From Code to Community: Sponsoring The Perl and Raku Conference 2025 Learn more

COUDOT / Lemonldap-NG-Portal-2.21.0 / t / 26-AuthRadius-Attributes.t 

            

              
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

              
use warnings;
use Test::More;
use strict;
use IO::String;
use Authen::Radius;
require 't/test-lib.pm';
my $res;
my $client = LLNG::Manager::Test->new( {
        ini => {
            logLevel                => 'error',
            authentication          => 'Radius',
            userDB                  => 'Demo',
            restSessionServer       => 1,
            radiusServer            => '127.0.0.1',
            radiusSecret            => 'test',
            radiusRequestAttributes => {
                'NAS-Identifier' => 'lemonldap',
                'X-IP-Addr'      => '$env->{REMOTE_ADDR}',
            },
            radiusExportedVars => {
                'myattr' => 'X-My-Attribute'
            },
            requireToken       => 1,
            portalDisplayOrder => 'Logout LoginHistory , Appslist'
        }
    }
);
no warnings 'redefine';
*Lemonldap::NG::Portal::Lib::Radius::_check_pwd_radius = sub {
    my ( $self, @attributes ) = @_;
    # Store attributes in a hash
    my %hattr;
    for my $a (@attributes) {
        $hattr{ $a->{Name} } = $a->{Value};
    }
    # Expect attributes
    is( $hattr{'NAS-Identifier'},
        'lemonldap', "Found NAS-Identifier attribute" );
    is( $hattr{'X-IP-Addr'}, '127.0.0.1', "Found X-Email-Address attribute" );
    # Succeed if login == password, return no attributes
    return {
        result     => ( $hattr{1} eq $hattr{2} ),
        attributes => { "X-My-Attribute" => "xxx" }
    };
};
# Test normal first access
ok( $res = $client->_get( '/', accept => 'text/html' ), 'First request' );
my ( $host, $url, $query ) =
  expectForm( $res, '#', undef, 'user', 'password', 'token' );
# Try to authenticate with bad password
$query =~ s/user=[^&]*/user=dwho/;
$query =~ s/password=/password=jdoe/;
ok(
    $res = $client->_post(
        '/',
        IO::String->new($query),
        length => length($query),
        accept => 'text/html'
    ),
    'Auth query'
);
( $host, $url, $query ) =
  expectForm( $res, '#', undef, 'user', 'password', 'token' );
# Try to authenticate
$query =~ s/user=[^&]*/user=dwho/;
$query =~ s/password=/password=dwho/;
ok(
    $res = $client->_post(
        '/', IO::String->new($query), length => length($query)
    ),
    'Auth query'
);
expectOK($res);
my $id = expectCookie($res);
ok(
    $res = $client->_get(
        '/',
        cookie => "lemonldap=$id",
        accept => 'text/html'
    ),
    'Get Portal menu'
);
expectAuthenticatedAs( $res, 'dwho' );
expectSessionAttributes( $client, $id, "myattr" => "xxx" );
$client->logout($id);
clean_sessions();
done_testing();