diff options
Diffstat (limited to 't/app/controller/auth_social.t')
| -rw-r--r-- | t/app/controller/auth_social.t | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/t/app/controller/auth_social.t b/t/app/controller/auth_social.t new file mode 100644 index 000000000..173572b02 --- /dev/null +++ b/t/app/controller/auth_social.t @@ -0,0 +1,143 @@ +use strict; +use warnings; +use Test::More; +use LWP::Protocol::PSGI; +use LWP::Simple; +use JSON::MaybeXS; + +use t::Facebook; +use t::MapIt; + +use FixMyStreet::TestMech; +my $mech = FixMyStreet::TestMech->new; + +# disable info logs for this test run +FixMyStreet::App->log->disable('info'); +END { FixMyStreet::App->log->enable('info'); } + +my ($report) = $mech->create_problems_for_body(1, '2345', 'Test'); + +LWP::Protocol::PSGI->register(t::MapIt->to_psgi_app, host => 'mapit.uk'); + +FixMyStreet::override_config { + FACEBOOK_APP_ID => 'facebook-app-id', + ALLOWED_COBRANDS => [ { fixmystreet => '.' } ], + MAPIT_URL => 'http://mapit.uk/', +}, sub { + +my $fb_email = 'facebook@example.org'; +my $fb_uid = 123456789; + +for my $fb_state ( 'refused', 'no email', 'existing UID', 'okay' ) { + for my $page ( 'my', 'report', 'update' ) { + subtest "test FB '$fb_state' login for page '$page'" => sub { + $mech->log_out_ok; + if ($fb_state eq 'existing UID') { + my $user = $mech->create_user_ok($fb_email); + $user->update({ facebook_id => $fb_uid }); + } else { + $mech->delete_user($fb_email); + } + + # Set up a mock to catch (most, see below) requests to Facebook + my $fb = t::Facebook->new; + $fb->returns_email(0) if $fb_state eq 'no email' || $fb_state eq 'existing UID'; + LWP::Protocol::PSGI->register($fb->to_psgi_app, host => 'www.facebook.com'); + LWP::Protocol::PSGI->register($fb->to_psgi_app, host => 'graph.facebook.com'); + + # Due to https://metacpan.org/pod/Test::WWW::Mechanize::Catalyst#External-Redirects-and-allow_external + # the redirect to Facebook's OAuth page can mess up the session + # cookie. So let's pretend we always on www.facebook.com, which + # sorts that out. + $mech->host('www.facebook.com'); + + # Fetch the page with the form via which we wish to log in + my $fields; + if ($page eq 'my') { + $mech->get_ok('/my'); + } elsif ($page eq 'report') { + $mech->get_ok('/'); + $mech->submit_form_ok( { with_fields => { pc => 'SW1A1AA' } }, "submit location" ); + $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" ); + $fields = { + title => 'Test title', + detail => 'Test detail', + }; + } else { + $mech->get_ok('/report/' . $report->id); + $fields = { + update => 'Test update', + }; + } + $mech->submit_form(with_fields => $fields, button => 'facebook_sign_in'); + + # As well as the cookie issue above, caused by this external + # redirect rewriting the host, the redirect gets handled directly + # by Catalyst, not our mocked handler, so will be a 404. Check + # the redirect happened instead. + is $mech->res->previous->code, 302, 'FB button redirected'; + like $mech->res->previous->header('Location'), qr{facebook\.com.*dialog/oauth.*facebook-app-id}, 'FB redirect to oauth URL'; + + # Okay, now call the callback Facebook would send us to + if ($fb_state eq 'refused') { + $mech->get_ok('/auth/Facebook?error_code=ERROR'); + } else { + $mech->get_ok('/auth/Facebook?code=response-code'); + } + + # Check we're showing the right form, regardless of what came back + if ($page eq 'report') { + $mech->content_contains('/report/new'); + } elsif ($page eq 'update') { + $mech->content_contains('/report/update'); + } + + if ($fb_state eq 'refused') { + $mech->content_contains('Sorry, we could not log you in. Please fill in the form below.'); + $mech->not_logged_in_ok; + } elsif ($fb_state eq 'no email') { + $mech->content_contains('We need your email address, please give it below.'); + # We don't have an email, so check that we can still submit it, + # and the ID carries through the confirmation + if ($page eq 'update') { + $fields->{rznvy} = $fb_email; + } else { + $fields->{email} = $fb_email; + } + $fields->{name} = 'Ffion Tester'; + $mech->submit_form(with_fields => $fields); + $mech->content_contains('Nearly done! Now check your email'); + + my $email = $mech->get_email; + ok $email, "got an email"; + $mech->clear_emails_ok; + my ( $url, $url_token ) = $email->body =~ m{(https?://\S+/[CMP]/)(\S+)}; + ok $url, "extracted confirm url '$url'"; + + my $user = FixMyStreet::App->model( 'DB::User' )->find( { email => $fb_email } ); + if ($page eq 'my') { + is $user, undef, 'No user yet exists'; + } else { + is $user->facebook_id, undef, 'User has no facebook ID'; + } + $mech->get_ok( $url . $url_token ); + $user = FixMyStreet::App->model( 'DB::User' )->find( { email => $fb_email } ); + is $user->facebook_id, $fb_uid, 'User now has correct facebook ID'; + + } elsif ($page ne 'my') { + # /my auth login goes directly there, no message like this + $mech->content_contains('You have successfully signed in; please check and confirm your details are accurate'); + $mech->logged_in_ok; + } else { + is $mech->uri->path, '/my', 'Successfully on /my page'; + } + } + } +} + +}; + +END { + $mech->delete_problems_for_body('2345'); + done_testing(); +} |