tests/test-login-ok.sh

   1 #!/bin/sh
   2 #
   3 #  Copyright (c) 2015-2016 Marcus Rohrmoser http://mro.name/me. All rights reserved.
   4 #
   5 #  This program is free software: you can redistribute it and/or modify
   6 #  it under the terms of the GNU General Public License as published by
   7 #  the Free Software Foundation, either version 3 of the License, or
   8 #  (at your option) any later version.
   9 #
  10 #  This program is distributed in the hope that it will be useful,
  11 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 #  GNU General Public License for more details.
  14 #
  15 #  You should have received a copy of the GNU General Public License
  16 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18 cd "$(dirname "$0")/../tmp"
  19 . ../scripts/assert.sh
  20
  21 # Check preliminaries
  22 curl --version >/dev/null       || assert_fail 101 "I need curl."
  23 xmllint --version 2> /dev/null  || assert_fail 102 "I need xmllint (libxml2)."
  24 [ "${USERNAME}" != "" ]         || assert_fail 1 "How strange, USERNAME is unset."
  25 [ "${PASSWORD}" != "" ]         || assert_fail 2 "How strange, PASSWORD is unset."
  26 [ "${BASE_URL}" != "" ]         || assert_fail 3 "How strange, BASE_URL is unset."
  27
  28 echo "###################################################"
  29 echo "## non-logged-in GET /?post return: 302 "
  30 http_code=$(curl --url "${BASE_URL}/?post" \
  31   --cookie curl.cook --cookie-jar curl.cook \
  32   --output curl.tmp.html \
  33   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  34   --write-out '%{http_code}' 2>/dev/null)
  35 assert_equal 302 "${http_code}" 35 "login check."
  36
  37 echo "####################################################"
  38 echo "## Step 1: fetch token to login "
  39 echo "GET ${BASE_URL}?do=login"
  40 rm curl.tmp.*
  41 # http://unix.stackexchange.com/a/157219
  42 LOCATION=$(curl --get --url "${BASE_URL}/?do=login" \
  43   --cookie curl.cook --cookie-jar curl.cook \
  44   --location --output curl.tmp.html \
  45   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  46   --write-out '%{url_effective}' 2>/dev/null)
  47 # todo:
  48 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
  49 assert_equal "" "${errmsg}" 58 "error: '${errmsg}'"
  50 TOKEN=$(xmllint --html --nowarning --xpath 'string(/html/body//form[@name="loginform"]//input[@name="token"]/@value)' curl.tmp.html)
  51 # string(..) http://stackoverflow.com/a/18390404
  52
  53 # the precise length doesn't matter, it just has to be significantly larger than ''
  54 assert_equal 40 $(printf "%s" ${TOKEN} | wc -c) 63 "found TOKEN=${TOKEN}"
  55
  56 echo "######################################################"
  57 echo "## Step 2: follow the redirect, do the login and redirect to ?do=changepasswd "
  58 echo "POST ${LOCATION}"
  59 rm curl.tmp.*
  60 LOCATION=$(curl --url "${LOCATION}" \
  61   --data-urlencode "login=${USERNAME}" \
  62   --data-urlencode "password=${PASSWORD}" \
  63   --data-urlencode "token=${TOKEN}" \
  64   --data-urlencode "returnurl=${BASE_URL}/?do=changepasswd" \
  65   --cookie curl.cook --cookie-jar curl.cook \
  66   --location --output curl.tmp.html \
  67   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  68   --write-out '%{url_effective}' 2>/dev/null)
  69 # todo:
  70 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
  71 assert_equal "" "${errmsg}" 80 "error during login"
  72 assert_equal "${BASE_URL}/?do=changepasswd" "${LOCATION}" 81 "redirect after login"
  73
  74 # [ 1 -eq $(xmllint --html --nowarning --xpath "count(/html/body//a[@href = '?do=logout'])" curl.tmp.html 2>/dev/null) ] || assert_fail 13 "I expected a logout link."
  75
  76 # check presence of various mandatory form fields:
  77 for field in oldpassword setpassword token
  78 do
  79   assert_equal 1 $(xmllint --html --nowarning --xpath "count(/html/body//form[@name = 'changepasswordform']//input[@name='${field}'])" curl.tmp.html) 88 "expected to have a '${field}'"
  80 done
  81
  82
  83 echo "###################################################"
  84 echo "## logged-in GET /?post return: 200 "
  85 http_code=$(curl --url "${BASE_URL}/?post" \
  86   --cookie curl.cook --cookie-jar curl.cook \
  87   --output curl.tmp.html \
  88   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  89   --write-out '%{http_code}' 2>/dev/null)
  90 assert_equal 200 "${http_code}" 90 "login check."