diff --git a/.drone.yml b/.drone.yml index 83cfe320f..dea3add89 100644 --- a/.drone.yml +++ b/.drone.yml @@ -24,6 +24,24 @@ steps: - chown -R apache:apache /var/www/html/ - cd /var/www/html/apps/user_saml/tests/integration && vendor/bin/behat +services: + - name: ldap + image: quay.io/389ds/dirsrv:latest + environment: + DS_DM_PASSWORD: admin + command: + # initialization + - dsconf localhost backend create --suffix dc=idptestbed --be-name userRoot + # adding own schema + - dsconf localhost schema attributetypes add --oid 1.3.6.1.4.1.49213.1.1.1 --desc 'whether user or group should be available in Nextcloud' --single-value --syntax 1.3.6.1.4.1.1466.115.121.1.7 nextcloudEnabled + - dsconf localhost schema attributetypes add --oid 1.3.6.1.4.1.49213.1.1.2 --desc 'defines how much disk space is available for the user (e.g. 2 GB)' --single-value --syntax 1.3.6.1.4.1.1466.115.121.1.15 nextcloudQuota + - dsconf localhost schema objectclasses add --oid 1.3.6.1.4.1.49213.1.2.1 --must cn --may nextcloudEnabled nextcloudQuota --kind AUXILIARY nextcloudUser + - dsconf localhost schema objectclasses add --oid 1.3.6.1.4.1.49213.1.2.2 --must cn --may nextcloudEnabled --kind AUXILIARY nextcloudGroup + # populating test data + #- dsconf localhost backend import dc=idptestbed /resources/users.ldif + # Problem, cannot mount/copy into service container. + # Also, switching to GH workflows (making it worse however) + trigger: branch: - master diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml new file mode 100644 index 000000000..0305764a8 --- /dev/null +++ b/.github/workflows/integration.yml @@ -0,0 +1,125 @@ +name: Integration tests + +on: + pull_request: + paths: + - '.github/workflows/integration.yml' + - 'appinfo/**' + - 'lib/**' + - 'tests/**' + - 'composer.*' + push: + branches: + - main + - master + - stable* + +env: + APP_NAME: user_saml + LDAP_SUFFIX: dc=idptestbed + +jobs: + integration: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + php-versions: ["8.0"] + databases: ["sqlite"] + server-versions: ["master"] + + + name: Integration php${{ matrix.php-versions }}-${{ matrix.databases }}-${{ matrix.server-versions }} + + services: + directory: + image: quay.io/389ds/dirsrv:latest + ports: + - 389:3389/tcp + env: + DS_DM_PASSWORD: admin + DS_SUFFIX_NAME: dc=idptestbed + sso: + image: ghcr.io/nextcloud/continuous-integration-user_saml_shibboleth-idp:latest + ports: + - 4443:8443/tcp + + steps: + - name: Checkout server + uses: actions/checkout@v3 + with: + repository: nextcloud/server + ref: ${{ matrix.server-versions }} + + - name: Checkout submodules + shell: bash + run: | + auth_header="$(git config --local --get http.https://github.com/.extraheader)" + git submodule sync --recursive + git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 + + - name: Checkout app + uses: actions/checkout@v3 + with: + path: apps/${{ env.APP_NAME }} + + - name: Initialize LDAP Service + shell: bash + run: | + CONTAINER_NAME=$(docker ps -a | grep dirsrv | awk '{ print $1; }') + # Initialize LDAP Database. May wait until server is ready. + while : ; do + sleep 1 + if docker exec ${CONTAINER_NAME} dsconf localhost backend create --suffix "${{ env.LDAP_SUFFIX }}" --be-name ci_root; then + break; + fi + if [ $(docker exec ${CONTAINER_NAME} dsconf localhost backend suffix list | grep "${{ env.LDAP_SUFFIX }}" | wc -l) -eq 1 ]; then + break + fi + done + # Add custom schema + docker cp apps/${{ env.APP_NAME }}/tests/integration/data/98nextcloud-schema.ldif ${CONTAINER_NAME}:/etc/dirsrv/slapd-localhost/schema/ + docker exec ${CONTAINER_NAME} dsconf localhost schema reload + # Add test entries + docker cp apps/${{ env.APP_NAME }}/tests/integration/data/entries.ldif ${CONTAINER_NAME}:/var/opt/ + docker exec ${CONTAINER_NAME} dsconf localhost backend import "${{ env.LDAP_SUFFIX }}" /var/opt/entries.ldif + + - name: Set up php ${{ matrix.php-versions }} + uses: shivammathur/setup-php@4bd44f22a98a19e0950cbad5f31095157cc9621b # v2 + with: + php-version: ${{ matrix.php-versions }} + # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation + extensions: apcu, bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite + coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up dependencies + working-directory: apps/${{ env.APP_NAME }} + run: composer i --no-dev + + - name: Set up Nextcloud + run: | + if [ "${{ matrix.databases }}" = "mysql" ]; then + export DB_PORT=4444 + elif [ "${{ matrix.databases }}" = "pgsql" ]; then + export DB_PORT=4445 + fi + mkdir data + ./occ maintenance:install --verbose --database=${{ matrix.databases }} --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin + ./occ config:system:set memcache.local --value="\\OC\\Memcache\\APCu" + ./occ config:system:set memcache.distributed --value="\\OC\\Memcache\\APCu" + ./occ app:enable --force ${{ env.APP_NAME }} + php -S localhost:8080 & + + - name: Run behat + working-directory: apps/${{ env.APP_NAME }}/tests/integration + run: | + composer install + ./vendor/bin/behat --colors + + - name: Dump nextcloud.log + if: always() + run: cat data/nextcloud.log diff --git a/tests/integration/data/98nextcloud-schema.ldif b/tests/integration/data/98nextcloud-schema.ldif new file mode 100644 index 000000000..12114945a --- /dev/null +++ b/tests/integration/data/98nextcloud-schema.ldif @@ -0,0 +1,13 @@ +dn: cn=schema +objectClass: top +objectClass: ldapSubentry +objectClass: subschema +cn: schema +aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) +modifiersName: cn=Directory Manager +modifyTimestamp: 20230412120423Z +objectClasses: ( 1.3.6.1.4.1.49213.1.2.1 NAME 'nextcloudUser' AUXILIARY MUST cn MAY (nextcloudEnabled $ nextcloudQuota ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.49213.1.2.2 NAME 'nextcloudGroup' AUXILIARY MUST cn MAY nextcloudEnabled X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.49213.1.1.1 NAME 'nextcloudEnabled' DESC 'whether user or group should be available in Nextcloud' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.49213.1.1.2 NAME 'nextcloudQuota' DESC 'defines how much disk space is available for the user (e.g. 2 GB)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +nsSchemaCSN: 64369e47000000000000 diff --git a/tests/integration/data/entries.ldif b/tests/integration/data/entries.ldif new file mode 100644 index 000000000..6d5832ef2 --- /dev/null +++ b/tests/integration/data/entries.ldif @@ -0,0 +1,64 @@ + +dn: dc=idptestbed +objectClass: top +objectClass: domain +dc: idptestbed +description: dc=idptestbed + +dn: cn=admin,dc=idptestbed +objectClass: simpleSecurityObject +objectClass: organizationalRole +cn: admin +userPassword: password +description: LDAP administrator + +dn: ou=Groups,dc=idptestbed +objectClass: top +objectClass: organizationalunit +ou: Groups + +dn: ou=People,dc=idptestbed +objectClass: top +objectClass: organizationalunit +ou: People + +dn: uid=student1,ou=People,dc=idptestbed +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: nextcloudUser +givenName: Stud +uid: student1 +sn: Ent +cn: Stud Ent +mail: student1@idptestbed.edu +userPassword: password +nextcloudQuota: 200 MB + +dn: uid=student2,ou=People,dc=idptestbed +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: nextcloudUser +givenName: Stud +uid: student2 +sn: Ent2 +cn: Stud Ent2 +mail: student2@idptestbed.edu +userPassword: password +nextcloudQuota: 1 GB + +dn: uid=staff1,ou=People,dc=idptestbed +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: nextcloudUser +givenName: St +uid: staff1 +sn: aff +cn: St aff +mail: staff1@idptestbed.edu +userPassword: password diff --git a/tests/integration/features/EnvironmentVariable.feature b/tests/integration/features/EnvironmentVariable.feature index b10957717..ceb84f3bf 100644 --- a/tests/integration/features/EnvironmentVariable.feature +++ b/tests/integration/features/EnvironmentVariable.feature @@ -4,8 +4,8 @@ Feature: EnvironmentVariable And The setting "type" is set to "environment-variable" And The setting "general-uid_mapping" is set to "REMOTE_USER" And The environment variable "REMOTE_USER" is set to "not-provisioned-user" - When I send a GET request to "http://localhost/index.php/login" - Then I should be redirected to "http://localhost/index.php/apps/dashboard/" + When I send a GET request to "http://localhost:8080/index.php/login" + Then I should be redirected to "http://localhost:8080/index.php/apps/dashboard/" Then The user value "id" should be "not-provisioned-user" And The last login timestamp of "not-provisioned-user" should not be empty @@ -15,8 +15,8 @@ Feature: EnvironmentVariable And The setting "general-require_provisioned_account" is set to "1" And The setting "general-uid_mapping" is set to "REMOTE_USER" And The environment variable "REMOTE_USER" is set to "provisioned-user" - When I send a GET request to "http://localhost/index.php/login" - Then I should be redirected to "http://localhost/index.php/apps/dashboard/" + When I send a GET request to "http://localhost:8080/index.php/login" + Then I should be redirected to "http://localhost:8080/index.php/apps/dashboard/" Then The user value "id" should be "provisioned-user" And The last login timestamp of "provisioned-user" should not be empty @@ -25,5 +25,5 @@ Feature: EnvironmentVariable And The setting "general-require_provisioned_account" is set to "1" And The setting "general-uid_mapping" is set to "REMOTE_USER" And The environment variable "REMOTE_USER" is set to "certainly-not-provisioned-user" - When I send a GET request to "http://localhost/index.php/login" - Then I should be redirected to "http://localhost/index.php/apps/user_saml/saml/notProvisioned" + When I send a GET request to "http://localhost:8080/index.php/login" + Then I should be redirected to "http://localhost:8080/index.php/apps/user_saml/saml/notProvisioned" diff --git a/tests/integration/features/Shibboleth.feature b/tests/integration/features/Shibboleth.feature index ab0636daf..11c8e8d84 100644 --- a/tests/integration/features/Shibboleth.feature +++ b/tests/integration/features/Shibboleth.feature @@ -11,13 +11,13 @@ Feature: Shibboleth And The setting "sp-x509cert" is set to "-----BEGIN CERTIFICATE-----MIIC+zCCAeOgAwIBAgIJAIgZuvWDBIrdMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzAxMDQxMTM5MjFaFw0yNzAxMDIxMTM5MjFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESWaDH1JiJTy9yRJQV7kahPOxgBkIH2xwcYDL1k9deKNhSKLx7aGfxE244+HBcC6WLHKVUnOm0ld2qxQ4bMYiJXzZuqL67r07L5wxGAssv12lO92qohGmlHy3+VzRYUBmovu6upqOv3R2F8HBbo7Jc7Hvt7hOEJn/jPuFuF/fHit3mqU8l6IkrIZjpaW8T9fIWOXRq98U4+hkgWpqEZWsqlfE8BxAs9DeIMZab0GxO9stHLp+GYKx10uE4ezFcaDS8W+g2C8enCTt1HXGvcnj4o5zkC1lITGvcFTsiFqfIWyXeSufcxdc0W7HoG6J3ks0WJyK38sfFn0t2Ao6kX0CAwEAAaNQME4wHQYDVR0OBBYEFAoJzX6TVYAwC1GSPe6nObBG54zaMB8GA1UdIwQYMBaAFAoJzX6TVYAwC1GSPe6nObBG54zaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJia9R70uXdUZtgujUPjLas4+sVajzlBFmqhBqpLAo934vljf9HISsHrPtdBcbS0d0rucqXwabDf0MlR18ksnT/NYpsTwMbMx76CrXi4zYEEW5lISKEO65aIkzVTcqKWSuhjtSnRdB6iOLsFiKmNMWXaIKMR5T0+AbR9wdQgn08W+3EEeHGvafVQfE3STVsSgNb1ft7DvcSUnfPXGU7KzvmTpZa0Hfmc7uY4vpdEEhLAdRhgLReS7USZskov7ooiPSoD+JRFi2gM4klBxTemHdNUa9oFnHMXuYKOkLbkgFvHxyy+QlLq2ELQTga5e7I83ZyOfGctyf8Ul6vGw10vbQ=-----END CERTIFICATE-----" And The setting "sp-privateKey" is set to "-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEA3cRJZoMfUmIlPL3JElBXuRqE87GAGQgfbHBxgMvWT114o2FIovHtoZ/ETbjj4cFwLpYscpVSc6bSV3arFDhsxiIlfNm6ovruvTsvnDEYCyy/XaU73aqiEaaUfLf5XNFhQGai+7q6mo6/dHYXwcFujslzse+3uE4Qmf+M+4W4X98eK3eapTyXoiSshmOlpbxP18hY5dGr3xTj6GSBamoRlayqV8TwHECz0N4gxlpvQbE72y0cun4ZgrHXS4Th7MVxoNLxb6DYLx6cJO3Udca9yePijnOQLWUhMa9wVOyIWp8hbJd5K59zF1zRbsegboneSzRYnIrfyx8WfS3YCjqRfQIDAQABAoIBAQC5CQAdcqZ9vLpJNilBCJxJLCFmm+HAAREHD8MErg9A5UK1P4S1wJp/0qieGPi68wXBOTgY2xKSwMycgb04/+NyZidVRu388takOW/+KNBg8pMxdZ6/05GqnI0kivSbR3CXpYuz8hekwhpo9+fWmKjApsHL47ItK6WaeKmPbAFsq1YJGzfp/DXg7LIvh9GA3C1LWWGV7SuCGOyX/2Moi8xRa7qBtH4hDo/0NRhTx7zjYjlBgNEr330pJUopc3+AtHE40R+xMr2zkGvq9RsCZxYxD2VWbLwQW0yNjWmQ2OTuMgJJvk2+N73QLHcB+tea82ZTszsNzRS9DLtc6qbsKEPZAoGBAO78U3vEuRyY56f/1hpo0xuCDwOkWGzgBQWkjJl6dlyVz/zKkhXBHpEYImyt8XRN0W3iGZYpZ2hCFJGTcDp32R6UiEyGLz0Uc8R/tva/TiRVW1FdNczzSHcB24b9OMK4vE9JLs8mA8Rp8YBgtLr5DDuMfYt/a/rZJbg/HIfIN98nAoGBAO2OInCX93t2I6zzRPIqKtI6q6FYNp64VIQjvw9Y8l0x3IdJZRP9H5C8ZhCeYPsgEqTXcXa4j5hL4rQzoUtxfxflBUUH60bcnd4LGaTCMYLS14G011E3GZlIP0sJi5OjEhy8fq3zt6jVzS9V/lPHB8i+w1D7CbPrMpW7B3k32vC7AoGAX/HvdkYhZyjAAEOG6m1hK68IZhbp5TP+8CgCxm9S65K9wKh3A8LXibrdvzIKOP4w8WOPkCipOkMlTNibeu24vj01hztr5aK7Y40+oEtnjNCz67N3MQQO+LBHOSeaTRqrh01DPKjvZECAU2D/zfzEe3fIw2Nxr3DUYub7hkvMmosCgYAzxbVVypjiLGYsDDyrdmsstCKxoDMPNmcdAVljc+QmUXaZeXJw/8qAVb78wjeqo1vM1zNgR2rsKyW2VkZB1fN39q7GU6qAIBa7zLmDAduegmr7VrlSduq6UFeS9/qWa4TIBICrUqFlR2tXdKtgANF+e6y/mmaL8qdsoH1JetXZfwKBgQC1vscRpdAXivjOOZAh+mzJWzS4BUl4CTJLYYIuOEXikmN5g0EdV2fhUEdkewmyKnXHsd0x83167bYgpTDNs71jUxDHy5NXlg2qIjLkf09X9wr19gBzDApfWzfh3vUqttyMZuQMLVNepGCWM2vjlY9KGl5OvZqY6d+7yO0mLV9GmQ==-----END RSA PRIVATE KEY-----" And The setting "security-wantAssertionsSigned" is set to "1" - When I send a GET request to "http://localhost/index.php/login" + When I send a GET request to "http://localhost:8080/index.php/login" Then I should be redirected to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO" And I send a POST request to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO?execution=e1s1" with the following data |j_username|j_password|_eventId_proceed| |student1 |password | | And The response should be a SAML redirect page that gets submitted - And I should be redirected to "http://localhost/index.php/apps/dashboard/" + And I should be redirected to "http://localhost:8080/index.php/apps/dashboard/" And The user value "id" should be "student1" And The last login timestamp of "student1" should not be empty @@ -33,13 +33,13 @@ Feature: Shibboleth And The setting "sp-x509cert" is set to "-----BEGIN CERTIFICATE-----MIIC+zCCAeOgAwIBAgIJAIgZuvWDBIrdMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzAxMDQxMTM5MjFaFw0yNzAxMDIxMTM5MjFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESWaDH1JiJTy9yRJQV7kahPOxgBkIH2xwcYDL1k9deKNhSKLx7aGfxE244+HBcC6WLHKVUnOm0ld2qxQ4bMYiJXzZuqL67r07L5wxGAssv12lO92qohGmlHy3+VzRYUBmovu6upqOv3R2F8HBbo7Jc7Hvt7hOEJn/jPuFuF/fHit3mqU8l6IkrIZjpaW8T9fIWOXRq98U4+hkgWpqEZWsqlfE8BxAs9DeIMZab0GxO9stHLp+GYKx10uE4ezFcaDS8W+g2C8enCTt1HXGvcnj4o5zkC1lITGvcFTsiFqfIWyXeSufcxdc0W7HoG6J3ks0WJyK38sfFn0t2Ao6kX0CAwEAAaNQME4wHQYDVR0OBBYEFAoJzX6TVYAwC1GSPe6nObBG54zaMB8GA1UdIwQYMBaAFAoJzX6TVYAwC1GSPe6nObBG54zaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJia9R70uXdUZtgujUPjLas4+sVajzlBFmqhBqpLAo934vljf9HISsHrPtdBcbS0d0rucqXwabDf0MlR18ksnT/NYpsTwMbMx76CrXi4zYEEW5lISKEO65aIkzVTcqKWSuhjtSnRdB6iOLsFiKmNMWXaIKMR5T0+AbR9wdQgn08W+3EEeHGvafVQfE3STVsSgNb1ft7DvcSUnfPXGU7KzvmTpZa0Hfmc7uY4vpdEEhLAdRhgLReS7USZskov7ooiPSoD+JRFi2gM4klBxTemHdNUa9oFnHMXuYKOkLbkgFvHxyy+QlLq2ELQTga5e7I83ZyOfGctyf8Ul6vGw10vbQ=-----END CERTIFICATE-----" And The setting "sp-privateKey" is set to "-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEA3cRJZoMfUmIlPL3JElBXuRqE87GAGQgfbHBxgMvWT114o2FIovHtoZ/ETbjj4cFwLpYscpVSc6bSV3arFDhsxiIlfNm6ovruvTsvnDEYCyy/XaU73aqiEaaUfLf5XNFhQGai+7q6mo6/dHYXwcFujslzse+3uE4Qmf+M+4W4X98eK3eapTyXoiSshmOlpbxP18hY5dGr3xTj6GSBamoRlayqV8TwHECz0N4gxlpvQbE72y0cun4ZgrHXS4Th7MVxoNLxb6DYLx6cJO3Udca9yePijnOQLWUhMa9wVOyIWp8hbJd5K59zF1zRbsegboneSzRYnIrfyx8WfS3YCjqRfQIDAQABAoIBAQC5CQAdcqZ9vLpJNilBCJxJLCFmm+HAAREHD8MErg9A5UK1P4S1wJp/0qieGPi68wXBOTgY2xKSwMycgb04/+NyZidVRu388takOW/+KNBg8pMxdZ6/05GqnI0kivSbR3CXpYuz8hekwhpo9+fWmKjApsHL47ItK6WaeKmPbAFsq1YJGzfp/DXg7LIvh9GA3C1LWWGV7SuCGOyX/2Moi8xRa7qBtH4hDo/0NRhTx7zjYjlBgNEr330pJUopc3+AtHE40R+xMr2zkGvq9RsCZxYxD2VWbLwQW0yNjWmQ2OTuMgJJvk2+N73QLHcB+tea82ZTszsNzRS9DLtc6qbsKEPZAoGBAO78U3vEuRyY56f/1hpo0xuCDwOkWGzgBQWkjJl6dlyVz/zKkhXBHpEYImyt8XRN0W3iGZYpZ2hCFJGTcDp32R6UiEyGLz0Uc8R/tva/TiRVW1FdNczzSHcB24b9OMK4vE9JLs8mA8Rp8YBgtLr5DDuMfYt/a/rZJbg/HIfIN98nAoGBAO2OInCX93t2I6zzRPIqKtI6q6FYNp64VIQjvw9Y8l0x3IdJZRP9H5C8ZhCeYPsgEqTXcXa4j5hL4rQzoUtxfxflBUUH60bcnd4LGaTCMYLS14G011E3GZlIP0sJi5OjEhy8fq3zt6jVzS9V/lPHB8i+w1D7CbPrMpW7B3k32vC7AoGAX/HvdkYhZyjAAEOG6m1hK68IZhbp5TP+8CgCxm9S65K9wKh3A8LXibrdvzIKOP4w8WOPkCipOkMlTNibeu24vj01hztr5aK7Y40+oEtnjNCz67N3MQQO+LBHOSeaTRqrh01DPKjvZECAU2D/zfzEe3fIw2Nxr3DUYub7hkvMmosCgYAzxbVVypjiLGYsDDyrdmsstCKxoDMPNmcdAVljc+QmUXaZeXJw/8qAVb78wjeqo1vM1zNgR2rsKyW2VkZB1fN39q7GU6qAIBa7zLmDAduegmr7VrlSduq6UFeS9/qWa4TIBICrUqFlR2tXdKtgANF+e6y/mmaL8qdsoH1JetXZfwKBgQC1vscRpdAXivjOOZAh+mzJWzS4BUl4CTJLYYIuOEXikmN5g0EdV2fhUEdkewmyKnXHsd0x83167bYgpTDNs71jUxDHy5NXlg2qIjLkf09X9wr19gBzDApfWzfh3vUqttyMZuQMLVNepGCWM2vjlY9KGl5OvZqY6d+7yO0mLV9GmQ==-----END RSA PRIVATE KEY-----" And The setting "security-wantAssertionsSigned" is set to "1" - When I send a GET request to "http://localhost/index.php/login" + When I send a GET request to "http://localhost:8080/index.php/login" Then I should be redirected to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO" And I send a POST request to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO?execution=e1s1" with the following data |j_username|j_password|_eventId_proceed| |student1 |password | | And The response should be a SAML redirect page that gets submitted - And I should be redirected to "http://localhost/index.php/apps/user_saml/saml/notProvisioned" + And I should be redirected to "http://localhost:8080/index.php/apps/user_saml/saml/notProvisioned" Scenario: Authenticating using Shibboleth with SAML and check if user exists on backend and existing user Given A local user with uid "student1" exists @@ -55,13 +55,13 @@ Feature: Shibboleth And The setting "sp-x509cert" is set to "-----BEGIN CERTIFICATE-----MIIC+zCCAeOgAwIBAgIJAIgZuvWDBIrdMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzAxMDQxMTM5MjFaFw0yNzAxMDIxMTM5MjFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESWaDH1JiJTy9yRJQV7kahPOxgBkIH2xwcYDL1k9deKNhSKLx7aGfxE244+HBcC6WLHKVUnOm0ld2qxQ4bMYiJXzZuqL67r07L5wxGAssv12lO92qohGmlHy3+VzRYUBmovu6upqOv3R2F8HBbo7Jc7Hvt7hOEJn/jPuFuF/fHit3mqU8l6IkrIZjpaW8T9fIWOXRq98U4+hkgWpqEZWsqlfE8BxAs9DeIMZab0GxO9stHLp+GYKx10uE4ezFcaDS8W+g2C8enCTt1HXGvcnj4o5zkC1lITGvcFTsiFqfIWyXeSufcxdc0W7HoG6J3ks0WJyK38sfFn0t2Ao6kX0CAwEAAaNQME4wHQYDVR0OBBYEFAoJzX6TVYAwC1GSPe6nObBG54zaMB8GA1UdIwQYMBaAFAoJzX6TVYAwC1GSPe6nObBG54zaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJia9R70uXdUZtgujUPjLas4+sVajzlBFmqhBqpLAo934vljf9HISsHrPtdBcbS0d0rucqXwabDf0MlR18ksnT/NYpsTwMbMx76CrXi4zYEEW5lISKEO65aIkzVTcqKWSuhjtSnRdB6iOLsFiKmNMWXaIKMR5T0+AbR9wdQgn08W+3EEeHGvafVQfE3STVsSgNb1ft7DvcSUnfPXGU7KzvmTpZa0Hfmc7uY4vpdEEhLAdRhgLReS7USZskov7ooiPSoD+JRFi2gM4klBxTemHdNUa9oFnHMXuYKOkLbkgFvHxyy+QlLq2ELQTga5e7I83ZyOfGctyf8Ul6vGw10vbQ=-----END CERTIFICATE-----" And The setting "sp-privateKey" is set to "-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEA3cRJZoMfUmIlPL3JElBXuRqE87GAGQgfbHBxgMvWT114o2FIovHtoZ/ETbjj4cFwLpYscpVSc6bSV3arFDhsxiIlfNm6ovruvTsvnDEYCyy/XaU73aqiEaaUfLf5XNFhQGai+7q6mo6/dHYXwcFujslzse+3uE4Qmf+M+4W4X98eK3eapTyXoiSshmOlpbxP18hY5dGr3xTj6GSBamoRlayqV8TwHECz0N4gxlpvQbE72y0cun4ZgrHXS4Th7MVxoNLxb6DYLx6cJO3Udca9yePijnOQLWUhMa9wVOyIWp8hbJd5K59zF1zRbsegboneSzRYnIrfyx8WfS3YCjqRfQIDAQABAoIBAQC5CQAdcqZ9vLpJNilBCJxJLCFmm+HAAREHD8MErg9A5UK1P4S1wJp/0qieGPi68wXBOTgY2xKSwMycgb04/+NyZidVRu388takOW/+KNBg8pMxdZ6/05GqnI0kivSbR3CXpYuz8hekwhpo9+fWmKjApsHL47ItK6WaeKmPbAFsq1YJGzfp/DXg7LIvh9GA3C1LWWGV7SuCGOyX/2Moi8xRa7qBtH4hDo/0NRhTx7zjYjlBgNEr330pJUopc3+AtHE40R+xMr2zkGvq9RsCZxYxD2VWbLwQW0yNjWmQ2OTuMgJJvk2+N73QLHcB+tea82ZTszsNzRS9DLtc6qbsKEPZAoGBAO78U3vEuRyY56f/1hpo0xuCDwOkWGzgBQWkjJl6dlyVz/zKkhXBHpEYImyt8XRN0W3iGZYpZ2hCFJGTcDp32R6UiEyGLz0Uc8R/tva/TiRVW1FdNczzSHcB24b9OMK4vE9JLs8mA8Rp8YBgtLr5DDuMfYt/a/rZJbg/HIfIN98nAoGBAO2OInCX93t2I6zzRPIqKtI6q6FYNp64VIQjvw9Y8l0x3IdJZRP9H5C8ZhCeYPsgEqTXcXa4j5hL4rQzoUtxfxflBUUH60bcnd4LGaTCMYLS14G011E3GZlIP0sJi5OjEhy8fq3zt6jVzS9V/lPHB8i+w1D7CbPrMpW7B3k32vC7AoGAX/HvdkYhZyjAAEOG6m1hK68IZhbp5TP+8CgCxm9S65K9wKh3A8LXibrdvzIKOP4w8WOPkCipOkMlTNibeu24vj01hztr5aK7Y40+oEtnjNCz67N3MQQO+LBHOSeaTRqrh01DPKjvZECAU2D/zfzEe3fIw2Nxr3DUYub7hkvMmosCgYAzxbVVypjiLGYsDDyrdmsstCKxoDMPNmcdAVljc+QmUXaZeXJw/8qAVb78wjeqo1vM1zNgR2rsKyW2VkZB1fN39q7GU6qAIBa7zLmDAduegmr7VrlSduq6UFeS9/qWa4TIBICrUqFlR2tXdKtgANF+e6y/mmaL8qdsoH1JetXZfwKBgQC1vscRpdAXivjOOZAh+mzJWzS4BUl4CTJLYYIuOEXikmN5g0EdV2fhUEdkewmyKnXHsd0x83167bYgpTDNs71jUxDHy5NXlg2qIjLkf09X9wr19gBzDApfWzfh3vUqttyMZuQMLVNepGCWM2vjlY9KGl5OvZqY6d+7yO0mLV9GmQ==-----END RSA PRIVATE KEY-----" And The setting "security-wantAssertionsSigned" is set to "1" - When I send a GET request to "http://localhost/index.php/login" + When I send a GET request to "http://localhost:8080/index.php/login" Then I should be redirected to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO" And I send a POST request to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO?execution=e1s1" with the following data |j_username|j_password|_eventId_proceed| |student1 |password | | And The response should be a SAML redirect page that gets submitted - And I should be redirected to "http://localhost/index.php/apps/dashboard/" + And I should be redirected to "http://localhost:8080/index.php/apps/dashboard/" Then The user value "id" should be "student1" Then The user value "email" should be "" And The user value "display-name" should be "Default displayname of student1" @@ -80,13 +80,13 @@ Feature: Shibboleth And The setting "security-wantAssertionsSigned" is set to "1" And The setting "saml-attribute-mapping-email_mapping" is set to "urn:oid:0.9.2342.19200300.100.1.3" And The setting "saml-attribute-mapping-displayName_mapping" is set to "urn:oid:2.5.4.42 urn:oid:2.5.4.4" - When I send a GET request to "http://localhost/index.php/login" + When I send a GET request to "http://localhost:8080/index.php/login" Then I should be redirected to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO" And I send a POST request to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO?execution=e1s1" with the following data |j_username|j_password|_eventId_proceed| |student1 |password | | And The response should be a SAML redirect page that gets submitted - And I should be redirected to "http://localhost/index.php/apps/dashboard/" + And I should be redirected to "http://localhost:8080/index.php/apps/dashboard/" And The user value "id" should be "student1" And The user value "email" should be "student1@idptestbed.edu" And The user value "display-name" should be "Stud Ent" @@ -105,13 +105,13 @@ Feature: Shibboleth And The setting "security-wantAssertionsSigned" is set to "1" And The setting "saml-attribute-mapping-email_mapping" is set to "urn:oid:0.9.2342.19200300.100.1.3" And The setting "saml-attribute-mapping-displayName_mapping" is set to "urn:oid:2.5.4.42 urn:oid:2.5.4.4" - When I send a GET request to "http://localhost/index.php/settings/help" + When I send a GET request to "http://localhost:8080/index.php/settings/help" Then I should be redirected to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO" And I send a POST request to "https://localhost:4443/idp/profile/SAML2/Redirect/SSO?execution=e1s1" with the following data |j_username|j_password|_eventId_proceed| |student1 |password | | And The response should be a SAML redirect page that gets submitted - And I should be redirected to "http://localhost/index.php/settings/help" + And I should be redirected to "http://localhost:8080/index.php/settings/help" And The user value "id" should be "student1" And The user value "email" should be "student1@idptestbed.edu" And The user value "display-name" should be "Stud Ent" diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index a5a1c4e72..db784a40a 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -30,6 +30,9 @@ class FeatureContext implements Context { /** @var array */ private $changedSettings = []; + private const ENV_CONFIG_FILE = __DIR__ . '/../../../../../../config/env.config.php'; + private const MAIN_CONFIG_FILE = __DIR__ . '/../../../../../../config/config.php'; + public function __construct() { date_default_timezone_set('Europe/Berlin'); } @@ -56,18 +59,21 @@ public function after() { foreach ($users as $user) { shell_exec( sprintf( - 'sudo -u apache %s %s user:delete %s', + '%s %s user:delete %s', PHP_BINARY, __DIR__ . '/../../../../../../occ', $user ) ); + if (file_exists(self::ENV_CONFIG_FILE)) { + unlink(self::ENV_CONFIG_FILE); + } } foreach ($this->changedSettings as $setting) { shell_exec( sprintf( - 'sudo -u apache %s %s config:app:delete user_saml %s', + '%s %s config:app:delete user_saml %s', PHP_BINARY, __DIR__ . '/../../../../../../occ', $setting @@ -77,7 +83,7 @@ public function after() { shell_exec( sprintf( - 'sudo -u apache %s %s saml:config:delete 1', + '%s %s saml:config:delete 1', PHP_BINARY, __DIR__ . '/../../../../../../occ', ) @@ -103,7 +109,7 @@ public function theSettingIsSetTo($settingName, $this->changedSettings[] = $settingName; shell_exec( sprintf( - 'sudo -u apache %s %s config:app:set --value="%s" user_saml %s', + '%s %s config:app:set --value="%s" user_saml %s', PHP_BINARY, __DIR__ . '/../../../../../../occ', $value, @@ -115,7 +121,7 @@ public function theSettingIsSetTo($settingName, shell_exec( sprintf( - 'sudo -u apache %s %s saml:config:set --"%s"="%s" %d', + '%s %s saml:config:set --"%s"="%s" %d', PHP_BINARY, __DIR__ . '/../../../../../../occ', $settingName, @@ -214,7 +220,7 @@ public function theResponseShouldBeASamlRedirectPageThatGetsSubmitted() { $this->response = $this->client->request( 'POST', - 'http://localhost/index.php/apps/user_saml/saml/acs', + 'http://localhost:8080/index.php/apps/user_saml/saml/acs', [ 'form_params' => $postData, ] @@ -231,7 +237,7 @@ public function theResponseShouldBeASamlRedirectPageThatGetsSubmitted() { public function thUserValueShouldBe($key, $value) { $this->response = $this->client->request( 'GET', - 'http://localhost/ocs/v1.php/cloud/user', + 'http://localhost:8080/ocs/v1.php/cloud/user', [ 'headers' => [ 'OCS-APIRequest' => 'true', @@ -266,7 +272,7 @@ public function thUserValueShouldBe($key, $value) { public function aLocalUserWithUidExists($uid) { shell_exec( sprintf( - 'sudo -u apache OC_PASS=password %s %s user:add %s --display-name "Default displayname of '.$uid.'" --password-from-env', + 'OC_PASS=password %s %s user:add %s --display-name "Default displayname of '.$uid.'" --password-from-env', PHP_BINARY, __DIR__ . '/../../../../../../occ', $uid @@ -283,7 +289,7 @@ public function aLocalUserWithUidExists($uid) { public function theLastLoginTimestampOfShouldNotBeEmpty($uid) { $response = shell_exec( sprintf( - 'sudo -u apache OC_PASS=password %s %s user:lastseen %s', + 'OC_PASS=password %s %s user:lastseen %s', PHP_BINARY, __DIR__ . '/../../../../../../occ', $uid @@ -301,6 +307,14 @@ public function theLastLoginTimestampOfShouldNotBeEmpty($uid) { * @Given The environment variable :key is set to :value */ public function theEnvironmentVariableIsSetTo($key, $value) { - file_put_contents(__DIR__ . '/../../../../../../.htaccess', "\nSetEnv $key $value\n", FILE_APPEND); + // Attention, this works currently for one value only. It generates an + // extra config file that injects the value to $_SERVER (as used in + // `SAMLController::login()`), so that it stays across requests in PHPs + // built-in server. + $envConfigPhp = <<