forked from dani-garcia/vaultwarden
-
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow SSO role mapping to add admin cookie
Co-authored-by: Fabian Fischer <[email protected]>
- Loading branch information
Showing
14 changed files
with
310 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
FROM registry.access.redhat.com/ubi9 AS ubi-micro-build | ||
|
||
RUN dnf install -y wget && wget -O /root/jq https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 && chmod +x /root/jq | ||
|
||
FROM quay.io/keycloak/keycloak | ||
COPY --from=ubi-micro-build /root/jq /usr/bin/jq | ||
|
||
COPY keycloak_setup.sh /root/keycloak_setup.sh | ||
|
||
ENTRYPOINT ["/root/keycloak_setup.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
import { test, expect, type TestInfo } from '@playwright/test'; | ||
|
||
import * as utils from "../global-utils"; | ||
import { logNewUser, logUser } from './setups/sso'; | ||
|
||
let users = utils.loadEnv(); | ||
|
||
test.beforeAll('Setup', async ({ browser }, testInfo: TestInfo) => { | ||
await utils.startVaultwarden(browser, testInfo, { | ||
SSO_ENABLED: true, | ||
SSO_ONLY: true, | ||
SSO_ROLES_ENABLED: true, | ||
SSO_ROLES_DEFAULT_TO_USER: false, | ||
SSO_SCOPES: "email profile roles", | ||
SSO_FRONTEND: "override", | ||
}); | ||
}); | ||
|
||
test.afterAll('Teardown', async ({}) => { | ||
utils.stopVaultwarden(); | ||
}); | ||
|
||
test('admin have access to vault/admin page', async ({ page }) => { | ||
await logNewUser(test, page, users.user1, { override: true }); | ||
|
||
await page.goto('/admin'); | ||
|
||
await expect(page.getByRole('heading', { name: 'Configuration' })).toBeVisible(); | ||
}); | ||
|
||
test('user have access to vault', async ({ page }) => { | ||
await logNewUser(test, page, users.user2, { override: true }); | ||
|
||
await page.goto('/admin'); | ||
|
||
await expect(page.getByRole('heading', { name: 'You do not have access' })).toBeVisible(); | ||
}); | ||
|
||
test('No role cannot log', async ({ page }) => { | ||
|
||
await test.step('Landing page', async () => { | ||
await page.goto('/'); | ||
await page.getByRole('button', { name: 'Log in'}).click(); | ||
}); | ||
|
||
await test.step('Keycloak login', async () => { | ||
await expect(page.getByRole('heading', { name: 'Sign in to your account' })).toBeVisible(); | ||
await page.getByLabel(/Username/).fill(users.user3.name); | ||
await page.getByLabel('Password', { exact: true }).fill(users.user3.password); | ||
await page.getByRole('button', { name: 'Sign In' }).click(); | ||
}); | ||
|
||
await test.step('Auth failed', async () => { | ||
await expect(page).toHaveTitle('Vaultwarden Web'); | ||
await expect(page.getByTestId("toast-message")).toHaveText(/Invalid user role/); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.