scripts/test-login.sh

   1 #!/bin/sh
   2 #
   3 #  Copyright (c) 2015 Marcus Rohrmoser http://mro.name/me. All rights reserved.
   4 #
   5 #  This program is free software: you can redistribute it and/or modify
   6 #  it under the terms of the GNU General Public License as published by
   7 #  the Free Software Foundation, either version 3 of the License, or
   8 #  (at your option) any later version.
   9 #
  10 #  This program is distributed in the hope that it will be useful,
  11 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 #  GNU General Public License for more details.
  14 #
  15 #  You should have received a copy of the GNU General Public License
  16 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18 cd "$(dirname "$0")"
  19 . ./assert.sh
  20
  21 # Check preliminaries
  22 curl --version >/dev/null       || assert_fail 101 "I need curl."
  23 xmllint --version 2> /dev/null  || assert_fail 102 "I need xmllint (libxml2)."
  24 [ "$USERNAME" != "" ]           || assert_fail 1 "How strange, USERNAME is unset."
  25 [ "$PASSWORD" != "" ]           || assert_fail 2 "How strange, PASSWORD is unset."
  26 [ "$BASE_URL" != "" ]           || assert_fail 3 "How strange, BASE_URL is unset."
  27
  28 echo "###################################################"
  29 echo "## non-logged-in GET /?do=configure failure: 404 "
  30 http_code=$(curl --url "${BASE_URL}/?do=configure" \
  31   --cookie curl.cook --cookie-jar curl.cook \
  32   --location --output curl.tmp.html \
  33   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  34   --write-out '%{http_code}' 2>/dev/null)
  35 [ 404 -eq $http_code ] || assert_fail "expected 404, got $http_code"
  36
  37 echo "###################################################"
  38 echo "## non-logged-in GET /?do=changepasswd failure: 404 "
  39 http_code=$(curl --url "${BASE_URL}/?do=changepasswd" \
  40   --cookie curl.cook --cookie-jar curl.cook \
  41   --location --output curl.tmp.html \
  42   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  43   --write-out '%{http_code}' 2>/dev/null)
  44 [ 404 -eq $http_code ] || assert_fail "expected 404, got $http_code"
  45
  46 echo "####################################################"
  47 echo "## Step 1: fetch token to login "
  48 echo "GET ${BASE_URL}?do=login"
  49 rm curl.tmp.*
  50 # http://unix.stackexchange.com/a/157219
  51 LOCATION=$(curl --get --url "${BASE_URL}/?do=login" \
  52   --cookie curl.cook --cookie-jar curl.cook \
  53   --location --output curl.tmp.html \
  54   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  55   --write-out '%{url_effective}' 2>/dev/null)
  56 # todo:
  57 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
  58 [ "$errmsg" = "" ] || assert_fail 107 "error: '$errmsg'"
  59 TOKEN=$(xmllint --html --nowarning --xpath 'string(/html/body//form[@name="loginform"]//input[@name="token"]/@value)' curl.tmp.html)
  60 # string(..) http://stackoverflow.com/a/18390404
  61
  62 # the precise length doesn't matter, it just has to be significantly larger than ''
  63 [ $(printf "%s" $TOKEN | wc -c) -eq 40 ] || assert_fail 6 "expected TOKEN of 40 characters, but found $TOKEN of $(printf "%s" $TOKEN | wc -c)"
  64
  65 echo "######################################################"
  66 echo "## Step 2: follow the redirect, do the login and redirect to ?do=changepasswd "
  67 echo "POST $LOCATION"
  68 rm curl.tmp.*
  69 LOCATION=$(curl --url "$LOCATION" \
  70   --data-urlencode "login=$USERNAME" \
  71   --data-urlencode "password=$PASSWORD" \
  72   --data-urlencode "token=$TOKEN" \
  73   --data-urlencode "returnurl=${BASE_URL}/?do=changepasswd" \
  74   --cookie curl.cook --cookie-jar curl.cook \
  75   --location --output curl.tmp.html \
  76   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  77   --write-out '%{url_effective}' 2>/dev/null)
  78 # todo:
  79 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
  80 [ "$errmsg" = "" ] || assert_fail 108 "error: '$errmsg'"
  81 [ "${BASE_URL}/?do=changepasswd" = "$LOCATION" ] || assert_fail 108 "expected to be redirected to do=changepassword, but got '$LOCATION'"
  82
  83 # [ 1 -eq $(xmllint --html --nowarning --xpath "count(/html/body//a[@href = '?do=logout'])" curl.tmp.html 2>/dev/null) ] || assert_fail 13 "I expected a logout link."
  84
  85 # check presence of various mandatory form fields:
  86 for field in oldpassword setpassword token
  87 do
  88   [ $(xmllint --html --nowarning --xpath "count(/html/body//form[@name = 'changepasswordform']//input[@name='$field'])" curl.tmp.html) -eq 1 ] || assert_fail 8 "expected to have a '$field'"
  89 done
  90
  91
  92 echo "###################################################"
  93 echo "## logged-in GET /?do=configure success: 200 "
  94 http_code=$(curl --url "${BASE_URL}/?do=configure" \
  95   --cookie curl.cook --cookie-jar curl.cook \
  96   --location --output curl.tmp.html \
  97   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
  98   --write-out '%{http_code}' 2>/dev/null)
  99 [ 200 -eq $http_code ] || assert_fail "expected 200, got $http_code"
 100
 101 echo "###################################################"
 102 echo "## logged-in GET /?do=changepasswd success: 200 "
 103 http_code=$(curl --url "${BASE_URL}/?do=changepasswd" \
 104   --cookie curl.cook --cookie-jar curl.cook \
 105   --location --output curl.tmp.html \
 106   --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
 107   --write-out '%{http_code}' 2>/dev/null)
 108 [ 200 -eq $http_code ] || assert_fail "expected 404, got $http_code"