summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2018-04-04 16:58:06 +0200
committerGitHub <noreply@github.com>2018-04-04 16:58:06 +0200
commit3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 (patch)
tree2f3e992600840a3c9245c315a0f92b419677a198
parent85a2490e1e696c8d62562f8752fc486c02578ec3 (diff)
downloadbugzilla-3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865.tar.gz
bugzilla-3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865.tar.xz
Bug 1447028 - Add auth delegation test script
-rw-r--r--README.rst16
-rwxr-xr-xscripts/auth-test-app72
-rw-r--r--vagrant_support/apache.j21
3 files changed, 89 insertions, 0 deletions
diff --git a/README.rst b/README.rst
index 64fae335b..adeb1a18e 100644
--- a/README.rst
+++ b/README.rst
@@ -80,6 +80,22 @@ or db is changed, do a full provision:
vagrant rsync && vagrant provision
+Testing Auth delegation
+-----------------------
+
+For testing auth-delegation there is included an `scripts/auth-test-app`
+script that runs a webserver and implements the auth delegation protocol.
+
+Provided you have `Mojolicious`_ installed:
+
+.. code-block:: bash
+ perl auth-test-app daemon
+
+Then just browse to `localhost:3000`_ to test creating API keys.
+
+.. _`Mojolicious`: https://metacpan.org/pod/Mojolicious
+.. _`localhost:3000`: http://localhost:3000
+
Technical Details
-----------------
diff --git a/scripts/auth-test-app b/scripts/auth-test-app
new file mode 100755
index 000000000..3df56796c
--- /dev/null
+++ b/scripts/auth-test-app
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use 5.10.1;
+use strict;
+use warnings;
+use Mojolicious::Lite;
+use Digest::SHA qw(sha256_hex);
+
+my $BUGZILLA_URL = $ENV{AUTH_TEST_BUGZILLA_URL} // 'http://bmo-web.vm/auth.cgi';
+my $APP_DESC = $ENV{AUTH_TEST_APP_DESC} // 'AuthTest';
+my %SECRETS;
+
+get '/' => sub {
+ my $c = shift;
+ my $callback_url = $c->url_for->to_abs->path('/callback');
+ my $app_id = sha256_hex($callback_url, $APP_DESC);
+ $c->render(
+ template => 'index',
+ app_id => $app_id,
+ callback_url => $callback_url,
+ bugzilla_url => $BUGZILLA_URL,
+ app_desc => $APP_DESC,
+ );
+};
+
+post '/callback' => sub {
+ my $c = shift;
+ %SECRETS = %{ $c->req->json };
+ $c->render( json => { result => 'SECRETS' } );
+};
+
+get '/callback' => sub {
+ my $c = shift;
+ my $store_key = $c->param('callback_result');
+ $c->render( template => 'callback', %SECRETS );
+};
+
+app->start;
+__DATA__
+
+@@ index.html.ep
+% layout 'default';
+% title 'Configure';
+
+<p>Test auth delegation. <code>$app_id = <%= $app_id %></code></p>
+
+<form method="get" action="<%= $bugzilla_url %>">
+ <input type="hidden" name="callback" value="<%= $callback_url %>">
+ <input type="hidden" name="description" value="<%= $app_desc %>">
+ <input type="submit" value="Login">
+ </div>
+</form>
+
+@@ callback.html.ep
+% layout 'default';
+% title 'Login Result';
+
+<div><b>Login</b> <%= $client_api_login %> </div>
+<div><b>API Key</b> <%= $client_api_key %></div>
+
+@@ layouts/default.html.ep
+<!DOCTYPE html>
+<html>
+ <head><title><%= title %></title></head>
+ <body><%= content %></body>
+</html>
diff --git a/vagrant_support/apache.j2 b/vagrant_support/apache.j2
index 722ebad92..773672fa1 100644
--- a/vagrant_support/apache.j2
+++ b/vagrant_support/apache.j2
@@ -1,5 +1,6 @@
PerlSwitches -wT
PerlSetEnv USE_NYTPROF 0
+PerlSetEnv BUGZILLA_UNSAFE_AUTH_DELEGATION 1
PerlConfigRequire /vagrant/mod_perl.pl
<IfModule mpm_prefork_module>