C++ (Cpp) cas_authorize_worker Examples

Example #1

File: mod_auth_cas_test.c Project: LucaFilipozzi/mod_auth_cas

END_TEST

START_TEST(cas_attribute_authz_test) {
  int should_fail1, should_fail2, should_succeed1, should_succeed2,
      should_succeed3, should_succeed4, should_succeed5, should_decline1,
      should_decline2;
  cas_saml_attr *attrs = NULL;
  cas_attr_builder *builder;
  require_line require_line_array[5];
  cas_cfg *c;
  int i;
  require_line *r;

  const char *old_method;
  int old_method_number;

  /* Manually create some SAML attributes.  These attributes represent
   * a CAS attribute payload returned by CAS.  This test will apply an
   * authorization policy to these attributes to test its behavior.
   */
  struct test_data {
      const char *const k;
      const char *const v;
  } test_data_list[] = {
      {"key1", "val1"},
      {"key1", "val2"},
      {"key2", "val3"},
      {"should", "succeed"},
      {"regexAttribute", "urn:mace:example.edu:testing?placeholder=there&success=true"},
      {0, 0} /* NULL terminator */
  };

  // Build a CAS attribute structure.
  builder = cas_attr_builder_new(pool, &attrs);
  i = 0;
  while (1) {
      struct test_data d = test_data_list[i];
      if (d.v == NULL) break;

      cas_attr_builder_add(builder, d.k, d.v);
      i++;
  }

  c = ap_get_module_config(request->server->module_config,
                           &auth_cas_module);

  /* Allow these tests to pass - simulate a GET request. */
  old_method = request->method;
  old_method_number = request->method_number;
  request->method = "GET";
  request->method_number = M_GET;

  /* Create 'Require' config structures representing the
   * configured authorization policy.  Although we create many, we'll
   * apply different combinations of them in the tests which
   * follow. */
  r = &(require_line_array[0]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute hopefully:fail");

  r = &(require_line_array[1]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute should:succeed");

  r = &(require_line_array[2]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute regexAttribute~.+:testing\?.*success=true.*");

  r = &(require_line_array[3]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute regexAttribute~.+:testing\?.*success=TRUE.*");

  r = &(require_line_array[4]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute regexAttribute~.+:testing\?.*(?i:success=TRUE).*");

  /* When mod_auth_cas is authoritative, an attribute payload which
   * fails to pass the policy check should result in
   * HTTP_UNAUTHORIZED. */
  c->CASAuthoritative = 1;
  should_fail1 = cas_authorize_worker(request, attrs, &(require_line_array[0]), 1, c);
  c->CASAuthoritative = 1;
  should_fail2 = cas_authorize_worker(request, attrs, &(require_line_array[3]), 1, c);

  /* When mod_auth_cas is authoritative, an attribute payload which
   * does pass the policy check should succeed. */
  c->CASAuthoritative = 1;
  should_succeed1 = cas_authorize_worker(request, attrs, &(require_line_array[1]), 1, c);
  c->CASAuthoritative = 1;
  should_succeed2 = cas_authorize_worker(request, attrs, &(require_line_array[2]), 1, c);

  /* When mod_auth_cas is *not* authoritative, an attribute payload
   * which does pass the policy check should succeed. */
  c->CASAuthoritative = 0;
  should_succeed3 = cas_authorize_worker(request, attrs, &(require_line_array[0]), 2, c);
  c->CASAuthoritative = 0;
  should_succeed4 = cas_authorize_worker(request, attrs, &(require_line_array[2]), 1, c);

  /* Case-insensitive flag should allow case-sensitivity to be overridden */
  c->CASAuthoritative = 0;
  should_succeed5 = cas_authorize_worker(request, attrs, &(require_line_array[4]), 1, c);

  /* Regardless of whether mod_auth_cas is authoritative, the empty
   * list of Require directives means mod_auth_cas has no policy to
   * check and should DECLINE. */
  c->CASAuthoritative = 1;
  should_decline1 = cas_authorize_worker(request, attrs, NULL, 0, c);
  c->CASAuthoritative = 0;
  should_decline2 = cas_authorize_worker(request, attrs, NULL, 0, c);

  /* Restore the request object */
  request->method = old_method;
  request->method_number = old_method_number;

  fail_unless((should_fail1 == HTTP_UNAUTHORIZED) &&
              (should_fail2 == HTTP_UNAUTHORIZED) &&
              (should_succeed1 == OK) &&
              (should_succeed2 == OK) &&
              (should_succeed3 == OK) &&
              (should_succeed4 == OK) &&
              (should_succeed5 == OK) &&
              (should_decline1 == DECLINED) &&
              (should_decline2 == DECLINED));
}

Example #2

File: mod_auth_cas_test.c Project: ccyflai/mod_auth_cas

END_TEST

START_TEST(cas_attribute_authz_test) {
  int should_fail, should_succeed1, should_succeed2,
      should_decline1, should_decline2;
  cas_saml_attr *attrs = NULL;
  cas_attr_builder *builder;
  require_line require_line_array[2];
  cas_cfg *c;
  int i;
  require_line *r;

  /* Manually create some SAML attributes.  These attributes represent
   * a CAS attribute payload returned by CAS.  This test will apply an
   * authorization policy to these attributes to test its behavior.
   */
  struct test_data {
      const char *const k;
      const char *const v;
  } test_data_list[] = {
      {"key1", "val1"},
      {"key1", "val2"},
      {"key2", "val3"},
      {"should", "succeed"},
      {0, 0} /* NULL terminator */
  };

  // Build a CAS attribute structure.
  builder = cas_attr_builder_new(pool, &attrs);
  i = 0;
  while (1) {
      struct test_data d = test_data_list[i];
      if (d.v == NULL) break;

      cas_attr_builder_add(builder, d.k, d.v);
      i++;
  }

  c = ap_get_module_config(request->server->module_config,
                           &auth_cas_module);

  /* Create two 'Require' config structures representing the
   * configured authorization policy.  Although we create two, we'll
   * apply different combinations of them in the tests which
   * follow. */
  r = &(require_line_array[0]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute hopefully:fail");

  r = &(require_line_array[1]);
  r->method_mask = AP_METHOD_BIT;
  r->requirement = apr_pstrdup(pool, "cas-attribute should:succeed");

  /* When mod_auth_cas is authoritative, an attribute payload which
   * fails to pass the policy check should result in
   * HTTP_UNAUTHORIZED. */
  c->CASAuthoritative = 1;
  should_fail = cas_authorize_worker(request, attrs, &(require_line_array[0]), 1, c);

  /* When mod_auth_cas is authoritative, an attribute payload which
   * does pass the policy check should succeed. */
  c->CASAuthoritative = 1;
  should_succeed1 = cas_authorize_worker(request, attrs, &(require_line_array[1]), 1, c);

  /* When mod_auth_cas is *not* authoritative, an attribute payload
   * which does pass the policy check should succeed. */
  c->CASAuthoritative = 0;
  should_succeed2 = cas_authorize_worker(request, attrs, &(require_line_array[0]), 2, c);

  /* Regardless of whether mod_auth_cas is authoritative, the empty
   * list of Require directives means mod_auth_cas has no policy to
   * check and should DECLINE. */
  c->CASAuthoritative = 1;
  should_decline1 = cas_authorize_worker(request, attrs, NULL, 0, c);
  c->CASAuthoritative = 0;
  should_decline2 = cas_authorize_worker(request, attrs, NULL, 0, c);

  fail_unless((should_fail == HTTP_UNAUTHORIZED) &&
              (should_succeed1 == OK) &&
              (should_succeed2 == OK) &&
              (should_decline1 == DECLINED) &&
              (should_decline2 == DECLINED));
}