1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-01 12:24:28 +01:00

(test) oauth2 providers

This commit is contained in:
Sylvain 2023-01-10 13:09:04 +01:00
parent 41195ccf30
commit f9fc74b2ee
3 changed files with 156 additions and 39 deletions

View File

@ -3,7 +3,6 @@
# API Controller for resources of type AuthProvider # API Controller for resources of type AuthProvider
# AuthProvider are used to connect users through single-sign on systems # AuthProvider are used to connect users through single-sign on systems
class API::AuthProvidersController < API::ApiController class API::AuthProvidersController < API::ApiController
before_action :set_provider, only: %i[show update destroy] before_action :set_provider, only: %i[show update destroy]
def index def index
@providers = policy_scope(AuthProvider) @providers = policy_scope(AuthProvider)
@ -64,13 +63,13 @@ class API::AuthProvidersController < API::ApiController
user = User.find_by('lower(email) = ?', params[:email]&.downcase) user = User.find_by('lower(email) = ?', params[:email]&.downcase)
if user&.auth_token if user&.auth_token
if AuthProvider.active.providable_type != DatabaseProvider.name if AuthProvider.active.providable_type == DatabaseProvider.name
render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
else
NotificationCenter.call type: 'notify_user_auth_migration', NotificationCenter.call type: 'notify_user_auth_migration',
receiver: user, receiver: user,
attached_object: user attached_object: user
render json: { status: 'processing' }, status: :ok render json: { status: 'processing' }, status: :ok
else
render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
end end
else else
render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request
@ -92,18 +91,18 @@ class API::AuthProvidersController < API::ApiController
providable_attributes: %i[id base_url token_endpoint authorization_endpoint providable_attributes: %i[id base_url token_endpoint authorization_endpoint
profile_url client_id client_secret scopes], profile_url client_id client_secret scopes],
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type, auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
:_destroy, transformation: [:type, :format, :true_value, :false_value, :_destroy, { transformation: [:type, :format, :true_value, :false_value,
mapping: %i[from to]]]) { mapping: %i[from to] }] }])
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
params.require(:auth_provider) params.require(:auth_provider)
.permit(:id, :name, :providable_type, .permit(:id, :name, :providable_type,
providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint, providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
:client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint, :client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
:client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
scope: []], { scope: [] }],
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type, auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
:_destroy, transformation: [:type, :format, :true_value, :false_value, :_destroy, { transformation: [:type, :format, :true_value, :false_value,
mapping: %i[from to]]]) { mapping: %i[from to] }] }])
end end
end end
end end

View File

@ -0,0 +1,35 @@
# frozen_string_literal: true
# Provides methods to help authentication providers
module AuthProviderHelper
def github_provider_params(name)
{
name: name,
providable_type: 'OAuth2Provider',
providable_attributes: {
authorization_endpoint: 'authorize',
token_endpoint: 'access_token',
base_url: 'https://github.com/login/oauth/',
profile_url: 'https://github.com/settings/profile',
client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
},
auth_provider_mappings_attributes: [
{
api_data_type: 'json',
api_endpoint: 'https://api.github.com/user',
api_field: 'id',
local_field: 'uid',
local_model: 'user'
},
{
api_data_type: 'json',
api_endpoint: 'https://api.github.com/user',
api_field: 'html_url',
local_field: 'github',
local_model: 'profile'
}
]
}
end
end

View File

@ -1,45 +1,22 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'test_helper' require 'test_helper'
require 'helpers/auth_provider_helper'
class AuthProvidersTest < ActionDispatch::IntegrationTest class AuthProvidersTest < ActionDispatch::IntegrationTest
include AuthProviderHelper
def setup def setup
@admin = User.find_by(username: 'admin') @admin = User.find_by(username: 'admin')
login_as(@admin, scope: :user) login_as(@admin, scope: :user)
Fablab::Application.load_tasks if Rake::Task.tasks.empty?
end end
test 'create an auth external provider and activate it' do test 'create an auth external provider and activate it' do
name = 'GitHub' name = 'GitHub'
post '/api/auth_providers', post '/api/auth_providers',
params: { params: {
auth_provider: { auth_provider: github_provider_params(name)
name: name,
providable_type: 'OAuth2Provider',
providable_attributes: {
authorization_endpoint: 'authorize',
token_endpoint: 'access_token',
base_url: 'https://github.com/login/oauth/',
profile_url: 'https://github.com/settings/profile',
client_id: ENV.fetch('OAUTH_CLIENT_ID', 'github-oauth-app-id'),
client_secret: ENV.fetch('OAUTH_CLIENT_SECRET', 'github-oauth-app-secret')
},
auth_provider_mappings_attributes: [
{
api_data_type: 'json',
api_endpoint: 'https://api.github.com/user',
api_field: 'id',
local_field: 'uid',
local_model: 'user'
},
{
api_data_type: 'json',
api_endpoint: 'https://api.github.com/user',
api_field: 'html_url',
local_field: 'github',
local_model: 'profile'
}
]
}
}.to_json, }.to_json,
headers: default_headers headers: default_headers
@ -58,8 +35,7 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
assert_equal 2, provider[:auth_provider_mappings_attributes].length assert_equal 2, provider[:auth_provider_mappings_attributes].length
# now let's activate this new provider # now let's activate this new provider
Fablab::Application.load_tasks if Rake::Task.tasks.empty? Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))
Rake::Task['fablab:auth:switch_provider'].invoke(name)
db_provider&.reload db_provider&.reload
assert_equal 'active', db_provider&.status assert_equal 'active', db_provider&.status
@ -68,4 +44,111 @@ class AuthProvidersTest < ActionDispatch::IntegrationTest
assert_not_nil u.auth_token assert_not_nil u.auth_token
end end
end end
test 'update an authentication provider' do
provider = AuthProvider.create!(github_provider_params('GitHub'))
patch "/api/auth_providers/#{provider.id}",
params: {
auth_provider: {
providable_type: 'OAuth2Provider',
auth_provider_mappings_attributes: [
{ api_data_type: 'json', api_endpoint: 'https://api.github.com/user',
api_field: 'avatar_url', local_field: 'avatar', local_model: 'profile' }
]
}
}.to_json,
headers: default_headers
# Check response format & status
assert_equal 200, response.status, response.body
assert_equal Mime[:json], response.content_type
provider.reload
# Check the provider was updated
res = json_response(response.body)
assert_equal provider.id, res[:id]
assert_equal 3, provider.auth_provider_mappings.count
assert_not_nil provider.auth_provider_mappings.find_by(api_field: 'avatar_url')
end
test 'build an oauth2 strategy name' do
get '/api/auth_providers/strategy_name?providable_type=OAuth2Provider&name=Sleede'
assert_response :success
assert_equal 'oauth2-sleede', response.body
end
test 'build an openid strategy name' do
get '/api/auth_providers/strategy_name?providable_type=OpenIdConnectProvider&name=Sleede'
assert_response :success
assert_equal 'openidconnect-sleede', response.body
end
test 'show an authentication provider' do
provider = AuthProvider.first
get "/api/auth_providers/#{provider.id}"
# Check response format & status
assert_equal 200, response.status, response.body
assert_equal Mime[:json], response.content_type
# Check the provider was updated
res = json_response(response.body)
assert_equal provider.id, res[:id]
assert_equal provider.providable_type, res[:providable_type]
end
test 'show fields available for mapping' do
get '/api/auth_providers/mapping_fields'
assert_equal 200, response.status, response.body
assert_equal Mime[:json], response.content_type
# Check the returned fields
res = json_response(response.body)
assert_not_empty res[:user]
assert_not_empty res[:profile]
assert_not res[:user].map(&:first).include?('encrypted_password')
assert(res[:user].map(&:last).all? { |type| %w[string boolean integer datetime].include?(type) })
end
test 'get the current active provider' do
get '/api/auth_providers/active'
assert_equal 200, response.status, response.body
assert_equal Mime[:json], response.content_type
# Check the returned fields
res = json_response(response.body)
assert_equal AuthProvider.active.id, res[:id]
assert_nil res[:previous_provider]
end
test 'send auth migration token' do
# create an enable an oauth2 provider
name = 'TokenTest'
AuthProvider.create!(github_provider_params(name))
Rake::Task['fablab:auth:switch_provider'].execute(Rake::TaskArguments.new([:provider], [name]))
# send the migration token
user = User.find(10)
post '/api/auth_providers/send_code',
params: {
email: user.email
}.to_json,
headers: default_headers
assert_equal 200, response.status, response.body
assert_equal Mime[:json], response.content_type
# check resulting notification
notification = Notification.find_by(
notification_type_id: NotificationType.find_by_name('notify_user_auth_migration'), # rubocop:disable Rails/DynamicFindBy
attached_object_type: 'User',
attached_object_id: user.id
)
assert_not_nil notification, 'user notification was not created'
end
end end