tests: assert user with unknown group cannot login with sso or ldap
This commit is contained in:
parent
9fc3df8e10
commit
3de3dad405
5 changed files with 35 additions and 11 deletions
|
|
@ -427,16 +427,17 @@ in
|
|||
groups = [ "user_group" "admin_group" ];
|
||||
password.result.path = pkgs.writeText "bobPassword" "BobPassword";
|
||||
};
|
||||
# charlie = {
|
||||
# email = "charlie@example.com";
|
||||
# groups = [ ];
|
||||
# password.result.path = pkgs.writeText "charliePassword" "CharliePassword";
|
||||
# };
|
||||
charlie = {
|
||||
email = "charlie@example.com";
|
||||
groups = [ "other_group" ];
|
||||
password.result.path = pkgs.writeText "charliePassword" "CharliePassword";
|
||||
};
|
||||
};
|
||||
|
||||
ensureGroups = {
|
||||
user_group = {};
|
||||
admin_group = {};
|
||||
other_group = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -247,6 +247,12 @@ in
|
|||
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
||||
"expect(page).to_have_title(re.compile('Dashboard'))"
|
||||
]; }
|
||||
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
||||
]; }
|
||||
];
|
||||
};
|
||||
})
|
||||
|
|
|
|||
|
|
@ -231,11 +231,13 @@ let
|
|||
{ username = "bob"; password = "NotBobPassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text('Incorrect username or password')).to_be_visible()"
|
||||
]; }
|
||||
# TODO: charlie has no groups, which makes lldap return a 'null' value instead of an empty array and Authelia does not like that.
|
||||
# { username = "charlie"; password = "CharliePassword"; nextPageExpect = [
|
||||
# "page.get_by_role('button', name=re.compile('Accept')).click()"
|
||||
# "expect(page).to_have_title(re.compile('Dashboard'))"
|
||||
# ]; }
|
||||
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text('Incorrect username or password')).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
|
||||
"page.get_by_role('button', name=re.compile('Accept')).click()"
|
||||
"expect(page.get_by_text('not member of the allowed groups')).to_be_visible()"
|
||||
]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
@ -269,6 +271,9 @@ let
|
|||
sso = { config, ... }:
|
||||
{
|
||||
shb.nextcloud = {
|
||||
apps.ldap = {
|
||||
userGroup = "user_group";
|
||||
};
|
||||
apps.sso = {
|
||||
enable = true;
|
||||
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
|
||||
|
|
@ -549,7 +554,6 @@ in
|
|||
testLib.certs
|
||||
https
|
||||
testLib.ldap
|
||||
ldap
|
||||
(testLib.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
({ config, ... }: {
|
||||
|
|
|
|||
|
|
@ -94,6 +94,13 @@ let
|
|||
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
||||
"expect(page.get_by_text('logged in')).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
|
||||
"page.get_by_role('button', name=re.compile('Accept')).click()"
|
||||
"expect(page.get_by_text('unauthorized')).to_be_visible()"
|
||||
]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -115,6 +115,12 @@ let
|
|||
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
||||
"expect(page.get_by_text('Create a media profile')).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
|
||||
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()"
|
||||
]; }
|
||||
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
|
||||
"expect(page).to_have_url(re.compile('.*/authenticated'))"
|
||||
]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue