------------------------------------
88 # Basic access authentication (RFC 7617)
89 #---------------------------------------------------------------------
90 # - endpoint: /api/basicauth
92 # - request: includes "Authorization: Basic <credentials>" header,
93 # credentials = Base64-encoded "id:password" string
94 # - response: HTTP 200 on success, 401 with WWW-Authenticate header
96 # - does not return patron info
97 #---------------------------------------------------------------------
99 my ($u, $password) = @_;
100 my $barcode = $u->{barcode};
101 $password ||= $u->{password};
102 my $resp = $client->get(
103 "https://localhost/api/basicauth",
104 'Authorization' => 'Basic ' . encode_base64("$barcode:$password")
109 my $basic_not_found = basic_request($not_found);
110 is ( $basic_not_found, '403', 'Basic request for nonexistent barcode correctly returned 403' );
112 my $basic_success = basic_request($valid);
113 is( $basic_success, '200', 'Basic request for valid patron OK' );
116 my $basic_invalid_pw = basic_request($valid, 'badpassword');
117 is( $basic_invalid_pw, '403', 'Basic request with invalid password correctly returned 403' );
120 my $basic_deleted = basic_request($deleted);
121 is( $basic_deleted, '403', 'Basic request for deleted user correctly returned 403' );
124 my $basic_expired = basic_request($expired);
125 is( $basic_expired, '403', 'Basic request for expired user correctly returned 403' );
128 my $basic_inactive = basic_request($inactive);
129 is( $basic_inactive, '403', 'Basic request for inactive user correctly returned 403' );
132 my $basic_barred = basic_request($barred);
133 is( $basic_barred, '403', 'Basic request for barred user correctly returned 403' );
135 # home OU is not in scope
136 my $basic_external = basic_request($external);
137 is( $basic_external, '403', 'Basic request for external user correctly returned 403' );
139 # TODO: user has blocking penalties
141 # TODO: user has non-blocking penalties, auth/retrieval succeeds
145 # TODO: EZProxy external script authentication:
146 # - endpoint: /remoteauth/ezproxy/<shortname>/<id>/<password>
147 # - client auth: none
148 # - request: GET with user and pass params, as above
149 # - response: "+VALID" if auth succeeds
152 # verify user activity based on the above tests
153 my $user = $U->fetch_user_by_barcode( $valid->{barcode} );
154 my $basic_activity = $e->search_actor_usr_activity([{usr => $user->id, etype => 1001}]);
155 ok(scalar(@$basic_activity) > 0, 'Basic request for valid patron is recorded in user activity');