2021-05-04 22:06:05 +00:00
|
|
|
package suites
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/suite"
|
|
|
|
)
|
|
|
|
|
|
|
|
type OIDCScenario struct {
|
2021-11-05 13:14:42 +00:00
|
|
|
*RodSuite
|
2021-05-04 22:06:05 +00:00
|
|
|
secret string
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewOIDCScenario() *OIDCScenario {
|
|
|
|
return &OIDCScenario{
|
2021-11-05 13:14:42 +00:00
|
|
|
RodSuite: new(RodSuite),
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *OIDCScenario) SetupSuite() {
|
2021-11-05 13:14:42 +00:00
|
|
|
browser, err := StartRod()
|
2021-05-04 22:06:05 +00:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.RodSession = browser
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
|
|
defer func() {
|
|
|
|
cancel()
|
|
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
|
|
|
|
|
|
s.collectCoverage(s.Page)
|
|
|
|
s.MustClose()
|
|
|
|
}()
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.Page = s.doCreateTab(s.T(), HomeBaseURL)
|
|
|
|
s.secret = s.doRegisterAndLogin2FA(s.T(), s.Context(ctx), "john", "password", false, AdminBaseURL)
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *OIDCScenario) TearDownSuite() {
|
2021-11-05 13:14:42 +00:00
|
|
|
err := s.RodSession.Stop()
|
2021-05-04 22:06:05 +00:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *OIDCScenario) SetupTest() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
2021-11-05 13:14:42 +00:00
|
|
|
defer func() {
|
|
|
|
cancel()
|
|
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
|
|
}()
|
|
|
|
|
|
|
|
s.Page = s.doCreateTab(s.T(), fmt.Sprintf("%s/logout", OIDCBaseURL))
|
|
|
|
s.doVisit(s.T(), s.Context(ctx), HomeBaseURL)
|
|
|
|
s.verifyIsHome(s.T(), s.Context(ctx))
|
|
|
|
}
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
func (s *OIDCScenario) TearDownTest() {
|
|
|
|
s.collectCoverage(s.Page)
|
|
|
|
s.MustClose()
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *OIDCScenario) TestShouldAuthorizeAccessToOIDCApp() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
2021-11-05 13:14:42 +00:00
|
|
|
defer func() {
|
|
|
|
cancel()
|
|
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
|
|
}()
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.doVisit(s.T(), s.Context(ctx), OIDCBaseURL)
|
|
|
|
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
|
|
|
|
s.doFillLoginPageAndClick(s.T(), s.Context(ctx), "john", "password", false)
|
|
|
|
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
|
|
|
|
s.doValidateTOTP(s.T(), s.Context(ctx), s.secret)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-01-31 05:25:15 +00:00
|
|
|
// Search for the 'login' link.
|
2021-11-05 13:14:42 +00:00
|
|
|
err := s.Page.MustSearch("Log in").Click("left")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.NoError(s.T(), err)
|
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.verifyIsConsentPage(s.T(), s.Context(ctx))
|
|
|
|
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "accept-button").Click("left")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.NoError(s.T(), err)
|
|
|
|
|
2022-01-31 05:25:15 +00:00
|
|
|
// Verify that the app is showing the info related to the user stored in the JWT token.
|
2021-11-05 13:14:42 +00:00
|
|
|
s.waitBodyContains(s.T(), s.Context(ctx), "Logged in as john!")
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *OIDCScenario) TestShouldDenyConsent() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
2021-11-05 13:14:42 +00:00
|
|
|
defer func() {
|
|
|
|
cancel()
|
|
|
|
s.collectScreenshot(ctx.Err(), s.Page)
|
|
|
|
}()
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.doVisit(s.T(), s.Context(ctx), OIDCBaseURL)
|
|
|
|
s.verifyIsFirstFactorPage(s.T(), s.Context(ctx))
|
|
|
|
s.doFillLoginPageAndClick(s.T(), s.Context(ctx), "john", "password", false)
|
|
|
|
s.verifyIsSecondFactorPage(s.T(), s.Context(ctx))
|
|
|
|
s.doValidateTOTP(s.T(), s.Context(ctx), s.secret)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.waitBodyContains(s.T(), s.Context(ctx), "Not logged yet...")
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-01-31 05:25:15 +00:00
|
|
|
// Search for the 'login' link.
|
2021-11-05 13:14:42 +00:00
|
|
|
err := s.Page.MustSearch("Log in").Click("left")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.NoError(s.T(), err)
|
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.verifyIsConsentPage(s.T(), s.Context(ctx))
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
err = s.WaitElementLocatedByCSSSelector(s.T(), s.Context(ctx), "deny-button").Click("left")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.NoError(s.T(), err)
|
|
|
|
|
2021-11-05 13:14:42 +00:00
|
|
|
s.verifyIsOIDC(s.T(), s.Context(ctx), "oauth2:", "https://oidc.example.com:8080/oauth2/callback?error=access_denied&error_description=User%20has%20rejected%20the%20scopes")
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestRunOIDCScenario(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("skipping suite test in short mode")
|
|
|
|
}
|
|
|
|
|
|
|
|
suite.Run(t, NewOIDCSuite())
|
|
|
|
}
|