END_TEST START_TEST(getResponseFromServer_test) { const char *response = "<cas:serviceResponse xmlns:cas=" "'http://www.yale.edu/tp/cas'>" "<cas:authenticationSuccess>" "<cas:user>username</cas:user>" "</cas:authenticationSuccess>" "</cas:serviceResponse>"; char *rv; cas_cfg *c = ap_get_module_config(request->server->module_config, &auth_cas_module); set_curl_response(response); rv = getResponseFromServer(request, c, "ST-1234"); #ifndef DARWIN // apr_stat behaves oddly while the tests are running (but works // just fine on a standalone test program). It almost looks // like it doesn't get called at all, which results in NULL // being returned from getResponseFromServer. In any case, the // code in getResponseFromServer needs to be refactored anyway, // so improving the test quality and getting it to work on OS X // can be saved for that date. fail_if(rv == NULL, apr_psprintf(request->pool, "getResponseFromServer() returned NULL\n" " (Does %s (CAS_DEFAULT_CA_PATH in mod_auth_cas.h) exist?)", c->CASCertificatePath)); fail_unless(strcmp(rv, response) == 0); #endif }
END_TEST START_TEST(removeGatewayCookie_test) { const char *expected = "MOD_CAS_G=TRUE;Secure;Path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT"; const char *ernVal; const char *response = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">" "<cas:authenticationSuccess>" "<cas:user>good</cas:user>" "</cas:authenticationSuccess>" "</cas:serviceResponse>"; int rv; cas_cfg *c = ap_get_module_config(request->server->module_config, &auth_cas_module); c->CASCookiePath = "/tmp/"; /* * setup request as if we've just returned from a gateway trip, * with a gateway cookie and a cas ticket */ apr_table_set(request->headers_in, "Cookie", "MOD_CAS_G=TRUE; cookie_name=cookie_value "); request->unparsed_uri = "/foo?ticket=ST-1234"; request->uri = "/foo"; request->args = apr_pstrdup(request->pool, "ticket=ST-1234"); request->connection->local_addr->port = 443; request->ap_auth_type = "cas"; fail_unless(strcmp(request->args, "ticket=ST-1234") == 0, request->args); apr_uri_parse(request->pool, "http://foo.example.com/foo?ticket=ST-12345", &request->parsed_uri); /* * setup fake serviceValidate response from cas server */ set_curl_response(response); /* * authenticate the user */ c->CASCertificatePath = "/"; rv = cas_authenticate(request); fail_unless(rv == HTTP_MOVED_TEMPORARILY, "cas_authenticate failed"); fail_unless(strcmp(request->user, "good") == 0, request->user); /* * verify that the Set-Cookie header removes the gateway cookie */ apr_table_compress(request->err_headers_out, APR_OVERLAP_TABLES_MERGE); ernVal = apr_table_get(request->err_headers_out, "Set-Cookie"); fail_unless(strstr(ernVal, expected) != NULL, ernVal); }
END_TEST /* Test OpenSAML 2.x responses (CAS >= 3.5.1) */ START_TEST(isValidCASTicket_OpenSAML2_test) { const char *response = "<?xml version='1.0' encoding='UTF-8'?>" "<SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'>" "<SOAP-ENV:Body>" "<saml1p:Response xmlns:saml1p='urn:oasis:names:tc:SAML:1.0:protocol'" " IssueInstant='2011-01-01T01:01:01.001Z'" " MajorVersion='1' MinorVersion='1'" " Recipient='https://example.com/example_app'" " ResponseID='_0123456789abcdef0123456789abcdef'>" "<saml1p:Status><saml1p:StatusCode Value='saml1p:Success'/></saml1p:Status>" "<saml1:Assertion xmlns:saml1='urn:oasis:names:tc:SAML:1.0:assertion'" " AssertionID='_0123456789abcdef0123456789abcdef'" " IssueInstant='2011-01-01T01:01:01.001Z' Issuer='localhost'" " MajorVersion='1' MinorVersion='1'>" "<saml1:Conditions NotBefore='2011-01-01T12:00:00.000Z' NotOnOrAfter='2011-01-01T12:01:00.000Z'>" "<saml1:AudienceRestrictionCondition>" "<saml1:Audience>https://example.com/example_app</saml1:Audience>" "</saml1:AudienceRestrictionCondition>" "</saml1:Conditions>" "<saml1:AuthenticationStatement AuthenticationMethod='urn:oasis:names:tc:SAML:1.0:am:password'>" "<saml1:Subject><saml1:NameIdentifier>username</saml1:NameIdentifier></saml1:Subject>" "</saml1:AuthenticationStatement>" "<saml1:AttributeStatement>" "<saml1:Subject><saml1:NameIdentifier>username</saml1:NameIdentifier></saml1:Subject>" "<saml1:Attribute AttributeName='FirstName'" " AttributeNamespace='http://www.ja-sig.org/products/cas/'>" "<saml1:AttributeValue>Joe</saml1:AttributeValue>" "</saml1:Attribute>" "<saml1:Attribute AttributeName='Last Name'" " AttributeNamespace='http://www.ja-sig.org/products/cas/'>" "<saml1:AttributeValue>Test</saml1:AttributeValue>" "</saml1:Attribute>" "<saml1:Attribute AttributeName='GroupList'" " AttributeNamespace='http://www.ja-sig.org/products/cas/'>" "<saml1:AttributeValue>A,B</saml1:AttributeValue>" "<saml1:AttributeValue>C</saml1:AttributeValue>" "</saml1:Attribute>" "</saml1:AttributeStatement>" "</saml1:Assertion>" "</saml1p:Response>" "</SOAP-ENV:Body>" "</SOAP-ENV:Envelope>"; char *remoteUser = NULL; cas_saml_attr *attrs = NULL; char *attr; apr_byte_t rv; cas_cfg *c = ap_get_module_config(request->server->module_config, &auth_cas_module); set_curl_response(response); c->CASCertificatePath = "/"; c->CASValidateSAML = TRUE; rv = isValidCASTicket(request, c, "ST-1234", &remoteUser, &attrs); fail_if(rv == FALSE); attr = get_attr(c, attrs, "FirstName"); fail_if(attr == NULL); fail_unless(strcmp(attr, "Joe") == 0); attr = get_attr(c, attrs, "Last Name"); fail_if(attr == NULL); fail_unless(strcmp(attr, "Test") == 0); attr = get_attr(c, attrs, "GroupList"); fail_if(attr == NULL); fail_unless(strcmp(attr, "A,B" CAS_DEFAULT_ATTRIBUTE_DELIMITER "C") == 0); attr = get_attr(c, attrs, "AuthenticationMethod"); fail_if(attr == NULL); fail_unless(strcmp(attr, "urn:oasis:names:tc:SAML:1.0:am:password") == 0); }