test-challenger.sh (5493B)
1 #!/usr/bin/env bash 2 # This file is in the public domain. 3 # 4 # Tests happy path of challenger mostly. 5 6 set -eu 7 8 # Exit, with status code "skip" (no 'real' failure) 9 function exit_skip() { 10 echo " SKIP: $1" 11 exit 77 12 } 13 14 # Exit, with error message (hard failure) 15 function exit_fail() { 16 echo " FAIL: $@" 17 exit 1 18 } 19 20 # Cleanup to run whenever we exit 21 function cleanup() 22 { 23 for n in $(jobs -p) 24 do 25 kill $n 2> /dev/null || true 26 done 27 rm -f "$LAST_RESPONSE" "$FILENAME" 28 wait 29 } 30 31 LAST_RESPONSE=$(mktemp responseXXXXXX.log) 32 FILENAME="test-challenger.txt" 33 34 # Install cleanup handler (except for kill -9) 35 trap cleanup EXIT 36 37 export PATH="$PATH:." 38 39 echo -n "Testing for jq" 40 jq -h > /dev/null || exit_skip "jq required" 41 echo " FOUND" 42 echo -n "Testing for curl" 43 curl -h > /dev/null || exit_skip "curl required" 44 echo " FOUND" 45 echo -n "Testing for wget" 46 wget -h > /dev/null || exit_skip "wget required" 47 echo " FOUND" 48 echo -n "Testing for challenger-httpd ..." 49 challenger-httpd -h > /dev/null || exit_skip "challenger-httpd required" 50 echo " FOUND" 51 52 CONF="test-challenger.conf" 53 BURL="http://localhost:9967" 54 REDIRECT_URI="http://client.example.com/" 55 56 echo -n "Initialize challenger database ..." 57 challenger-dbinit -r -c "${CONF}" &> dbinit.log 58 echo " OK" 59 60 echo -n "Add challenger client ..." 61 CLIENT_SECRET="secret-token:secret" 62 challenger-admin -c "${CONF}" -a "${CLIENT_SECRET}" "${REDIRECT_URI}" &> admin.log 63 echo " OK" 64 # We just reset the DB, thus the client ID must be 1 here: 65 CLIENT_ID=1 66 67 echo -n "Start challenger-httpd ..." 68 challenger-httpd -L INFO -c "${CONF}" &> httpd.log & 69 70 # Wait for challenger to be available 71 for n in $(seq 1 50) 72 do 73 echo -n "." 74 sleep 0.2 75 OK=0 76 # bank 77 wget --tries=1 --timeout=1 "${BURL}/config" -o /dev/null -O /dev/null >/dev/null || continue 78 OK=1 79 break 80 done 81 if [ 1 != $OK ] 82 then 83 exit_skip "Failed to launch challenger service" 84 fi 85 86 87 echo -n "Setup new validation process..." 88 STATUS=$(curl "${BURL}/setup/${CLIENT_ID}" \ 89 -H "Authorization: Bearer ${CLIENT_SECRET}" \ 90 -d '' \ 91 -w "%{http_code}" -s -o $LAST_RESPONSE) 92 93 if [ "$STATUS" != "200" ] 94 then 95 exit_fail "Expected 200 OK. Got: $STATUS" $(cat $LAST_RESPONSE) 96 fi 97 NONCE=$(jq -r .nonce < "$LAST_RESPONSE") 98 echo " OK" 99 100 CLIENT_STATE="the-client-state" 101 CLIENT_SCOPE="the-client-scope" 102 103 echo -n "Initiating user login..." 104 STATUS=$(curl "${BURL}/authorize/${NONCE}" \ 105 -G \ 106 -H "Accept: application/json" \ 107 --data-urlencode "response_type=code" \ 108 --data-urlencode "client_id=${CLIENT_ID}" \ 109 --data-urlencode "redirect_uri=${REDIRECT_URI}" \ 110 --data-urlencode "state=${CLIENT_STATE}" \ 111 --data-urlencode "scope=${CLIENT_SCOPE}" \ 112 -w "%{http_code}" -s -o $LAST_RESPONSE) 113 114 if [ "$STATUS" != "200" ] 115 then 116 exit_fail "Expected 200 OK. Got: $STATUS" $(cat $LAST_RESPONSE) 117 exit 1 118 fi 119 echo "OK" 120 121 122 echo -n "Initiating address submission..." 123 STATUS=$(curl "${BURL}/challenge/${NONCE}" \ 124 -X POST \ 125 -H "Accept: application/json" \ 126 --data-urlencode "filename=${FILENAME}" \ 127 -w "%{http_code}" -s -o $LAST_RESPONSE) 128 129 if [ "$STATUS" != "200" ] 130 then 131 exit_fail "Expected 200 OK. Got: $STATUS" $(cat $LAST_RESPONSE) 132 fi 133 echo "OK" 134 135 PIN=$(cat ${FILENAME} | awk '{print $5}') 136 137 echo -n "Initiating PIN ${PIN} submission..." 138 RESULT=$(curl "${BURL}/solve/${NONCE}" \ 139 -X POST \ 140 -H "Accept: text/html" \ 141 --data-urlencode "pin=${PIN}" \ 142 -w "%{http_code} %{redirect_url}" -s -o $LAST_RESPONSE) 143 STATUS=$(echo "$RESULT" | awk '{print $1}') 144 TARGET=$(echo "$RESULT" | awk '{print $2}') 145 146 if [ "$STATUS" != "302" ] 147 then 148 exit_fail "Expected 302. Got: $STATUS" $(cat $LAST_RESPONSE) 149 fi 150 151 TURL=$(echo "$TARGET" | sed -e "s/?.*//g") 152 TCODE=$(echo "$TARGET" | sed -e "s/.*?code=//g" -e "s/&.*//g") 153 TSTATE=$(echo "$TARGET" | sed -e "s/.*&state=//g") 154 155 if [ "${TURL}" != "${REDIRECT_URI}" ] 156 then 157 exit_fail "Invalid redirect URI ${TURL} returned, wanted ${REDIRECT_URI}" 158 fi 159 if [ "${TSTATE}" != "${CLIENT_STATE}" ] 160 then 161 exit_fail "Invalid client state ${TSTATE} returned, wanted ${CLIENT_STATE}" 162 fi 163 echo "OK" 164 165 echo -n "Requesting authorization for client ..." 166 STATUS=$(curl "${BURL}/token" \ 167 -X POST \ 168 --data-urlencode "client_id=${CLIENT_ID}" \ 169 --data-urlencode "redirect_uri=${REDIRECT_URI}" \ 170 --data-urlencode "client_secret=${CLIENT_SECRET}" \ 171 --data-urlencode "code=${TCODE}" \ 172 --data-urlencode "grant_type=authorization_code" \ 173 -w "%{http_code}" -s -o $LAST_RESPONSE) 174 175 if [ "$STATUS" != "200" ] 176 then 177 exit_fail "Expected 200 OK. Got: $STATUS" $(cat $LAST_RESPONSE) 178 fi 179 TOKEN_TYPE="$(cat $LAST_RESPONSE | jq -r .token_type)" 180 if [ "$TOKEN_TYPE" != "Bearer" ] 181 then 182 exit_fail "Expected Bearer token. Got: $TOKEN_TYPE" 183 fi 184 ACCESS_TOKEN=$(cat $LAST_RESPONSE | jq -r .access_token) 185 EXPIRES_IN=$(cat $LAST_RESPONSE | jq -r .expires_in) 186 echo "OK" 187 188 echo -n "Requesting user information for client ..." 189 STATUS=$(curl "${BURL}/info" \ 190 -H "Authorization: Bearer ${ACCESS_TOKEN}" \ 191 -w "%{http_code}" -s -o $LAST_RESPONSE) 192 if [ "$STATUS" != "200" ] 193 then 194 exit_fail "Expected 200 OK. Got: $STATUS" $(cat $LAST_RESPONSE) 195 fi 196 197 # cat $LAST_RESPONSE | jq 198 199 TADDRESS=$(cat "$LAST_RESPONSE" | jq -r .address.filename) 200 TADDRESS_TYPE=$(cat "$LAST_RESPONSE" | jq -r .address_type) 201 202 if [ "$TADDRESS" != "$FILENAME" ] 203 then 204 exit_fail "Expected $FILENAME. Got: $TADDRESS" 205 fi 206 207 if [ "$TADDRESS_TYPE" != "file-access" ] 208 then 209 exit_fail "Expected file-access. Got: $TADDRESS_TYPE" 210 fi 211 echo "OK" 212 213 214 exit 0