diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-08-18 00:29:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-18 00:29:49 +0200 |
commit | 7eb7529be9c43e9a1ff69bf1dd974ed3b123241e (patch) | |
tree | 88acc9f77ae1fc1cdb4c9cce1635878d9e45623c /t/bmo | |
parent | 5c849ad08765322010064f482fd2dea11482c114 (diff) | |
download | bugzilla-7eb7529be9c43e9a1ff69bf1dd974ed3b123241e.tar.gz bugzilla-7eb7529be9c43e9a1ff69bf1dd974ed3b123241e.tar.xz |
Bug 1388148 - Test password quality checking code
Diffstat (limited to 't/bmo')
-rw-r--r-- | t/bmo/passwords.t | 260 |
1 files changed, 260 insertions, 0 deletions
diff --git a/t/bmo/passwords.t b/t/bmo/passwords.t new file mode 100644 index 000000000..d10eddff7 --- /dev/null +++ b/t/bmo/passwords.t @@ -0,0 +1,260 @@ +#!/usr/bin/env perl +use 5.10.1; +use strict; +use warnings; +use autodie; +use constant DRIVER => 'Test::Selenium::Remote::Driver'; + +use Test::More 1.302; +#use constant DRIVER => 'Test::Selenium::Chrome'; +BEGIN { plan skip_all => "these tests only run in CI" unless $ENV{CI} && $ENV{CIRCLE_JOB} eq 'test_bmo' }; + +use ok DRIVER; + +my $ADMIN_LOGIN = $ENV{BZ_TEST_ADMIN} // 'admin@mozilla.bugs'; +my $ADMIN_PW_OLD = $ENV{BZ_TEST_ADMIN_PASS} // 'passWord1234!'; +my $ADMIN_PW_NEW = $ENV{BZ_TEST_ADMIN_NEWPASS} // 'she7Ka8t'; + +my @require_env = qw( + BZ_BASE_URL + BZ_TEST_NEWBIE + BZ_TEST_NEWBIE_PASS +); + +if (DRIVER =~ /Remote/) { + push @require_env, qw( TWD_HOST TWD_PORT ); +} +my @missing_env = grep { ! exists $ENV{$_} } @require_env; +BAIL_OUT("Missing env: @missing_env") if @missing_env; + +eval { + my $sel = DRIVER->new(base_url => $ENV{BZ_BASE_URL}); + $sel->set_implicit_wait_timeout(600); + + login_ok($sel, $ADMIN_LOGIN, $ADMIN_PW_OLD); + + change_password($sel, $ADMIN_PW_OLD, 'newpassword', 'newpassword2'); + $sel->title_is("Passwords Don't Match"); + $sel->body_text_contains('The two passwords you entered did not match.'); + + change_password($sel, $ADMIN_PW_OLD . "x", "newpassword2", "newpassword2"); + $sel->title_is("Incorrect Old Password"); + + change_password($sel, $ADMIN_PW_OLD, "password", "password"); + $sel->title_is("Password Fails Requirements"); + + change_password($sel, $ADMIN_PW_OLD, $ADMIN_PW_NEW, $ADMIN_PW_NEW); + $sel->title_is("User Preferences"); + logout_ok($sel); + + login_ok($sel, $ADMIN_LOGIN, $ADMIN_PW_NEW); + + # we don't protect against password re-use + change_password($sel, $ADMIN_PW_NEW, $ADMIN_PW_OLD, $ADMIN_PW_OLD); + $sel->title_is("User Preferences"); + logout_ok($sel); + + login_ok($sel, $ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}); + + $sel->get_ok("/editusers.cgi"); + $sel->title_is("Authorization Required"); + logout_ok($sel); + + login_ok($sel, $ADMIN_LOGIN, $ADMIN_PW_OLD); + + toggle_require_password_change($sel, $ENV{BZ_TEST_NEWBIE}); + logout_ok($sel); + + login($sel, $ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}); + $sel->title_is('Password change required'); + click_and_type($sel, "old_password", $ENV{BZ_TEST_NEWBIE_PASS}); + click_and_type($sel, "new_password1", "password"); + click_and_type($sel, "new_password2", "password"); + submit($sel, '//input[@id="submit"]'); + $sel->title_is('Password Fails Requirements'); + + $sel->go_back_ok(); + $sel->title_is('Password change required'); + click_and_type($sel, "old_password", $ENV{BZ_TEST_NEWBIE_PASS}); + click_and_type($sel, "new_password1", "!!" . $ENV{BZ_TEST_NEWBIE_PASS}); + click_and_type($sel, "new_password2", "!!" . $ENV{BZ_TEST_NEWBIE_PASS}); + submit($sel, '//input[@id="submit"]'); + $sel->title_is('Password Changed'); + change_password( + $sel, + "!!" . $ENV{BZ_TEST_NEWBIE_PASS}, + $ENV{BZ_TEST_NEWBIE_PASS}, + $ENV{BZ_TEST_NEWBIE_PASS} + ); + $sel->title_is("User Preferences"); + + $sel->get_ok("/userprefs.cgi?tab=account"); + $sel->title_is("User Preferences"); + click_link($sel, "I forgot my password"); + $sel->body_text_contains( + ["A token for changing your password has been emailed to you.", + "Follow the instructions in that email to change your password."], + ); + my $token = get_token(); + ok($token, "got a token from resetting password"); + $sel->get_ok("/token.cgi?t=$token&a=cfmpw"); + $sel->title_is('Change Password'); + click_and_type($sel, "password", "nopandas"); + click_and_type($sel, "matchpassword", "nopandas"); + submit($sel, '//input[@id="update"]'); + $sel->title_is('Password Fails Requirements'); + $sel->go_back_ok(); + $sel->title_is('Change Password'); + click_and_type($sel, "password", '??' . $ENV{BZ_TEST_NEWBIE_PASS}); + click_and_type($sel, "matchpassword", '??' . $ENV{BZ_TEST_NEWBIE_PASS}); + submit($sel, '//input[@id="update"]'); + $sel->title_is('Password Changed'); + $sel->get_ok("/token.cgi?t=$token&a=cfmpw"); + $sel->title_is('Token Does Not Exist'); + $sel->get_ok("/login"); + $sel->title_is('Log in to Bugzilla'); + login_ok($sel, $ENV{BZ_TEST_NEWBIE}, "??" . $ENV{BZ_TEST_NEWBIE_PASS}); + change_password( + $sel, + "??" . $ENV{BZ_TEST_NEWBIE_PASS}, + $ENV{BZ_TEST_NEWBIE_PASS}, + $ENV{BZ_TEST_NEWBIE_PASS} + ); + $sel->title_is("User Preferences"); + + logout_ok($sel); + open my $fh, '>', '/app/data/mailer.testfile'; + close $fh; + + $sel->get('/createaccount.cgi'); + $sel->title_is('Create a new Bugzilla account'); + click_and_type($sel, 'login', $ENV{BZ_TEST_NEWBIE2}); + $sel->find_element('//input[@id="etiquette"]', 'xpath')->click(); + submit($sel, '//input[@value="Create Account"]'); + $sel->title_is("Request for new user account '$ENV{BZ_TEST_NEWBIE2}' submitted"); + my ($create_token) = search_mailer_testfile( + qr{/token\.cgi\?t=([^&]+)&a=request_new_account}xs + ); + $sel->get("/token.cgi?t=$create_token&a=request_new_account"); + click_and_type($sel, 'passwd1', $ENV{BZ_TEST_NEWBIE2_PASS}); + click_and_type($sel, 'passwd2', $ENV{BZ_TEST_NEWBIE2_PASS}); + submit($sel, '//input[@value="Create"]'); + + $sel->title_is('Bugzilla Main Page'); + $sel->body_text_contains( + ["The user account $ENV{BZ_TEST_NEWBIE2} has been created", + "successfully"] + ); +}; +if ($@) { + fail("got exception $@"); +} +done_testing(); + +sub submit { + my ($sel, $xpath) = @_; + $sel->find_element($xpath, 'xpath')->submit(); +} + +sub get_token { + my $token; + my $count = 0; + do { + sleep 1 if $count++; + open my $fh, '<', '/app/data/mailer.testfile'; + my $content = do { + local $/ = undef; + <$fh>; + }; + ($token) = $content =~ m!/token\.cgi\?t=3D([^&]+)&a=3Dcfmpw!s; + close $fh; + } until $token || $count > 60; + return $token; +} + +sub search_mailer_testfile { + my ($regexp) = @_; + my $content = ""; + my @result; + my $count = 0; + do { + sleep 1 if $count++; + open my $fh, '<', '/app/data/mailer.testfile'; + $content .= do { + local $/ = undef; + <$fh>; + }; + close $fh; + my $decoded = $content; + $decoded =~ s/\r\n/\n/gs; + $decoded =~ s/=\n//gs; + $decoded =~ s/=([[:xdigit:]]{2})/chr(hex($1))/ges; + @result = $decoded =~ $regexp; + } until @result || $count > 60; + return @result; +} + +sub click_and_type { + my ($sel, $name, $text) = @_; + + eval { + my $el = $sel->find_element(qq{//input[\@name="$name"]}, 'xpath'); + $el->click(); + $sel->send_keys_to_active_element($text); + pass("found $name and typed $text"); + }; + if ($@) { + fail("failed to find $name"); + } +} + +sub click_link { + my ($sel, $text) = @_; + my $el = $sel->find_element($text, 'link_text'); + $el->click(); +} + +sub change_password { + my ($sel, $old, $new1, $new2) = @_; + $sel->get_ok("/userprefs.cgi?tab=account"); + $sel->title_is("User Preferences"); + click_and_type($sel, "old_password", $old); + click_and_type($sel, "new_password1", $new1); + click_and_type($sel, "new_password2", $new2); + submit($sel, '//input[@value="Submit Changes"]'); +} + +sub toggle_require_password_change { + my ($sel, $login) = @_; + $sel->get_ok("/editusers.cgi"); + $sel->title_is("Search users"); + click_and_type($sel, 'matchstr', $login); + submit($sel, '//input[@id="search"]'); + $sel->title_is("Select user"); + click_link($sel, $login); + $sel->find_element('//input[@id="password_change_required"]')->click; + submit($sel, '//input[@id="update"]'); + $sel->title_is("User $login updated"); +} + +sub login { + my ($sel, $login, $password) = @_; + + $sel->get_ok("/login"); + $sel->title_is("Log in to Bugzilla"); + click_and_type($sel, 'Bugzilla_login', $login); + click_and_type($sel, 'Bugzilla_password', $password); + submit($sel, '//input[@name="GoAheadAndLogIn"]'); +} + +sub login_ok { + my ($sel) = @_; + login(@_); + $sel->title_is('Bugzilla Main Page'); +} + +sub logout_ok { + my ($sel) = @_; + $sel->get_ok('/index.cgi?logout=1'); + $sel->title_is("Logged Out"); +} |