2019-04-18 18:51:45 +00:00
|
|
|
#!/usr/bin/env perl
|
2020-11-27 21:12:56 +00:00
|
|
|
|
2023-07-03 15:59:25 +00:00
|
|
|
# Copyright (C) 2020 Birte Kristina Friesel <derf@finalrewind.org>
|
2020-11-27 21:12:56 +00:00
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
|
2019-04-18 18:51:45 +00:00
|
|
|
use Mojo::Base -strict;
|
|
|
|
|
|
|
|
# Tests the standard registration -> verification -> successful login flow
|
|
|
|
|
|
|
|
use Test::More;
|
|
|
|
use Test::Mojo;
|
|
|
|
|
|
|
|
# Include application
|
|
|
|
use FindBin;
|
|
|
|
require "$FindBin::Bin/../index.pl";
|
|
|
|
|
|
|
|
my $t = Test::Mojo->new('Travelynx');
|
|
|
|
|
2019-04-22 06:45:26 +00:00
|
|
|
if ( not $t->app->config->{db} ) {
|
|
|
|
plan( skip_all => 'No database configured' );
|
2019-04-22 05:02:14 +00:00
|
|
|
}
|
|
|
|
|
2019-04-18 18:51:45 +00:00
|
|
|
$t->app->pg->db->query('drop schema if exists travelynx_test_02 cascade');
|
|
|
|
$t->app->pg->db->query('create schema travelynx_test_02');
|
|
|
|
$t->app->pg->db->query('set search_path to travelynx_test_02');
|
|
|
|
$t->app->pg->on(
|
|
|
|
connection => sub {
|
|
|
|
my ( $pg, $dbh ) = @_;
|
|
|
|
$dbh->do('set search_path to travelynx_test_02');
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
$t->app->config->{mail}->{disabled} = 1;
|
|
|
|
|
2023-06-26 18:18:27 +00:00
|
|
|
$ENV{__TRAVELYNX_TEST_MINI_IRIS} = 1;
|
2019-04-18 18:51:45 +00:00
|
|
|
$t->app->start( 'database', 'migrate' );
|
|
|
|
|
|
|
|
my $csrf_token
|
|
|
|
= $t->ua->get('/register')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
|
|
|
|
# Successful registration
|
|
|
|
$t->post_ok(
|
|
|
|
'/register' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
2021-04-20 20:09:34 +00:00
|
|
|
dt => 1,
|
2019-04-18 18:51:45 +00:00
|
|
|
user => 'someone',
|
|
|
|
email => 'foo@example.org',
|
|
|
|
password => 'foofoofoo',
|
|
|
|
password2 => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(200)->content_like(qr{Verifizierungslink});
|
|
|
|
|
2021-04-20 20:09:34 +00:00
|
|
|
# Failed registration (CSRF)
|
|
|
|
$t->post_ok(
|
|
|
|
'/register' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
user => 'noone',
|
|
|
|
email => 'foo2@example.org',
|
|
|
|
password => 'foofoofoo',
|
|
|
|
password2 => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
2023-06-04 19:16:28 +00:00
|
|
|
$t->status_is(400)->content_like(qr{CSRF});
|
2021-04-20 20:09:34 +00:00
|
|
|
|
2019-04-18 18:51:45 +00:00
|
|
|
# Failed registration (user name not available)
|
|
|
|
$t->post_ok(
|
|
|
|
'/register' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
2021-04-20 20:09:34 +00:00
|
|
|
dt => 1,
|
2019-04-18 18:51:45 +00:00
|
|
|
user => 'someone',
|
|
|
|
email => 'foo@example.org',
|
|
|
|
password => 'foofoofoo',
|
|
|
|
password2 => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(200)->content_like(qr{Name bereits vergeben});
|
|
|
|
|
|
|
|
$csrf_token = $t->ua->get('/login')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
|
|
|
|
# Failed login (not verified yet)
|
|
|
|
$t->post_ok(
|
|
|
|
'/login' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
user => 'someone',
|
|
|
|
password => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
2023-06-25 21:28:38 +00:00
|
|
|
$t->status_is(400)->content_like(qr{nicht freigeschaltet});
|
2019-04-18 18:51:45 +00:00
|
|
|
|
2019-04-30 16:05:07 +00:00
|
|
|
my $res = $t->app->pg->db->select( 'users', ['id'], { name => 'someone' } );
|
|
|
|
my $uid = $res->hash->{id};
|
|
|
|
$res = $t->app->pg->db->select( 'pending_registrations', ['token'],
|
|
|
|
{ user_id => $uid } );
|
|
|
|
my $token = $res->hash->{token};
|
2019-04-18 18:51:45 +00:00
|
|
|
|
|
|
|
# Successful verification
|
|
|
|
$t->get_ok("/reg/${uid}/${token}");
|
|
|
|
$t->status_is(200)->content_like(qr{freigeschaltet});
|
|
|
|
|
2019-04-22 07:43:00 +00:00
|
|
|
# Failed login (wrong password)
|
|
|
|
$t->post_ok(
|
|
|
|
'/login' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
user => 'someone',
|
|
|
|
password => 'definitely invalid',
|
|
|
|
}
|
|
|
|
);
|
2023-06-25 21:28:38 +00:00
|
|
|
$t->status_is(400)->content_like(qr{falsches Passwort});
|
2019-04-22 07:43:00 +00:00
|
|
|
|
2019-04-18 18:51:45 +00:00
|
|
|
# Successful login
|
|
|
|
$t->post_ok(
|
|
|
|
'/login' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
user => 'someone',
|
|
|
|
password => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/' );
|
|
|
|
|
2019-04-22 06:45:26 +00:00
|
|
|
# Request deletion
|
|
|
|
|
|
|
|
$csrf_token = $t->ua->get('/account')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
|
|
|
|
$t->post_ok(
|
|
|
|
'/delete' => form => {
|
|
|
|
action => 'delete',
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
password => 'foofoofoo',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/account' );
|
|
|
|
$t->get_ok('/account');
|
|
|
|
$t->status_is(200)->content_like(qr{wird gelöscht});
|
|
|
|
|
|
|
|
$t->post_ok(
|
|
|
|
'/delete' => form => {
|
|
|
|
action => 'undelete',
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/account' );
|
|
|
|
$t->get_ok('/account');
|
|
|
|
$t->status_is(200)->content_unlike(qr{wird gelöscht});
|
|
|
|
|
2019-04-22 07:43:00 +00:00
|
|
|
$csrf_token
|
2019-05-03 20:22:08 +00:00
|
|
|
= $t->ua->get('/account/password')->res->dom->at('input[name=csrf_token]')
|
2019-04-22 07:43:00 +00:00
|
|
|
->attr('value');
|
|
|
|
|
|
|
|
$t->post_ok(
|
2019-05-03 20:22:08 +00:00
|
|
|
'/account/password' => form => {
|
2019-04-22 07:43:00 +00:00
|
|
|
csrf_token => $csrf_token,
|
|
|
|
oldpw => 'foofoofoo',
|
|
|
|
newpw => 'barbarbar',
|
|
|
|
newpw2 => 'barbarbar',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/account' );
|
|
|
|
|
|
|
|
$csrf_token = $t->ua->get('/account')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
$t->post_ok(
|
|
|
|
'/logout' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/login' );
|
|
|
|
|
|
|
|
$csrf_token = $t->ua->get('/login')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
$t->post_ok(
|
|
|
|
'/login' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
user => 'someone',
|
|
|
|
password => 'barbarbar',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/' );
|
|
|
|
|
2019-04-29 18:12:59 +00:00
|
|
|
$csrf_token = $t->ua->get('/account')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
$t->post_ok(
|
|
|
|
'/logout' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/login' );
|
|
|
|
|
|
|
|
$csrf_token = $t->ua->get('/recover')->res->dom->at('input[name=csrf_token]')
|
|
|
|
->attr('value');
|
|
|
|
$t->post_ok(
|
|
|
|
'/recover' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
action => 'initiate',
|
|
|
|
user => 'someone',
|
|
|
|
email => 'foo@example.org',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(200)->content_like(qr{wird durchgeführt});
|
|
|
|
|
|
|
|
$res = $t->app->pg->db->select( 'pending_passwords', ['token'],
|
|
|
|
{ user_id => $uid } );
|
|
|
|
$token = $res->hash->{token};
|
|
|
|
|
|
|
|
$t->get_ok("/recover/${uid}/${token}")->status_is(200)
|
|
|
|
->content_like(qr{Neues Passwort eintragen});
|
|
|
|
|
|
|
|
$t->post_ok(
|
|
|
|
'/recover' => form => {
|
|
|
|
csrf_token => $csrf_token,
|
|
|
|
action => 'set_password',
|
|
|
|
id => $uid,
|
|
|
|
token => $token,
|
|
|
|
newpw => 'foofoofoo2',
|
|
|
|
newpw2 => 'foofoofoo2',
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$t->status_is(302)->header_is( location => '/account' );
|
|
|
|
|
2019-04-18 18:51:45 +00:00
|
|
|
$t->app->pg->db->query('drop schema travelynx_test_02 cascade');
|
|
|
|
done_testing();
|