fixed mfa.feature:19 test scenario by defining a new pwmanager service

silinternational · May 10, 2024 · e807732 · e807732
1 parent f9ed450
commit e807732
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 15 deletions.
diff --git a/actions-services.yml b/actions-services.yml
@@ -7,10 +7,11 @@ services:
       - ssp-idp1.local
       - ssp-idp2.local
       - ssp-sp1.local
+      - pwmanager.local
       - test-browser
     environment:
       - PROFILE_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub
-      - MFA_SETUP_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub
+      - MFA_SETUP_URL_FOR_TESTS=http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
       - [email protected]
       - ADMIN_PASS=b
       - SECRET_SALT=abc123
@@ -94,8 +95,8 @@ services:
       ID_BROKER_ASSERT_VALID_IP: "false"
       ID_BROKER_BASE_URI: "dummy"
       ID_BROKER_TRUSTED_IP_RANGES: "192.168.0.1/8"
-      MFA_SETUP_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
-      MFA_SETUP_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub"
+      MFA_SETUP_URL: "http://pwmanager.local:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
+      MFA_SETUP_URL_FOR_TESTS: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub"
       REMEMBER_ME_SECRET: "12345"
       PROFILE_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
       PROFILE_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub"
@@ -155,3 +156,25 @@ services:
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
       ADMIN_PROTECT_INDEX_PAGE: "false"
+
+  pwmanager.local:
+    image: silintl/ssp-base:develop
+    volumes:
+      # Utilize custom certs
+      - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+
+      # Utilize custom configs
+      - ./development/sp-local/config/authsources-pwmanager.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+
+      # Utilize custom metadata
+      - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
+    environment:
+      - [email protected]
+      - ADMIN_PASS=sp1
+      - IDP_NAME=THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
+      - SECRET_SALT=NOT-a-secret-k49fjfkw73hjf9t87wjiw
+      - SECURE_COOKIE=false
+      - SHOW_SAML_ERRORS=true
+      - SAML20_IDP_ENABLE=false
+      - ADMIN_PROTECT_INDEX_PAGE=false
+      - THEME_USE=default
diff --git a/development/sp-local/config/authsources-pwmanager.php b/development/sp-local/config/authsources-pwmanager.php
@@ -0,0 +1,28 @@
+<?php
+
+$config = [
+
+    // This is a authentication source which handles admin authentication.
+    'admin' => [
+        // The default is to use core:AdminPassword, but it can be replaced with
+        // any authentication source.
+
+        'core:AdminPassword',
+    ],
+
+    'mfa-idp' => [
+        'saml:SP',
+        'entityID' => 'http://pwmanager.local:8083',
+        'idp' => 'http://ssp-idp1.local:8085',
+        'discoURL' => null,
+        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+    ],
+
+    'mfa-idp-no-port' => [
+        'saml:SP',
+        'entityID' => 'http://pwmanager.local',
+        'idp' => 'http://ssp-idp1.local',
+        'discoURL' => null,
+        'NameIDPolicy' => "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+    ],
+];
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -40,11 +40,12 @@ services:
       - ssp-idp1.local
       - ssp-idp2.local
       - ssp-sp1.local
+      - pwmanager.local
       - test-browser
     environment:
       - COMPOSER_CACHE_DIR=/composer
       - PROFILE_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub
-      - MFA_SETUP_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub
+      - MFA_SETUP_URL_FOR_TESTS=http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
       - [email protected]
       - ADMIN_PASS=b
       - SECRET_SALT=abc123
@@ -171,8 +172,8 @@ services:
       ID_BROKER_ASSERT_VALID_IP: "false"
       ID_BROKER_BASE_URI: "dummy"
       ID_BROKER_TRUSTED_IP_RANGES: "192.168.0.1/8"
-      MFA_SETUP_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
-      MFA_SETUP_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub"
+      MFA_SETUP_URL: "http://pwmanager.local:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
+      MFA_SETUP_URL_FOR_TESTS: "http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub"
       REMEMBER_ME_SECRET: "12345"
       PROFILE_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
       PROFILE_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub"
@@ -273,7 +274,31 @@ services:
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
       ADMIN_PROTECT_INDEX_PAGE: "false"
-
+
+  pwmanager.local:
+    image: silintl/ssp-base:develop
+    volumes:
+      # Utilize custom certs
+      - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
+
+      # Utilize custom configs
+      - ./development/sp-local/config/authsources-pwmanager.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
+
+      # Utilize custom metadata
+      - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
+    ports:
+      - "8083:80"
+    environment:
+      - [email protected]
+      - ADMIN_PASS=sp1
+      - IDP_NAME=THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
+      - SECRET_SALT=NOT-a-secret-k49fjfkw73hjf9t87wjiw
+      - SECURE_COOKIE=false
+      - SHOW_SAML_ERRORS=true
+      - SAML20_IDP_ENABLE=false
+      - ADMIN_PROTECT_INDEX_PAGE=false
+      - THEME_USE=default
+
 networks:
   default:
     driver: bridge

diff --git a/features/bootstrap/MfaContext.php b/features/bootstrap/MfaContext.php
@@ -419,9 +419,9 @@ public function thereShouldNotBeAWayToContinueToMyIntendedDestination()
      */
     public function iShouldNotBeAbleToGetToMyIntendedDestination()
     {
-        $this->session->visit($this->nonPwManagerUrl);
+        $this->session->visit(self::SP1_LOGIN_PAGE);
         Assert::assertStringStartsNotWith(
-            $this->nonPwManagerUrl,
+            self::SP1_LOGIN_PAGE,
             $this->session->getCurrentUrl(),
             'Failed to prevent me from getting to SPs other than the MFA setup URL'
         );

diff --git a/features/mfa.feature b/features/mfa.feature
@@ -16,12 +16,12 @@ Feature: Prompt for MFA credentials
       And there should be a way to go set up MFA now
       And there should NOT be a way to continue to my intended destination
 
-#  Scenario: Following the requirement to go set up MFA
-#    Given I provide credentials that need MFA but have no MFA options available
-#      And I login
-#    When I click the set-up-MFA button
-#    Then I should end up at the mfa-setup URL
-#      And I should NOT be able to get to my intended destination
+  Scenario: Following the requirement to go set up MFA
+    Given I provide credentials that need MFA but have no MFA options available
+      And I login
+    When I click the set-up-MFA button
+    Then I should end up at the mfa-setup URL
+      And I should NOT be able to get to my intended destination
 
   Scenario: Needs MFA, has backup code option available
     Given I provide credentials that need MFA and have backup codes available