From 3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 4 Apr 2018 10:58:06 -0400
Subject: Bug 1447028 - Add auth delegation test script

---
 README.rst                | 16 +++++++++++
 scripts/auth-test-app     | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 vagrant_support/apache.j2 |  1 +
 3 files changed, 89 insertions(+)
 create mode 100755 scripts/auth-test-app

diff --git a/README.rst b/README.rst
index 64fae335b..adeb1a18e 100644
--- a/README.rst
+++ b/README.rst
@@ -80,6 +80,22 @@ or db is changed, do a full provision:
 
     vagrant rsync && vagrant provision
 
+Testing Auth delegation
+-----------------------
+
+For testing auth-delegation there is included an `scripts/auth-test-app`
+script that runs a webserver and implements the auth delegation protocol.
+
+Provided you have `Mojolicious`_ installed:
+
+.. code-block:: bash
+  perl auth-test-app daemon
+
+Then just browse to `localhost:3000`_ to test creating API keys.
+
+.. _`Mojolicious`: https://metacpan.org/pod/Mojolicious
+.. _`localhost:3000`: http://localhost:3000
+
 Technical Details
 -----------------
 
diff --git a/scripts/auth-test-app b/scripts/auth-test-app
new file mode 100755
index 000000000..3df56796c
--- /dev/null
+++ b/scripts/auth-test-app
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use 5.10.1;
+use strict;
+use warnings;
+use Mojolicious::Lite;
+use Digest::SHA qw(sha256_hex);
+
+my $BUGZILLA_URL = $ENV{AUTH_TEST_BUGZILLA_URL} // 'http://bmo-web.vm/auth.cgi';
+my $APP_DESC     = $ENV{AUTH_TEST_APP_DESC} // 'AuthTest';
+my %SECRETS;
+
+get '/' => sub {
+    my $c = shift;
+    my $callback_url = $c->url_for->to_abs->path('/callback');
+    my $app_id       = sha256_hex($callback_url, $APP_DESC);
+    $c->render(
+        template     => 'index',
+        app_id       => $app_id,
+        callback_url => $callback_url,
+        bugzilla_url => $BUGZILLA_URL,
+        app_desc     => $APP_DESC,
+    );
+};
+
+post '/callback' => sub {
+    my $c = shift;
+    %SECRETS = %{ $c->req->json };
+    $c->render( json => { result => 'SECRETS' } );
+};
+
+get '/callback' => sub {
+    my $c         = shift;
+    my $store_key = $c->param('callback_result');
+    $c->render( template => 'callback', %SECRETS );
+};
+
+app->start;
+__DATA__
+
+@@ index.html.ep
+% layout 'default';
+% title 'Configure';
+
+<p>Test auth delegation. <code>$app_id = <%= $app_id %></code></p>
+
+<form method="get" action="<%= $bugzilla_url %>">
+  <input type="hidden" name="callback" value="<%= $callback_url %>">
+  <input type="hidden" name="description" value="<%= $app_desc %>">
+  <input type="submit" value="Login">
+  </div>
+</form>
+
+@@ callback.html.ep
+% layout 'default';
+% title 'Login Result';
+
+<div><b>Login</b> <%= $client_api_login %> </div>
+<div><b>API Key</b> <%= $client_api_key %></div>
+
+@@ layouts/default.html.ep
+<!DOCTYPE html>
+<html>
+  <head><title><%= title %></title></head>
+  <body><%= content %></body>
+</html>
diff --git a/vagrant_support/apache.j2 b/vagrant_support/apache.j2
index 722ebad92..773672fa1 100644
--- a/vagrant_support/apache.j2
+++ b/vagrant_support/apache.j2
@@ -1,5 +1,6 @@
 PerlSwitches -wT
 PerlSetEnv USE_NYTPROF 0
+PerlSetEnv BUGZILLA_UNSAFE_AUTH_DELEGATION 1
 PerlConfigRequire /vagrant/mod_perl.pl
 
 <IfModule mpm_prefork_module>
-- 
cgit v1.2.3-24-g4f1b