(test) oauth2 providers

2024-11-28 09:24:24 +01:00 · 2023-01-10 13:09:04 +01:00 · 2023-01-10 13:09:04 +01:00 · f9fc74b2ee
commit f9fc74b2ee
parent 41195ccf30
3 changed files with 156 additions and 39 deletions
--- a/app/controllers/api/auth_providers_controller.rb
+++ b/app/controllers/api/auth_providers_controller.rb
@ -3,7 +3,6 @@
 # API Controller for resources of type AuthProvider
 # AuthProvider are used to connect users through single-sign on systems
 class API::AuthProvidersController < API::ApiController
-
  before_action :set_provider, only: %i[show update destroy]
  def index
    @providers = policy_scope(AuthProvider)
@ -64,13 +63,13 @@ class API::AuthProvidersController < API::ApiController
    user = User.find_by('lower(email) = ?', params[:email]&.downcase)

    if user&.auth_token
-      if AuthProvider.active.providable_type != DatabaseProvider.name
+      if AuthProvider.active.providable_type == DatabaseProvider.name
+        render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
+      else
        NotificationCenter.call type: 'notify_user_auth_migration',
                                receiver: user,
                                attached_object: user
        render json: { status: 'processing' }, status: :ok
-      else
-        render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
      end
    else
      render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request
@ -92,18 +91,18 @@ class API::AuthProvidersController < API::ApiController
                    providable_attributes: %i[id base_url token_endpoint authorization_endpoint
                                              profile_url client_id client_secret scopes],
                    auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
-                                                        :_destroy, transformation: [:type, :format, :true_value, :false_value,
-                                                                                    mapping: %i[from to]]])
+                                                        :_destroy, { transformation: [:type, :format, :true_value, :false_value,
+                                                                                      { mapping: %i[from to] }] }])
    elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
      params.require(:auth_provider)
            .permit(:id, :name, :providable_type,
                    providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
                                            :client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
                                            :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
-                                            scope: []],
+                                            { scope: [] }],
                    auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
-                                                        :_destroy, transformation: [:type, :format, :true_value, :false_value,
-                                                                                    mapping: %i[from to]]])
+                                                        :_destroy, { transformation: [:type, :format, :true_value, :false_value,
+                                                                                      { mapping: %i[from to] }] }])
    end
  end
 end
--- a/test/helpers/auth_provider_helper.rb
+++ b/test/helpers/auth_provider_helper.rb
@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# Provides methods to help authentication providers
+module AuthProviderHelper
+  def github_provider_params(name)
+    {
+      name: name,
+      providable_type: 'OAuth2Provider',
+      providable_attributes: {
+        authorization_endpoint: 'authorize',
+        token_endpoint: 'access_token',
+        base_url: 'https://github.com/login/oauth/',
+        profile_url: 'https://github.com/settings/profile',
+        client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
+        client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
+      },
+      auth_provider_mappings_attributes: [
+        {
+          api_data_type: 'json',
+          api_endpoint: 'https://api.github.com/user',
+          api_field: 'id',
+          local_field: 'uid',
+          local_model: 'user'
+        },
+        {
+          api_data_type: 'json',
+          api_endpoint: 'https://api.github.com/user',
+          api_field: 'html_url',
+          local_field: 'github',
+          local_model: 'profile'
+        }
+      ]
+    }
+  end
+end
--- a/test/integration/auth_providers_test.rb
+++ b/test/integration/auth_providers_test.rb
@ -1,45 +1,22 @@
 # frozen_string_literal: true

 require 'test_helper'
+require 'helpers/auth_provider_helper'

 class AuthProvidersTest < ActionDispatch::IntegrationTest
+  include AuthProviderHelper
+
  def setup
    @admin = User.find_by(username: 'admin')
    login_as(@admin, scope: :user)
+    Fablab::Application.load_tasks if Rake::Task.tasks.empty?
  end

  test 'create an auth external provider and activate it' do
    name = 'GitHub'
    post '/api/auth_providers',
         params: {
-           auth_provider: {
-             name: name,
-             providable_type: 'OAuth2Provider',
-             providable_attributes: {
-               authorization_endpoint: 'authorize',
-               token_endpoint: 'access_token',
-               base_url: 'https://github.com/login/oauth/',
-               profile_url: 'https://github.com/settings/profile',
-               client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
-               client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
-             },
-             auth_provider_mappings_attributes: [
-               {
-                 api_data_type: 'json',
-                 api_endpoint: 'https://api.github.com/user',
-                 api_field: 'id',
-                 local_field: 'uid',
-                 local_model: 'user'
-               },
-               {
-                 api_data_type: 'json',
-                 api_endpoint: 'https://api.github.com/user',
-                 api_field: 'html_url',
-                 local_field: 'github',
-                 local_model: 'profile'
-               }
-             ]
-           }
+           auth_provider: github_provider_params(name)
         }.to_json,
         headers: default_headers

@ -58,8 +35,7 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
    assert_equal 2, provider[:auth_provider_mappings_attributes].length

    # now let's activate this new provider
-    Fablab::Application.load_tasks if Rake::Task.tasks.empty?
-    Rake::Task['fablab:auth:switch_provider'].invoke(name)
+    Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))

    db_provider&.reload
    assert_equal 'active', db_provider&.status
@ -68,4 +44,111 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
      assert_not_nil u.auth_token
    end
  end
+
+  test 'update an authentication provider' do
+    provider = AuthProvider.create!(github_provider_params('GitHub'))
+    patch "/api/auth_providers/#{provider.id}",
+          params: {
+            auth_provider: {
+              providable_type: 'OAuth2Provider',
+              auth_provider_mappings_attributes: [
+                { api_data_type: 'json', api_endpoint: 'https://api.github.com/user',
+                  api_field: 'avatar_url', local_field: 'avatar', local_model: 'profile' }
+              ]
+            }
+          }.to_json,
+          headers: default_headers
+
+    # Check response format & status
+    assert_equal 200, response.status, response.body
+    assert_equal Mime[:json], response.content_type
+
+    provider.reload
+
+    # Check the provider was updated
+    res = json_response(response.body)
+    assert_equal provider.id, res[:id]
+    assert_equal 3, provider.auth_provider_mappings.count
+    assert_not_nil provider.auth_provider_mappings.find_by(api_field: 'avatar_url')
+  end
+
+  test 'build an oauth2 strategy name' do
+    get '/api/auth_providers/strategy_name?providable_type=OAuth2Provider&name=Sleede'
+
+    assert_response :success
+    assert_equal 'oauth2-sleede', response.body
+  end
+
+  test 'build an openid strategy name' do
+    get '/api/auth_providers/strategy_name?providable_type=OpenIdConnectProvider&name=Sleede'
+
+    assert_response :success
+    assert_equal 'openidconnect-sleede', response.body
+  end
+
+  test 'show an authentication provider' do
+    provider = AuthProvider.first
+    get "/api/auth_providers/#{provider.id}"
+
+    # Check response format & status
+    assert_equal 200, response.status, response.body
+    assert_equal Mime[:json], response.content_type
+
+    # Check the provider was updated
+    res = json_response(response.body)
+    assert_equal provider.id, res[:id]
+    assert_equal provider.providable_type, res[:providable_type]
+  end
+
+  test 'show fields available for mapping' do
+    get '/api/auth_providers/mapping_fields'
+
+    assert_equal 200, response.status, response.body
+    assert_equal Mime[:json], response.content_type
+
+    # Check the returned fields
+    res = json_response(response.body)
+    assert_not_empty res[:user]
+    assert_not_empty res[:profile]
+    assert_not res[:user].map(&:first).include?('encrypted_password')
+    assert(res[:user].map(&:last).all? { |type| %w[string boolean integer datetime].include?(type) })
+  end
+
+  test 'get the current active provider' do
+    get '/api/auth_providers/active'
+
+    assert_equal 200, response.status, response.body
+    assert_equal Mime[:json], response.content_type
+
+    # Check the returned fields
+    res = json_response(response.body)
+    assert_equal AuthProvider.active.id, res[:id]
+    assert_nil res[:previous_provider]
+  end
+
+  test 'send auth migration token' do
+    # create an enable an oauth2 provider
+    name = 'TokenTest'
+    AuthProvider.create!(github_provider_params(name))
+    Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))
+
+    # send the migration token
+    user = User.find(10)
+    post '/api/auth_providers/send_code',
+         params: {
+           email: user.email
+         }.to_json,
+         headers: default_headers
+
+    assert_equal 200, response.status, response.body
+    assert_equal Mime[:json], response.content_type
+
+    # check resulting notification
+    notification = Notification.find_by(
+      notification_type_id: NotificationType.find_by_name('notify_user_auth_migration'), # rubocop:disable Rails/DynamicFindBy
+      attached_object_type: 'User',
+      attached_object_id: user.id
+    )
+    assert_not_nil notification, 'user notification was not created'
+  end
 end