Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 6.7.6 - Add test for logging in when WebAuthn API is unusable #347

Merged
merged 22 commits into from
Jun 11, 2024
Merged

Release 6.7.6 - Add test for logging in when WebAuthn API is unusable #347

merged 22 commits into from
Jun 11, 2024

Conversation

forevermatt
Copy link
Contributor

Added

  • Update documentation on how to run just a specific test scenario
  • Add automated tests for trying to log in (authenticate) while WebAuthn MFA API is unusable

Changed (non-breaking)

  • Move the authentication tests to their own test suite

Fixed

  • Simplify the list of paths in the behat.yml file

forevermatt and others added 22 commits May 22, 2024 11:11
@forevermatt
Draft a test scenario for logging in when the WebAuthn MFA is down
a5f6ee9
@forevermatt
Add a response-code check
e2b723d
@forevermatt
Set up a new context class for authentication-specific test steps
f648d25
@forevermatt
Simplify the list of paths in the behat.yml file
8112bd4
@forevermatt
Remove authentication from common_features now that it has its own suite
53bc1e6
@forevermatt
Refactor test scenario to more closely align with existing test steps
9bbdbdf
@forevermatt
Update documentation on how to run just a specific test scenario
3e93a9f
@forevermatt
Begin implementing test for logging in while WebAuthn MFA API is down
7c4d796
@forevermatt
Switch to using Mfa::create() for the TOTP
4bf1bbc
@forevermatt
Stop trying to add a TOTP method
360b813
@forevermatt
Use the U2F-simulator (like other tests) for adding a WebAuthn MFA
331e827
@forevermatt
Get the test to successfully verify the WebAuthn MFA option
96d3bb5
@forevermatt
Clean up the userHasAValidWebauthnMfaMethod() test step's code
cd87e49
@forevermatt
Get the test to (with manual intervention) work
3aeff02
@forevermatt
Update test to automatically change the local WebAuthn MFA API's secret
ed3b7ea
@forevermatt
Remove temp code
4f15d8f
@forevermatt
Test both cases (right/wrong password for WebAuthn MFA API)
6e49e09
@forevermatt
Clean up the test code for readability
3f8d3a3
@forevermatt
Improve the name of the test scenario
58b2cfc
@forevermatt
Update actions-services.yml to have new env. vars. needed by new test
2ed1752
@forevermatt
Always use bcrypt to hash the WebAuthn MFA API's api secret
76e3415 
Our MFA APIs use bcrypt for that, and at some point the
`PASSWORD_DEFAULT` may change for PHP. This commit's code change
protects this code from breaking when the default PHP password hashing
algorithm does change.
@forevermatt
Merge pull request #346 from silinternational/feature/IDP-1010-test-l…
3679ae3 
…ogin-with-mfa-api-down

[IDP-1010] Add automated tests for trying to log in (authenticate) while WebAuthn MFA API is unusable
@forevermatt forevermatt requested a review from a team June 4, 2024 20:01
@forevermatt forevermatt merged commit eaf813f into main Jun 11, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briskt briskt briskt approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@forevermatt @briskt