# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
use Mojo::Base -strict;
use Mojo::File;
use Mojo::JSON qw(to_json from_json true false);
use Mojolicious;
use Test::More;
use Test::Mojo;
use Lufi::DB::File;
use Lufi::DB::Slice;
use FindBin qw($Bin);
my ($m, $cfile, $config_orig, $config_file, $config_content);
my $msg = Encode::encode_utf8(to_json {
"total" => 1,
"part" => 0,
"size" => 7,
"name" => "foobaré.txt",
"type" => "text/plain",
"delay" => "0",
"del_at_first_view" => 1,
"id" => undef,
"zipped" => 0,
"i" => 0
});
my $filename_test = Encode::encode_utf8('foobaré');
my $encrypted = '"{\\"iv\\":\\"2RGAviAeYybBqcLCmnqlgA==\\",\\"v\\":1,\\"iter\\":10000,\\"ks\\":128,\\"ts\\":64,\\"mode\\":\\"ccm\\",\\"adata\\":\\"\\",\\"cipher\\":\\"aes\\",\\"salt\\":\\"1dvKtbZ8hxA=\\",\\"ct\\":\\"w9wDZCwNSyH/yL7q1GW5fPSdi+w=\\"}"';
my $encrypted_rgx = $encrypted;
$encrypted_rgx =~ s@\\@\\\\@g;
$encrypted_rgx =~ s@\+@\\+@g;
$encrypted_rgx =~ s@(\{|\})@\\$1@g;
BEGIN {
use lib 'lib';
$m = Mojolicious->new;
$cfile = Mojo::File->new($Bin, '..', 'lufi.conf');
if (defined $ENV{MOJO_CONFIG}) {
$cfile = Mojo::File->new($ENV{MOJO_CONFIG});
unless (-e $cfile->to_abs) {
$cfile = Mojo::File->new($Bin, '..', $ENV{MOJO_CONFIG});
}
}
my $config = $m->plugin(
'Config' => {
file => $cfile->to_abs->to_string,
default => {
prefix => '/',
provisioning => 100,
provis_step => 5,
length => 10,
token_length => 32,
secrets => ['hfudsifdsih'],
default_delay => 0,
max_delay => 0,
mail => {
how => 'sendmail'
},
mail_sender => 'no-reply@lufi.io',
theme => 'default',
upload_dir => 'files',
session_duration => 3600,
allow_pwd_on_files => 0,
dbtype => 'sqlite',
db_path => 'lufi.db',
force_burn_after_reading => 0,
x_frame_options => 'DENY',
x_content_type_options => 'nosniff',
x_xss_protection => '1; mode=block',
}
}
);
$m->plugin('Lufi::Plugin::Helpers');
$m->plugin('DebugDumperHelper');
} ## end BEGIN
Lufi::DB::Slice->new(app => $m)->delete_all;
Lufi::DB::File->new(app => $m)->delete_all;
$config_file = Mojo::File->new($cfile->to_abs->to_string);
$config_orig = $config_file->slurp;
my $t = Test::Mojo->new('Lufi');
## Wait for short generation
sleep 5;
## Let's go
$t->get_ok('/')
->status_is(200)
->content_like(qr@Lufi@i);
test_infos_api(false);
test_upload_file();
test_download_file();
## Test htpasswd
switch_to_htpasswd();
test_infos_api(true);
auth_test_suite('luc', 'toto');
restore_config();
## Test LDAP
switch_to_ldap();
test_infos_api(true);
auth_test_suite('zoidberg', 'zoidberg');
restore_config();
## Test Swift object storage
switch_to_swift();
test_upload_file();
test_download_file();
restore_config();
done_testing();
######
### Functions
##
sub test_infos_api {
my $auth = shift;
$t->get_ok('/about/config')
->status_is(200)
->json_has(
'/allow_pwd_on_files', '/need_authentication', '/max_delay',
'/instance_name', '/broadcast_message', '/max_file_size',
'/keep_ip_during', '/report', '/stop_upload',
'/delay_for_size', '/default_delay', '/force_burn_after_reading'
)
->json_is(
'/allow_pwd_on_files' => 1,
'/need_authentication' => $auth,
'/max_delay' => 0,
'/instance_name' => 'Lufi',
'/broadcast_message' => undef,
'/max_file_size' => undef,
'/keep_ip_during' => 365,
'/report' => 'mailto:report@example.com',
'/stop_upload' => false,
'/delay_for_size' => undef,
'/default_delay' => 0,
'/force_burn_after_reading' => 0
);
}
sub test_upload_file {
$t->websocket_ok('/upload/')
->send_ok($msg.'XXMOJOXX'.$encrypted)
->message_ok
->message_like(qr@"created_at":\d+@)
->message_like(qr@"del_at_first_view":true@)
->message_like(qr@"delay":0@)
->message_like(qr@"duration":\d+@)
->message_like(qr@"i":0@)
->message_like(qr@"j":0@)
->message_like(qr@"name":"$filename_test\.txt"@)
->message_like(qr@"parts":1@)
->message_like(qr@"sent_delay":0@)
->message_like(qr@"short":"[^"]+"@)
->message_like(qr@"size":7@)
->message_like(qr@"success":true@)
->message_like(qr@"token":"[^"]+"}@)
->finish_ok;
}
sub test_download_file {
my $ws_msg;
$t->ua->websocket_p('/upload/')->then(sub {
my $tx = shift;
my $promise = Mojo::Promise->new;
$tx->on(finish => sub { $promise->resolve });
$tx->on(message => sub {
my $tx = shift;
$ws_msg = shift;
$tx->finish;
});
$tx->send($msg.'XXMOJOXX'.$encrypted);
return $promise;
})->catch(sub {
my $err = shift;
is($err, undef);
})->wait;
$ws_msg = from_json($ws_msg);
$t->websocket_ok('/download/'.$ws_msg->{short})
->send_ok(to_json({part => 0}))
->message_ok
->message_like(qr@"total":1@)
->message_like(qr@"part":0@)
->message_like(qr@"i":0@)
->message_like(qr@"id":null@)
->message_like(qr@"del_at_first_view":1@)
->message_like(qr@"delay":"0"@)
->message_like(qr@"name":"$filename_test\.txt"@)
->message_like(qr@"size":7@)
->message_like(qr@"type":"text\\/plain"@)
->message_like(qr@XXMOJOXX@)
->message_like(qr@$encrypted_rgx@)
->send_ok(to_json({ended => true}))
->finish_ok;
# The file is not supposed to be available anymore
$t->websocket_ok('/download/'.$ws_msg->{short})
->send_ok(to_json({part => 0}))
->message_ok
->message_like(qr@"msg":"Error: the file existed but was deleted\."@)
->message_like(qr@"success":false@)
->send_ok(to_json({ended => true}))
->finish_ok;
}
sub auth_test_suite {
my ($login, $pass) = @_;
$t->get_ok('/')
->status_is(302)
->header_is(Location => '/login');
test_fail_upload();
test_login($login, $pass);
test_upload_file();
test_download_file();
my $token = '';
$t->post_ok('/logout' => form => { csrf_token => $token })
->status_is(200)
->content_like(qr@Bad CSRF token\.@);
$token = $t->ua->get('/')->res->dom->find('input[name="csrf_token"]')->first->attr('value');
$t->post_ok('/logout' => form => { csrf_token => $token })
->status_is(200)
->content_like(qr@You have been successfully logged out\.@);
test_fail_upload();
}
sub test_fail_upload {
# An empty message would make it fail if we were allowed to go in the authenticated part
$t->websocket_ok('/upload/')
->send_ok('')
->finish_ok;
}
sub test_login {
my ($login, $pass) = @_;
$t->get_ok('/login')
->status_is(200)
->content_like(qr@Signin@);
my $token = '';
$t->post_ok('/login' => form => { login => $login, password => $pass, csrf_token => $token })
->status_is(200)
->content_like(qr@Bad CSRF token\.@);
$token = $t->ua->get('/login')->res->dom->find('input[name="csrf_token"]')->first->attr('value');
$t->post_ok('/login' => form => { login => $login, password => $pass, csrf_token => $token })
->status_is(302)
->header_is(Location => '/');
$t->get_ok('/login')
->status_is(302)
->header_is(Location => '/');
}
sub restore_config {
$config_file->spurt($config_orig);
}
sub switch_to_htpasswd {
$config_content = $config_orig;
$config_content =~ s/#?htpasswd.*/htpasswd => 't\/lufi.passwd',/gm;
$config_file->spurt($config_content);
Lufi::DB::Slice->new(app => $m)->delete_all;
Lufi::DB::File->new(app => $m)->delete_all;
$t = Test::Mojo->new('Lufi');
## Wait for short generation
sleep 5;
}
sub switch_to_ldap {
$config_content = $config_orig;
$config_content =~ s/^( +)#?ldap => \{ uri/$1ldap => { uri/gm;
$config_file->spurt($config_content);
Lufi::DB::Slice->new(app => $m)->delete_all;
Lufi::DB::File->new(app => $m)->delete_all;
$t = Test::Mojo->new('Lufi');
## Wait for short generation
sleep 5;
}
sub switch_to_swift {
$config_content = $config_orig;
$config_content =~ s/^( +)#?swift => \{ auth_url/$1swift => { auth_url/gm;
$config_file->spurt($config_content);
Lufi::DB::Slice->new(app => $m)->delete_all;
Lufi::DB::File->new(app => $m)->delete_all;
$t = Test::Mojo->new('Lufi');
## Wait for short generation
sleep 5;
}