summaryrefslogtreecommitdiffstats
path: root/api4/user_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'api4/user_test.go')
-rw-r--r--api4/user_test.go52
1 files changed, 52 insertions, 0 deletions
diff --git a/api4/user_test.go b/api4/user_test.go
index 10f65e766..96aa55d5f 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -2235,6 +2235,58 @@ func TestSetProfileImage(t *testing.T) {
t.Fatal(err)
}
}
+func TestCBALogin(t *testing.T) {
+ th := Setup().InitBasic()
+ defer th.TearDown()
+ Client := th.Client
+ Client.Logout()
+
+ th.App.SetLicense(model.NewTestLicense("saml"))
+ th.App.UpdateConfig(func(cfg *model.Config) {
+ *cfg.ExperimentalSettings.ClientSideCertEnable = true
+ *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_PRIMARY_AUTH
+ })
+
+ user, resp := Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+ if resp.Error.StatusCode != 400 && user == nil {
+ t.Fatal("Should have failed because it's missing the cert header")
+ }
+
+ Client.HttpHeader["X-SSL-Client-Cert"] = "valid_cert_fake"
+ user, resp = Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+ if resp.Error.StatusCode != 400 && user == nil {
+ t.Fatal("Should have failed because it's missing the cert subject")
+ }
+
+ Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=mis_match" + th.BasicUser.Email
+ user, resp = Client.Login(th.BasicUser.Email, "")
+ if resp.Error.StatusCode != 400 && user == nil {
+ t.Fatal("Should have failed because the emails mismatch")
+ }
+
+ Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
+ user, resp = Client.Login(th.BasicUser.Email, "")
+ if !(user != nil && user.Email == th.BasicUser.Email) {
+ t.Fatal("Should have been able to login")
+ }
+
+ th.App.UpdateConfig(func(cfg *model.Config) {
+ *cfg.ExperimentalSettings.ClientSideCertEnable = true
+ *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_SECONDARY_AUTH
+ })
+
+ Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
+ user, resp = Client.Login(th.BasicUser.Email, "")
+ if resp.Error.StatusCode != 400 && user == nil {
+ t.Fatal("Should have failed because password is required")
+ }
+
+ Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
+ user, resp = Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+ if !(user != nil && user.Email == th.BasicUser.Email) {
+ t.Fatal("Should have been able to login")
+ }
+}
func TestSwitchAccount(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-20 03:18:31 +0000