authelia/internal/suites/scenario_two_factor_test.go

package suites

import (
	"context"
	"fmt"
	"log"
	"testing"
	"time"

	"github.com/stretchr/testify/suite"
)

type TwoFactorSuite struct {
	*SeleniumSuite
}

func NewTwoFactorScenario() *TwoFactorSuite {
	return &TwoFactorSuite{
		SeleniumSuite: new(SeleniumSuite),
	}
}

func (s *TwoFactorSuite) SetupSuite() {
	wds, err := StartWebDriver()

	if err != nil {
		log.Fatal(err)
	}

	s.WebDriverSession = wds
}

func (s *TwoFactorSuite) TearDownSuite() {
	err := s.WebDriverSession.Stop()

	if err != nil {
		log.Fatal(err)
	}
}

func (s *TwoFactorSuite) SetupTest() {
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()

	s.doLogout(ctx, s.T())
	s.doVisit(s.T(), HomeBaseURL)
	s.verifyIsHome(ctx, s.T())
}

func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {
	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
	defer cancel()

	username := testUsername
	password := testPassword

	// Login one factor
	s.doLoginOneFactor(ctx, s.T(), username, password, false, "")

	// Check he reaches the 2FA stage
	s.verifyIsSecondFactorPage(ctx, s.T())

	// Then register the TOTP factor
	secret := s.doRegisterTOTP(ctx, s.T())

	// And logout
	s.doLogout(ctx, s.T())

	// Login again with 1FA & 2FA
	targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)
	s.doLoginTwoFactor(ctx, s.T(), testUsername, testPassword, false, secret, targetURL)

	// And check if the user is redirected to the secret.
	s.verifySecretAuthorized(ctx, s.T())

	// Leave the secret
	s.doVisit(s.T(), HomeBaseURL)
	s.verifyIsHome(ctx, s.T())

	// And try to reload it again to check the session is kept
	s.doVisit(s.T(), targetURL)
	s.verifySecretAuthorized(ctx, s.T())
}

func (s *TwoFactorSuite) TestShouldFailTwoFactor() {
	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
	defer cancel()

	// Register TOTP secret and logout.
	s.doRegisterThenLogout(ctx, s.T(), testUsername, testPassword)

	wrongPasscode := "123456"

	s.doLoginOneFactor(ctx, s.T(), testUsername, testPassword, false, "")
	s.verifyIsSecondFactorPage(ctx, s.T())
	s.doEnterOTP(ctx, s.T(), wrongPasscode)
	s.verifyNotificationDisplayed(ctx, s.T(), "The one-time password might be wrong")
}

func TestRunTwoFactor(t *testing.T) {
	if testing.Short() {
		t.Skip("skipping suite test in short mode")
	}

	suite.Run(t, NewTwoFactorScenario())
}
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`package suites`

			`import (`
			`"context"`
			`"fmt"`
			`"log"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/suite"`
			`)`

			`type TwoFactorSuite struct {`
			`*SeleniumSuite`
			`}`

Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`func NewTwoFactorScenario() *TwoFactorSuite {`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`return &TwoFactorSuite{`
			`SeleniumSuite: new(SeleniumSuite),`
			`}`
			`}`

			`func (s *TwoFactorSuite) SetupSuite() {`
			`wds, err := StartWebDriver()`

			`if err != nil {`
			`log.Fatal(err)`
			`}`

Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.WebDriverSession = wds`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`}`

			`func (s *TwoFactorSuite) TearDownSuite() {`
			`err := s.WebDriverSession.Stop()`

			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`func (s *TwoFactorSuite) SetupTest() {`
			`ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)`
			`defer cancel()`

Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.doLogout(ctx, s.T())`
			`s.doVisit(s.T(), HomeBaseURL)`
			`s.verifyIsHome(ctx, s.T())`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`}`

			`func (s *TwoFactorSuite) TestShouldAuthorizeSecretAfterTwoFactor() {`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`defer cancel()`

[CI] Add goconst linter (#961) * [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-02 16:20:40 +00:00			`username := testUsername`
			`password := testPassword`
Test user does see the not registered message. When a user use Authelia for the first time no device is enrolled in DB. Now we test that the user does see the "not registered" message when no device is enrolled and see the standard 2FA method when a device is already enrolled. 2019-12-07 17:14:26 +00:00
			`// Login one factor`
			`s.doLoginOneFactor(ctx, s.T(), username, password, false, "")`

			`// Check he reaches the 2FA stage`
			`s.verifyIsSecondFactorPage(ctx, s.T())`

			`// Then register the TOTP factor`
			`secret := s.doRegisterTOTP(ctx, s.T())`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00
Test user does see the not registered message. When a user use Authelia for the first time no device is enrolled in DB. Now we test that the user does see the "not registered" message when no device is enrolled and see the standard 2FA method when a device is already enrolled. 2019-12-07 17:14:26 +00:00			`// And logout`
			`s.doLogout(ctx, s.T())`

			`// Login again with 1FA & 2FA`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`targetURL := fmt.Sprintf("%s/secret.html", AdminBaseURL)`
[CI] Add goconst linter (#961) * [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-02 16:20:40 +00:00			`s.doLoginTwoFactor(ctx, s.T(), testUsername, testPassword, false, secret, targetURL)`
Test user does see the not registered message. When a user use Authelia for the first time no device is enrolled in DB. Now we test that the user does see the "not registered" message when no device is enrolled and see the standard 2FA method when a device is already enrolled. 2019-12-07 17:14:26 +00:00
			`// And check if the user is redirected to the secret.`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.verifySecretAuthorized(ctx, s.T())`

Test user does see the not registered message. When a user use Authelia for the first time no device is enrolled in DB. Now we test that the user does see the "not registered" message when no device is enrolled and see the standard 2FA method when a device is already enrolled. 2019-12-07 17:14:26 +00:00			`// Leave the secret`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.doVisit(s.T(), HomeBaseURL)`
			`s.verifyIsHome(ctx, s.T())`

Test user does see the not registered message. When a user use Authelia for the first time no device is enrolled in DB. Now we test that the user does see the "not registered" message when no device is enrolled and see the standard 2FA method when a device is already enrolled. 2019-12-07 17:14:26 +00:00			`// And try to reload it again to check the session is kept`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.doVisit(s.T(), targetURL)`
			`s.verifySecretAuthorized(ctx, s.T())`
			`}`

			`func (s *TwoFactorSuite) TestShouldFailTwoFactor() {`
			`ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)`
			`defer cancel()`

			`// Register TOTP secret and logout.`
[CI] Add goconst linter (#961) * [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-02 16:20:40 +00:00			`s.doRegisterThenLogout(ctx, s.T(), testUsername, testPassword)`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00
			`wrongPasscode := "123456"`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00
[CI] Add goconst linter (#961) * [CI] Add goconst linter * Implement goconst recommendations * Rename defaultPolicy to denyPolicy * Change order for test constants Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-02 16:20:40 +00:00			`s.doLoginOneFactor(ctx, s.T(), testUsername, testPassword, false, "")`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.verifyIsSecondFactorPage(ctx, s.T())`
			`s.doEnterOTP(ctx, s.T(), wrongPasscode)`
			`s.verifyNotificationDisplayed(ctx, s.T(), "The one-time password might be wrong")`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`}`

			`func TestRunTwoFactor(t *testing.T) {`
test(suites): short mode skip suites testing (#1823) This PR changes the suites tests so if go test -short is used, they are skipped per go standards and a message is displayed. Additionally removed some redundant types from suite_high_availability_test.go and adjusted a warning about a nil req var. 2021-03-14 07:08:26 +00:00			`if testing.Short() {`
			`t.Skip("skipping suite test in short mode")`
			`}`

Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`suite.Run(t, NewTwoFactorScenario())`
Declare suites as Go structs and bootstrap e2e test framework in Go. Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own. 2019-11-02 14:32:58 +00:00			`}`