Skip to content

Commit

Permalink
Merge pull request #207 from silinternational/feature/always-material
Browse files Browse the repository at this point in the history
use material module for all tests
  • Loading branch information
briskt authored May 30, 2024
2 parents 291e21e + 24fd66b commit 6f20c17
Show file tree
Hide file tree
Showing 14 changed files with 108 additions and 39 deletions.
4 changes: 2 additions & 2 deletions actions-services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ services:
PROFILE_URL_FOR_TESTS: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub"
SECURE_COOKIE: "false"
SHOW_SAML_ERRORS: "true"
THEME_USE: "default"
THEME_USE: "material:material"
MYSQL_HOST: "db"
MYSQL_DATABASE: "silauth"
MYSQL_USER: "silauth"
Expand Down Expand Up @@ -261,7 +261,7 @@ services:
SHOW_SAML_ERRORS: "true"
SAML20_IDP_ENABLE: "false"
ADMIN_PROTECT_INDEX_PAGE: "false"
THEME_USE: default
THEME_USE: "material:material"

# the broker and brokerDb containers are used by the silauth module
broker:
Expand Down
3 changes: 3 additions & 0 deletions development/idp-local/config/authsources.php
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@
'mail' => ['[email protected]'],
'employeeNumber' => ['44444'],
'cn' => ['MISSING_EXP'],
'mfa' => [
'prompt' => 'no',
],
],

// expirychecker test user whose password expiry is invalid
Expand Down
2 changes: 1 addition & 1 deletion development/idp3-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
$SESSION_COOKIE_LIFETIME = (int)(Env::get('SESSION_COOKIE_LIFETIME', 0));
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$THEME_USE = Env::get('THEME_USE', 'material:material');
$MEMCACHE_STORE_EXPIRES = (int)(Env::get('MEMCACHE_STORE_EXPIRES', (36 * 60 * 60))); // 36 hours.
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);
Expand Down
2 changes: 1 addition & 1 deletion development/sp-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
$SESSION_COOKIE_LIFETIME = (int)(Env::get('SESSION_COOKIE_LIFETIME', 0));
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$THEME_USE = Env::get('THEME_USE', 'material:material');
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down
2 changes: 1 addition & 1 deletion development/sp2-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
$SESSION_COOKIE_LIFETIME = (int)(Env::get('SESSION_COOKIE_LIFETIME', 0));
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$THEME_USE = Env::get('THEME_USE', 'material:material');
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down
2 changes: 1 addition & 1 deletion development/sp3-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
$SESSION_COOKIE_LIFETIME = (int)(Env::get('SESSION_COOKIE_LIFETIME', 0));
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$THEME_USE = Env::get('THEME_USE', 'material:material');
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down
4 changes: 2 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ services:
PROFILE_URL_FOR_TESTS: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub"
SECURE_COOKIE: "false"
SHOW_SAML_ERRORS: "true"
THEME_USE: "default"
THEME_USE: "material:material"
SESSION_STORE_TYPE: "sql"
MYSQL_HOST: "db"
MYSQL_DATABASE: "silauth"
Expand Down Expand Up @@ -372,7 +372,7 @@ services:
SHOW_SAML_ERRORS: "true"
SAML20_IDP_ENABLE: "false"
ADMIN_PROTECT_INDEX_PAGE: "false"
THEME_USE: material:material
THEME_USE: "material:material"

# the broker and brokerDb containers are used by the silauth module
broker:
Expand Down
4 changes: 2 additions & 2 deletions features/Sp1Idp1Sp2Idp2Sp3.feature
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@ Feature: Ensure I can login to Sp1 through Idp1, must login to Sp2 through Idp2
Scenario: Logout of IDP1
Given I have authenticated with IDP1 for SP1
When I log out of IDP1
Then I should see "You have been logged out."
Then I should see "You have now been logged out."

Scenario: Logout of IDP2
Given I have authenticated with IDP2 for SP2
When I log out of IDP2
Then I should see "You have been logged out."
Then I should see "You have now been logged out."
2 changes: 1 addition & 1 deletion features/bootstrap/ExpiryContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ public function iProvideCredentialsThatHaveNoPasswordExpirationDate()
public function iShouldSeeAnErrorMessage()
{
$page = $this->session->getPage();
Assert::assertContains('Unhandled exception', $page->getHtml());
Assert::assertContains('An error occurred', $page->getHtml());
}

/**
Expand Down
28 changes: 16 additions & 12 deletions features/bootstrap/MfaContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ public function iShouldSeeAPromptForABackupCode()
{
$page = $this->session->getPage();
$pageHtml = $page->getHtml();
Assert::assertContains('<h2>Printable Backup Code</h2>', $pageHtml);
Assert::assertContains('Printable code', $pageHtml);
Assert::assertContains('Enter code', $pageHtml);
}

Expand All @@ -171,7 +171,7 @@ public function iShouldSeeAPromptForATotpCode()
{
$page = $this->session->getPage();
$pageHtml = $page->getHtml();
Assert::assertContains('<h2>Smartphone App</h2>', $pageHtml);
Assert::assertContains('Authenticator app', $pageHtml);
Assert::assertContains('Enter 6-digit code', $pageHtml);
}

Expand All @@ -191,7 +191,7 @@ public function iProvideCredentialsThatNeedMfaAndHaveUfAvailable()
public function iShouldSeeAPromptForAWebAuthn()
{
$page = $this->session->getPage();
Assert::assertContains('<h2>USB Security Key</h2>', $page->getHtml());
Assert::assertContains('Security key', $page->getHtml());
}

protected function submitMfaValue($mfaValue)
Expand All @@ -207,8 +207,10 @@ protected function submitMfaValue($mfaValue)
*/
public function iSubmitACorrectBackupCode()
{
if (! $this->pageContainsElementWithText('h2', 'Printable Backup Code')) {
$this->clickLink('backupcode');
if (! $this->pageContainsElementWithText('h1', 'Printable code')) {
// find image of the backup code option presented in other_mfas.php
$printableCodeOption = $this->session->getPage()->find('css', 'img[src=mfa-backupcode\002Esvg]');
$printableCodeOption->click();
}
$this->submitMfaValue(FakeIdBrokerClient::CORRECT_VALUE);
}
Expand Down Expand Up @@ -344,7 +346,7 @@ public function iShouldSeeAMessageThatIAmRunningLowOnBackupCodes()
{
$page = $this->session->getPage();
Assert::assertContains(
'You are almost out of Printable Backup Codes',
'Almost out of printable codes',
$page->getHtml()
);
}
Expand Down Expand Up @@ -375,7 +377,7 @@ public function iShouldSeeAMessageThatIHaveUsedUpMyBackupCodes()
{
$page = $this->session->getPage();
Assert::assertContains(
'You just used your last Printable Backup Code',
'Last printable code used',
$page->getHtml()
);
}
Expand Down Expand Up @@ -405,7 +407,7 @@ public function iShouldBeToldIOnlyHaveBackupCodesLeft($numRemaining)
{
$page = $this->session->getPage();
Assert::assertContains(
'You only have ' . $numRemaining . ' remaining',
'You only have ' . $numRemaining . ' more left',
$page->getHtml()
);
}
Expand All @@ -417,7 +419,7 @@ public function iShouldBeGivenMoreBackupCodes()
{
$page = $this->session->getPage();
Assert::assertContains(
'Here are your new Printable Backup Codes',
'New printable codes',
$page->getContent()
);
}
Expand Down Expand Up @@ -610,7 +612,7 @@ public function theUserHasAManagerEmail()
public function iShouldSeeALinkToSendACodeToTheUsersManager()
{
$page = $this->session->getPage();
Assert::assertContains('Can\'t use any of your 2-Step Verification options', $page->getContent());
Assert::assertContains('I need help', $page->getContent());
}

/**
Expand All @@ -637,7 +639,9 @@ public function iShouldNotSeeALinkToSendACodeToTheUsersManager()
*/
public function iClickTheRequestAssistanceLink()
{
$this->clickLink('Click here');
// find image of the recovery contact option presented in prompt_for_mfa_manager.php
$printableCodeOption = $this->session->getPage()->find('css', 'img[src=mfa-manager\002Esvg]');
$printableCodeOption->click();
}

/**
Expand All @@ -655,7 +659,7 @@ public function iShouldSeeAPromptForAManagerRescueCode()
{
$page = $this->session->getPage();
$pageHtml = $page->getHtml();
Assert::assertContains('<h2>Manager Rescue Code</h2>', $pageHtml);
Assert::assertContains('Ask Your Recovery Contact for Help', $pageHtml);
Assert::assertContains('Enter code', $pageHtml);
}

Expand Down
58 changes: 52 additions & 6 deletions features/bootstrap/ProfileReviewContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ protected function submitFormByClickingButtonNamed($buttonName)
*/
public function iProvideCredentialsThatDoNotNeedReview()
{
// See `development/idp-local/config/authsources.php` for options.
// Credentials defined in `development/idp-local/config/authsources.php`
$this->username = 'no_review';
$this->password = 'e';
}
Expand All @@ -67,7 +67,7 @@ public function iProvideCredentialsThatDoNotNeedReview()
*/
public function iProvideCredentialsThatAreDueForAReminder($category, $nagType)
{
// See `development/idp-local/config/authsources.php` for options.
// Credentials defined in `development/idp-local/config/authsources.php`
$this->username = $category . '_' . $nagType;
switch ($this->username) {
case 'mfa_add':
Expand All @@ -77,13 +77,19 @@ public function iProvideCredentialsThatAreDueForAReminder($category, $nagType)
case 'method_add':
$this->password = 'g';
break;

case 'profile_review':
$this->password = 'h';
break;
}
}

/**
* @Given I provide credentials that are due for a profile review
*/
public function iProvideCredentialsThatAreDueForAProfileReview()
{
// Credentials defined in `development/idp-local/config/authsources.php`
$this->username = 'profile_review';
$this->password = 'h';
}


protected function pageContainsElementWithText($cssSelector, $text)
{
Expand Down Expand Up @@ -122,6 +128,14 @@ public function iClickTheUpdateProfileButton()
$this->submitFormByClickingButtonNamed('update');
}

/**
* @When I click the :text link
*/
public function iClickTheLink($text)
{
$this->clickLink($text);
}

/**
* @Then I should end up at the update profile URL
*/
Expand All @@ -137,6 +151,29 @@ public function iShouldEndUpAtTheUpdateProfileUrl()
);
}

/**
* @Then I should end up at the update profile URL on a new tab
*/
public function iShouldEndUpAtTheUpdateProfileUrlOnANewTab()
{
$profileUrl = Env::get('PROFILE_URL_FOR_TESTS');
Assert::assertNotEmpty($profileUrl, 'No PROFILE_URL_FOR_TESTS provided');

$windowNames = $this->session->getWindowNames();
Assert::assertGreaterThanOrEqual(2, sizeof($windowNames),
'Expected to see at least 2 windows opened');

foreach ($windowNames as $windowName) {
$this->session->switchToWindow($windowName);
$currentUrl = $this->session->getCurrentUrl();
if ($currentUrl == $profileUrl) {
return;
}
}

Assert::fail('Did NOT end up at the update profile URL');
}

/**
* @Then I should see the message: :message
*/
Expand All @@ -155,6 +192,15 @@ public function thereShouldBeAWayToGoUpdateMyProfileNow()
$this->assertFormContains('name="update"', $page);
}

/**
* @Then there should be a way to go review my profile now
*/
public function thereShouldBeAWayToGoReviewMyProfileNow()
{
$page = $this->session->getPage();
Assert::assertContains('Some of these need updating', $page->getHtml());
}

/**
* @Given I provide credentials for a user that has used the manager mfa option
*/
Expand Down
4 changes: 2 additions & 2 deletions features/bootstrap/SilDiscoContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function iLogOutOfIdp1()
$this->iGoToTheSpLoginPage('SP3');
$this->iClickOnTheTile('IDP 1');
$this->clickLink('Logout');
$this->assertPageContainsText('You have been logged out.');
$this->assertPageContainsText('You have now been logged out.');
}

/**
Expand All @@ -96,7 +96,7 @@ public function iLogOutOfIdp2()
{
$this->iGoToTheSpLoginPage('SP2');
$this->clickLink('Logout');
$this->assertPageContainsText('You have been logged out.');
$this->assertPageContainsText('You have now been logged out.');
}

/**
Expand Down
30 changes: 23 additions & 7 deletions features/profilereview.feature
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,16 @@ Feature: Prompt to review profile information
And there should be a way to continue to my intended destination

Examples:
| category | nag type | message |
| mfa | add | "2-Step Verification" |
| method | add | "alternate email addresses" |
| profile | review | "Please take a moment to review" |
| category | nag type | message |
| mfa | add | "2-Step Verification" |
| method | add | "alternate email address" |

Scenario: Present profile review as required by the user profile
Given I provide credentials that are due for a profile review
When I log in
Then I should see the message: "Are these still correct?"
And there should be a way to go review my profile now
And there should be a way to continue to my intended destination

Scenario Outline: Obeying a reminder
Given I provide credentials that are due for a <category> <nag type> reminder
Expand All @@ -31,7 +37,12 @@ Feature: Prompt to review profile information
| category | nag type |
| mfa | add |
| method | add |
| profile | review |

Scenario: Obeying a profile review reminder
Given I provide credentials that are due for a profile review
And I have logged in
When I click the "Some of these need updating" link
Then I should end up at the update profile URL on a new tab

Scenario Outline: Ignoring a reminder
Given I provide credentials that are due for a <category> <nag type> reminder
Expand All @@ -43,10 +54,15 @@ Feature: Prompt to review profile information
| category | nag type |
| mfa | add |
| method | add |
| profile | review |

Scenario: Ignoring a profile review reminder
Given I provide credentials that are due for a profile review
And I have logged in
When I click the remind-me-later button
Then I should end up at my intended destination

Scenario: Ensuring that manager mfa data is not displayed to the user
Given I provide credentials for a user that has used the manager mfa option
And I have logged in
Then I should see the message: "Please take a moment to review"
Then I should see the message: "Are these still correct?"
And I should not see any manager mfa information
2 changes: 1 addition & 1 deletion modules/mfa/lib/Auth/Process/Mfa.php
Original file line number Diff line number Diff line change
Expand Up @@ -761,7 +761,7 @@ protected static function redirectToLowOnBackupCodesNag(
$numBackupCodesRemaining
) {
$state['employeeId'] = $employeeId;
$state['numBackupCodesRemaining'] = $numBackupCodesRemaining;
$state['numBackupCodesRemaining'] = (string)$numBackupCodesRemaining;

$stateId = State::saveState($state, self::STAGE_SENT_TO_LOW_ON_BACKUP_CODES_NAG);
$url = Module::getModuleURL('mfa/low-on-backup-codes.php');
Expand Down

0 comments on commit 6f20c17

Please sign in to comment.