e2e: Add denied tests for oauth and oidc provider

This commit is contained in:
Jens Langhammer 2020-07-02 21:55:02 +02:00
parent bead19c64c
commit b30b58924f
5 changed files with 96 additions and 3 deletions

View File

@ -152,7 +152,7 @@ jobs:
- uses: actions/upload-artifact@v2 - uses: actions/upload-artifact@v2
if: failure() if: failure()
with: with:
path: out/ path: selenium_screenshots/
- name: Create XML Report - name: Create XML Report
run: pipenv run coverage xml run: pipenv run coverage xml
- uses: codecov/codecov-action@v1 - uses: codecov/codecov-action@v1

3
.gitignore vendored
View File

@ -196,3 +196,6 @@ local.env.yml
### Helm ### ### Helm ###
# Chart dependencies # Chart dependencies
**/charts/*.tgz **/charts/*.tgz
# Selenium Screenshots
selenium_screenshots/**

View File

@ -11,6 +11,8 @@ from docker.types import Healthcheck
from e2e.utils import USER, SeleniumTestCase from e2e.utils import USER, SeleniumTestCase
from passbook.core.models import Application from passbook.core.models import Application
from passbook.flows.models import Flow from passbook.flows.models import Flow
from passbook.policies.expression.models import ExpressionPolicy
from passbook.policies.models import PolicyBinding
from passbook.providers.oauth.models import OAuth2Provider from passbook.providers.oauth.models import OAuth2Provider
@ -192,3 +194,42 @@ class TestProviderOAuth(SeleniumTestCase):
).get_attribute("value"), ).get_attribute("value"),
USER().username, USER().username,
) )
def test_denied(self):
"""test OAuth Provider flow (default authorization flow, denied)"""
sleep(1)
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-explicit-consent"
)
provider = OAuth2Provider.objects.create(
name="grafana",
client_type=OAuth2Provider.CLIENT_CONFIDENTIAL,
authorization_grant_type=OAuth2Provider.GRANT_AUTHORIZATION_CODE,
client_id=self.client_id,
client_secret=self.client_secret,
redirect_uris="http://localhost:3000/login/github",
skip_authorization=True,
authorization_flow=authorization_flow,
)
app = Application.objects.create(
name="Grafana", slug="grafana", provider=provider,
)
negative_policy = ExpressionPolicy.objects.create(
name="negative-static", expression="return False"
)
PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
self.driver.get("http://localhost:3000")
self.driver.find_element(By.CLASS_NAME, "btn-service--github").click()
self.driver.find_element(By.ID, "id_uid_field").click()
self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
self.wait_for_url(self.url("passbook_flows:denied"))
self.assertEqual(
self.driver.find_element(By.CSS_SELECTOR, "#flow-body > header > h1").text,
"Permission denied",
)

View File

@ -14,6 +14,8 @@ from docker.types import Healthcheck
from e2e.utils import USER, SeleniumTestCase, ensure_rsa_key from e2e.utils import USER, SeleniumTestCase, ensure_rsa_key
from passbook.core.models import Application from passbook.core.models import Application
from passbook.flows.models import Flow from passbook.flows.models import Flow
from passbook.policies.expression.models import ExpressionPolicy
from passbook.policies.models import PolicyBinding
from passbook.providers.oidc.models import OpenIDProvider from passbook.providers.oidc.models import OpenIDProvider
@ -252,3 +254,50 @@ class TestProviderOIDC(SeleniumTestCase):
).get_attribute("value"), ).get_attribute("value"),
USER().email, USER().email,
) )
def test_authorization_denied(self):
"""test OpenID Provider flow (default authorization with access deny)"""
sleep(1)
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-explicit-consent"
)
client = Client.objects.create(
name="grafana",
client_type="confidential",
client_id=self.client_id,
client_secret=self.client_secret,
_redirect_uris="http://localhost:3000/login/generic_oauth",
_scope="openid profile email",
reuse_consent=False,
require_consent=False,
)
# At least one of these objects must exist
ensure_rsa_key()
# This response_code object might exist or not, depending on the order the tests are run
rp_type, _ = ResponseType.objects.get_or_create(value="code")
client.response_types.set([rp_type])
client.save()
provider = OpenIDProvider.objects.create(
oidc_client=client, authorization_flow=authorization_flow,
)
app = Application.objects.create(
name="Grafana", slug="grafana", provider=provider,
)
negative_policy = ExpressionPolicy.objects.create(
name="negative-static", expression="return False"
)
PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
self.driver.get("http://localhost:3000")
self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
self.driver.find_element(By.ID, "id_uid_field").click()
self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
self.wait_for_url(self.url("passbook_flows:denied"))
self.assertEqual(
self.driver.find_element(By.CSS_SELECTOR, "#flow-body > header > h1").text,
"Permission denied",
)

View File

@ -43,7 +43,7 @@ class SeleniumTestCase(StaticLiveServerTestCase):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
makedirs("out", exist_ok=True) makedirs("selenium_screenshots/", exist_ok=True)
self.driver = self._get_driver() self.driver = self._get_driver()
self.driver.maximize_window() self.driver.maximize_window()
self.driver.implicitly_wait(300) self.driver.implicitly_wait(300)
@ -58,7 +58,7 @@ class SeleniumTestCase(StaticLiveServerTestCase):
) )
def tearDown(self): def tearDown(self):
self.driver.save_screenshot(f"out/{self.__class__.__name__}_{time()}.png") self.driver.save_screenshot(f"selenium_screenshots/{self.__class__.__name__}_{time()}.png")
for line in self.driver.get_log("browser"): for line in self.driver.get_log("browser"):
self.logger.warning( self.logger.warning(
line["message"], source=line["source"], level=line["level"] line["message"], source=line["source"], level=line["level"]