search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add a 2nd DELETE test (sunshine case, delete all entries).
[pin4sha_cgi.git] / tests / test-login-ok.sh
blobc3c2a809a736cad54067fca03a4b99ba3364fe39
1 #!/bin/sh
2 #
3 # Copyright (c) 2015-2016 Marcus Rohrmoser http://mro.name/me. All rights reserved.
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18 cd "$(dirname "$0")/../tmp"
19 . ../scripts/assert.sh
20
21 # Check preliminaries
22 curl --version >/dev/null || assert_fail 101 "I need curl."
23 xmllint --version 2> /dev/null || assert_fail 102 "I need xmllint (libxml2)."
24 [ "${USERNAME}" != "" ] || assert_fail 1 "How strange, USERNAME is unset."
25 [ "${PASSWORD}" != "" ] || assert_fail 2 "How strange, PASSWORD is unset."
26 [ "${BASE_URL}" != "" ] || assert_fail 3 "How strange, BASE_URL is unset."
27
28 echo "###################################################"
29 echo "## non-logged-in GET /?do=configure failure: 404 "
30 http_code=$(curl --url "${BASE_URL}/?do=configure" \
31 --cookie curl.cook --cookie-jar curl.cook \
32 --location --output curl.tmp.html \
33 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
34 --write-out '%{http_code}' 2>/dev/null)
35 [ 404 -eq ${http_code} ] || assert_fail "expected 404, got ${http_code}"
36
37 echo "###################################################"
38 echo "## non-logged-in GET /?do=changepasswd failure: 404 "
39 http_code=$(curl --url "${BASE_URL}/?do=changepasswd" \
40 --cookie curl.cook --cookie-jar curl.cook \
41 --location --output curl.tmp.html \
42 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
43 --write-out '%{http_code}' 2>/dev/null)
44 [ 404 -eq ${http_code} ] || assert_fail "expected 404, got ${http_code}"
45
46 echo "####################################################"
47 echo "## Step 1: fetch token to login "
48 echo "GET ${BASE_URL}?do=login"
49 rm curl.tmp.*
50 # http://unix.stackexchange.com/a/157219
51 LOCATION=$(curl --get --url "${BASE_URL}/?do=login" \
52 --cookie curl.cook --cookie-jar curl.cook \
53 --location --output curl.tmp.html \
54 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
55 --write-out '%{url_effective}' 2>/dev/null)
56 # todo:
57 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
58 [ "${errmsg}" = "" ] || assert_fail 107 "error: '${errmsg}'"
59 TOKEN=$(xmllint --html --nowarning --xpath 'string(/html/body//form[@name="loginform"]//input[@name="token"]/@value)' curl.tmp.html)
60 # string(..) http://stackoverflow.com/a/18390404
61
62 # the precise length doesn't matter, it just has to be significantly larger than ''
63 [ $(printf "%s" ${TOKEN} | wc -c) -eq 40 ] || assert_fail 6 "expected TOKEN of 40 characters, but found ${TOKEN} of $(printf "%s" ${TOKEN} | wc -c)"
64
65 echo "######################################################"
66 echo "## Step 2: follow the redirect, do the login and redirect to ?do=changepasswd "
67 echo "POST ${LOCATION}"
68 rm curl.tmp.*
69 LOCATION=$(curl --url "${LOCATION}" \
70 --data-urlencode "login=${USERNAME}" \
71 --data-urlencode "password=${PASSWORD}" \
72 --data-urlencode "token=${TOKEN}" \
73 --data-urlencode "returnurl=${BASE_URL}/?do=changepasswd" \
74 --cookie curl.cook --cookie-jar curl.cook \
75 --location --output curl.tmp.html \
76 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
77 --write-out '%{url_effective}' 2>/dev/null)
78 # todo:
79 errmsg=$(xmllint --html --nowarning --xpath 'string(/html[1 = count(*)]/head[1 = count(*)]/script[starts-with(.,"alert(")])' curl.tmp.html)
80 [ "${errmsg}" = "" ] || assert_fail 108 "error: '${errmsg}'"
81 [ "${BASE_URL}/?do=changepasswd" = "${LOCATION}" ] || assert_fail 108 "expected to be redirected to do=changepassword, but got '${LOCATION}'"
82
83 # [ 1 -eq $(xmllint --html --nowarning --xpath "count(/html/body//a[@href = '?do=logout'])" curl.tmp.html 2>/dev/null) ] || assert_fail 13 "I expected a logout link."
84
85 # check presence of various mandatory form fields:
86 for field in oldpassword setpassword token
87 do
88 [ $(xmllint --html --nowarning --xpath "count(/html/body//form[@name = 'changepasswordform']//input[@name='${field}'])" curl.tmp.html) -eq 1 ] || assert_fail 8 "expected to have a '${field}'"
89 done
90
91
92 echo "###################################################"
93 echo "## logged-in GET /?do=configure success: 200 "
94 http_code=$(curl --url "${BASE_URL}/?do=configure" \
95 --cookie curl.cook --cookie-jar curl.cook \
96 --location --output curl.tmp.html \
97 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
98 --write-out '%{http_code}' 2>/dev/null)
99 [ 200 -eq ${http_code} ] || assert_fail "expected 200, got ${http_code}"
100
101 echo "###################################################"
102 echo "## logged-in GET /?do=changepasswd success: 200 "
103 http_code=$(curl --url "${BASE_URL}/?do=changepasswd" \
104 --cookie curl.cook --cookie-jar curl.cook \
105 --location --output curl.tmp.html \
106 --trace-ascii curl.tmp.trace --dump-header curl.tmp.head \
107 --write-out '%{http_code}' 2>/dev/null)
108 [ 200 -eq ${http_code} ] || assert_fail "expected 404, got ${http_code}"
🐫 API wrapper for Shaarli exposing pinboard.in/api. Zero-config, drop-in, single-file CGI deployment.