mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2024-12-01 12:24:28 +01:00
(test) oauth2 providers
This commit is contained in:
parent
41195ccf30
commit
f9fc74b2ee
@ -3,7 +3,6 @@
|
|||||||
# API Controller for resources of type AuthProvider
|
# API Controller for resources of type AuthProvider
|
||||||
# AuthProvider are used to connect users through single-sign on systems
|
# AuthProvider are used to connect users through single-sign on systems
|
||||||
class API::AuthProvidersController < API::ApiController
|
class API::AuthProvidersController < API::ApiController
|
||||||
|
|
||||||
before_action :set_provider, only: %i[show update destroy]
|
before_action :set_provider, only: %i[show update destroy]
|
||||||
def index
|
def index
|
||||||
@providers = policy_scope(AuthProvider)
|
@providers = policy_scope(AuthProvider)
|
||||||
@ -64,13 +63,13 @@ class API::AuthProvidersController < API::ApiController
|
|||||||
user = User.find_by('lower(email) = ?', params[:email]&.downcase)
|
user = User.find_by('lower(email) = ?', params[:email]&.downcase)
|
||||||
|
|
||||||
if user&.auth_token
|
if user&.auth_token
|
||||||
if AuthProvider.active.providable_type != DatabaseProvider.name
|
if AuthProvider.active.providable_type == DatabaseProvider.name
|
||||||
|
render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
|
||||||
|
else
|
||||||
NotificationCenter.call type: 'notify_user_auth_migration',
|
NotificationCenter.call type: 'notify_user_auth_migration',
|
||||||
receiver: user,
|
receiver: user,
|
||||||
attached_object: user
|
attached_object: user
|
||||||
render json: { status: 'processing' }, status: :ok
|
render json: { status: 'processing' }, status: :ok
|
||||||
else
|
|
||||||
render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
|
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request
|
render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request
|
||||||
@ -92,18 +91,18 @@ class API::AuthProvidersController < API::ApiController
|
|||||||
providable_attributes: %i[id base_url token_endpoint authorization_endpoint
|
providable_attributes: %i[id base_url token_endpoint authorization_endpoint
|
||||||
profile_url client_id client_secret scopes],
|
profile_url client_id client_secret scopes],
|
||||||
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
||||||
:_destroy, transformation: [:type, :format, :true_value, :false_value,
|
:_destroy, { transformation: [:type, :format, :true_value, :false_value,
|
||||||
mapping: %i[from to]]])
|
{ mapping: %i[from to] }] }])
|
||||||
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
||||||
params.require(:auth_provider)
|
params.require(:auth_provider)
|
||||||
.permit(:id, :name, :providable_type,
|
.permit(:id, :name, :providable_type,
|
||||||
providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
|
providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
|
||||||
:client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
|
:client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
|
||||||
:client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
|
:client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
|
||||||
scope: []],
|
{ scope: [] }],
|
||||||
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
||||||
:_destroy, transformation: [:type, :format, :true_value, :false_value,
|
:_destroy, { transformation: [:type, :format, :true_value, :false_value,
|
||||||
mapping: %i[from to]]])
|
{ mapping: %i[from to] }] }])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
35
test/helpers/auth_provider_helper.rb
Normal file
35
test/helpers/auth_provider_helper.rb
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# Provides methods to help authentication providers
|
||||||
|
module AuthProviderHelper
|
||||||
|
def github_provider_params(name)
|
||||||
|
{
|
||||||
|
name: name,
|
||||||
|
providable_type: 'OAuth2Provider',
|
||||||
|
providable_attributes: {
|
||||||
|
authorization_endpoint: 'authorize',
|
||||||
|
token_endpoint: 'access_token',
|
||||||
|
base_url: 'https://github.com/login/oauth/',
|
||||||
|
profile_url: 'https://github.com/settings/profile',
|
||||||
|
client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
|
||||||
|
client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
|
||||||
|
},
|
||||||
|
auth_provider_mappings_attributes: [
|
||||||
|
{
|
||||||
|
api_data_type: 'json',
|
||||||
|
api_endpoint: 'https://api.github.com/user',
|
||||||
|
api_field: 'id',
|
||||||
|
local_field: 'uid',
|
||||||
|
local_model: 'user'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
api_data_type: 'json',
|
||||||
|
api_endpoint: 'https://api.github.com/user',
|
||||||
|
api_field: 'html_url',
|
||||||
|
local_field: 'github',
|
||||||
|
local_model: 'profile'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
@ -1,45 +1,22 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
require 'test_helper'
|
require 'test_helper'
|
||||||
|
require 'helpers/auth_provider_helper'
|
||||||
|
|
||||||
class AuthProvidersTest < ActionDispatch::IntegrationTest
|
class AuthProvidersTest < ActionDispatch::IntegrationTest
|
||||||
|
include AuthProviderHelper
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
@admin = User.find_by(username: 'admin')
|
@admin = User.find_by(username: 'admin')
|
||||||
login_as(@admin, scope: :user)
|
login_as(@admin, scope: :user)
|
||||||
|
Fablab::Application.load_tasks if Rake::Task.tasks.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'create an auth external provider and activate it' do
|
test 'create an auth external provider and activate it' do
|
||||||
name = 'GitHub'
|
name = 'GitHub'
|
||||||
post '/api/auth_providers',
|
post '/api/auth_providers',
|
||||||
params: {
|
params: {
|
||||||
auth_provider: {
|
auth_provider: github_provider_params(name)
|
||||||
name: name,
|
|
||||||
providable_type: 'OAuth2Provider',
|
|
||||||
providable_attributes: {
|
|
||||||
authorization_endpoint: 'authorize',
|
|
||||||
token_endpoint: 'access_token',
|
|
||||||
base_url: 'https://github.com/login/oauth/',
|
|
||||||
profile_url: 'https://github.com/settings/profile',
|
|
||||||
client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
|
|
||||||
client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
|
|
||||||
},
|
|
||||||
auth_provider_mappings_attributes: [
|
|
||||||
{
|
|
||||||
api_data_type: 'json',
|
|
||||||
api_endpoint: 'https://api.github.com/user',
|
|
||||||
api_field: 'id',
|
|
||||||
local_field: 'uid',
|
|
||||||
local_model: 'user'
|
|
||||||
},
|
|
||||||
{
|
|
||||||
api_data_type: 'json',
|
|
||||||
api_endpoint: 'https://api.github.com/user',
|
|
||||||
api_field: 'html_url',
|
|
||||||
local_field: 'github',
|
|
||||||
local_model: 'profile'
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}.to_json,
|
}.to_json,
|
||||||
headers: default_headers
|
headers: default_headers
|
||||||
|
|
||||||
@ -58,8 +35,7 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
|
|||||||
assert_equal 2, provider[:auth_provider_mappings_attributes].length
|
assert_equal 2, provider[:auth_provider_mappings_attributes].length
|
||||||
|
|
||||||
# now let's activate this new provider
|
# now let's activate this new provider
|
||||||
Fablab::Application.load_tasks if Rake::Task.tasks.empty?
|
Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))
|
||||||
Rake::Task['fablab:auth:switch_provider'].invoke(name)
|
|
||||||
|
|
||||||
db_provider&.reload
|
db_provider&.reload
|
||||||
assert_equal 'active', db_provider&.status
|
assert_equal 'active', db_provider&.status
|
||||||
@ -68,4 +44,111 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
|
|||||||
assert_not_nil u.auth_token
|
assert_not_nil u.auth_token
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'update an authentication provider' do
|
||||||
|
provider = AuthProvider.create!(github_provider_params('GitHub'))
|
||||||
|
patch "/api/auth_providers/#{provider.id}",
|
||||||
|
params: {
|
||||||
|
auth_provider: {
|
||||||
|
providable_type: 'OAuth2Provider',
|
||||||
|
auth_provider_mappings_attributes: [
|
||||||
|
{ api_data_type: 'json', api_endpoint: 'https://api.github.com/user',
|
||||||
|
api_field: 'avatar_url', local_field: 'avatar', local_model: 'profile' }
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}.to_json,
|
||||||
|
headers: default_headers
|
||||||
|
|
||||||
|
# Check response format & status
|
||||||
|
assert_equal 200, response.status, response.body
|
||||||
|
assert_equal Mime[:json], response.content_type
|
||||||
|
|
||||||
|
provider.reload
|
||||||
|
|
||||||
|
# Check the provider was updated
|
||||||
|
res = json_response(response.body)
|
||||||
|
assert_equal provider.id, res[:id]
|
||||||
|
assert_equal 3, provider.auth_provider_mappings.count
|
||||||
|
assert_not_nil provider.auth_provider_mappings.find_by(api_field: 'avatar_url')
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'build an oauth2 strategy name' do
|
||||||
|
get '/api/auth_providers/strategy_name?providable_type=OAuth2Provider&name=Sleede'
|
||||||
|
|
||||||
|
assert_response :success
|
||||||
|
assert_equal 'oauth2-sleede', response.body
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'build an openid strategy name' do
|
||||||
|
get '/api/auth_providers/strategy_name?providable_type=OpenIdConnectProvider&name=Sleede'
|
||||||
|
|
||||||
|
assert_response :success
|
||||||
|
assert_equal 'openidconnect-sleede', response.body
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'show an authentication provider' do
|
||||||
|
provider = AuthProvider.first
|
||||||
|
get "/api/auth_providers/#{provider.id}"
|
||||||
|
|
||||||
|
# Check response format & status
|
||||||
|
assert_equal 200, response.status, response.body
|
||||||
|
assert_equal Mime[:json], response.content_type
|
||||||
|
|
||||||
|
# Check the provider was updated
|
||||||
|
res = json_response(response.body)
|
||||||
|
assert_equal provider.id, res[:id]
|
||||||
|
assert_equal provider.providable_type, res[:providable_type]
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'show fields available for mapping' do
|
||||||
|
get '/api/auth_providers/mapping_fields'
|
||||||
|
|
||||||
|
assert_equal 200, response.status, response.body
|
||||||
|
assert_equal Mime[:json], response.content_type
|
||||||
|
|
||||||
|
# Check the returned fields
|
||||||
|
res = json_response(response.body)
|
||||||
|
assert_not_empty res[:user]
|
||||||
|
assert_not_empty res[:profile]
|
||||||
|
assert_not res[:user].map(&:first).include?('encrypted_password')
|
||||||
|
assert(res[:user].map(&:last).all? { |type| %w[string boolean integer datetime].include?(type) })
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'get the current active provider' do
|
||||||
|
get '/api/auth_providers/active'
|
||||||
|
|
||||||
|
assert_equal 200, response.status, response.body
|
||||||
|
assert_equal Mime[:json], response.content_type
|
||||||
|
|
||||||
|
# Check the returned fields
|
||||||
|
res = json_response(response.body)
|
||||||
|
assert_equal AuthProvider.active.id, res[:id]
|
||||||
|
assert_nil res[:previous_provider]
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'send auth migration token' do
|
||||||
|
# create an enable an oauth2 provider
|
||||||
|
name = 'TokenTest'
|
||||||
|
AuthProvider.create!(github_provider_params(name))
|
||||||
|
Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))
|
||||||
|
|
||||||
|
# send the migration token
|
||||||
|
user = User.find(10)
|
||||||
|
post '/api/auth_providers/send_code',
|
||||||
|
params: {
|
||||||
|
email: user.email
|
||||||
|
}.to_json,
|
||||||
|
headers: default_headers
|
||||||
|
|
||||||
|
assert_equal 200, response.status, response.body
|
||||||
|
assert_equal Mime[:json], response.content_type
|
||||||
|
|
||||||
|
# check resulting notification
|
||||||
|
notification = Notification.find_by(
|
||||||
|
notification_type_id: NotificationType.find_by_name('notify_user_auth_migration'), # rubocop:disable Rails/DynamicFindBy
|
||||||
|
attached_object_type: 'User',
|
||||||
|
attached_object_id: user.id
|
||||||
|
)
|
||||||
|
assert_not_nil notification, 'user notification was not created'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user