test(auth); check that login fails properly (#1395)

UPC · Oct 14, 2020 · 608fa41 · 608fa41
1 parent 892bf77
commit 608fa41
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 5 deletions.
diff --git a/script/rvd_front b/script/rvd_front
@@ -185,7 +185,7 @@ hook before_routes => sub {
     return access_denied($c)
         if $url =~ /(screenshot|\.json)/
         && !_logged_in($c);
-    return login($c) if !_logged_in($c);
+    return login($c,401) if !_logged_in($c);
 
     if ($USER && $USER->is_admin && $CONFIG_FRONT->{monitoring}) {
         if (!defined $c->session('monitoring')) {
@@ -1548,8 +1548,7 @@ sub _detect_languages($c) {
 
 }
 
-sub login {
-    my $c = shift;
+sub login($c, $status=200) {
     $c->session(login => undef);
 
     my $login = $c->param('login');
@@ -1601,7 +1600,7 @@ sub login {
                     ." no-repeat bottom center scroll;\n\t}"];
 
     sleep 5 if scalar(@error);
-    my @error_status;
+    my @error_status = ( status => $status );
     @error_status = ( status => 403) if @error;
 
     $c->render(

diff --git a/t/40_auth_sql.t b/t/40_auth_sql.t
@@ -28,6 +28,8 @@ ok($row->{name} eq 'test' ,"I can't find test user in the database ".Dumper($row
 
 
 ok(Ravada::Auth::SQL::login('test',$$),"I can't login test/$$");
+my $login = Ravada::Auth::SQL::login('test','fail');
+ok(!$login,"Expecting error login failed");
 
 end();
 done_testing();
diff --git a/t/lib/Test/Ravada.pm b/t/lib/Test/Ravada.pm
@@ -67,6 +67,7 @@ create_domain
     mojo_clean
     mojo_create_domain
     mojo_login
+    mojo_check_login
     mojo_request
 
     remove_old_user
@@ -123,6 +124,8 @@ my $FH_FW;
 my $FH_NODE;
 my %LOCKED_FH;
 
+my ($MOJO_USER, $MOJO_PASSWORD);
+
 sub user_admin {
 
     return $USER_ADMIN if $USER_ADMIN;
@@ -588,12 +591,21 @@ sub mojo_clean {
     return remove_old_domains_req();
 }
 
+sub mojo_check_login( $t, $user=$MOJO_USER , $pass=$MOJO_PASSWORD ) {
+    $t->ua->get("/user.json");
+    return if $t->tx->res->code =~ /^(200|302)$/;
+    warn $t->tx->res->code();
+    mojo_login($t, $user,$pass);
+}
+
 sub mojo_login( $t, $user, $pass ) {
     $t->ua->get($URL_LOGOUT);
 
     $t->post_ok('/login' => form => {login => $user, password => $pass});
     like($t->tx->res->code(),qr/^(200|302)$/);
     #    ->status_is(302);
+$MOJO_USER = $user;
+    $MOJO_PASSWORD = $pass;
 
     return $t->success;
 }

diff --git a/t/mojo/10_login.t b/t/mojo/10_login.t
@@ -155,6 +155,21 @@ sub _init_mojo_client {
     $t->get_ok('/')->status_is(200)->content_like(qr/choose a machine/i);
 }
 
+sub test_login_fail {
+    $t->post_ok('/login' => form => {login => "fail", password => 'bigtime'});
+    is($t->tx->res->code(),403);
+    $t->get_ok("/admin/machines")->status_is(401);
+    is($t->tx->res->dom->at("button#submit")->text,'Login') or exit;
+
+    login();
+
+    $t->post_ok('/login' => form => {login => "fail", password => 'bigtime'});
+    is($t->tx->res->code(),403);
+
+    $t->get_ok("/admin/machines")->status_is(401);
+    is($t->tx->res->dom->at("button#submit")->text,'Login') or exit;
+}
+
 sub test_copy_without_prepare($clone) {
     is ($clone->is_base,0) or die "Clone ".$clone->name." is supposed to be non-base";
 
@@ -188,6 +203,8 @@ $t->ua->connect_timeout(60);
 my @bases;
 my @clones;
 
+test_login_fail();
+
 for my $vm_name (@{rvd_front->list_vm_types} ) {
 
     diag("Testing new machine in $vm_name");

diff --git a/t/mojo/20_ws.t b/t/mojo/20_ws.t
@@ -41,7 +41,7 @@ sub _init_mojo_client {
 =cut
 
 sub list_machines_user($t, $headers={}){
-    $Ravada::WebSocket::DEBUG = 1;
+    mojo_check_login($t);
     $t->websocket_ok("/ws/subscribe" => $headers)->send_ok("list_machines_user")->message_ok->finish_ok;
 
     confess if !$t->message || !$t->message->[1];