tests: assert user with unknown group cannot login with sso or ldap

This commit is contained in:
ibizaman 2025-10-07 01:02:48 +02:00 committed by Pierre Penninckx
parent 9fc3df8e10
commit 3de3dad405
5 changed files with 35 additions and 11 deletions

View file

@ -427,16 +427,17 @@ in
groups = [ "user_group" "admin_group" ];
password.result.path = pkgs.writeText "bobPassword" "BobPassword";
};
# charlie = {
# email = "charlie@example.com";
# groups = [ ];
# password.result.path = pkgs.writeText "charliePassword" "CharliePassword";
# };
charlie = {
email = "charlie@example.com";
groups = [ "other_group" ];
password.result.path = pkgs.writeText "charliePassword" "CharliePassword";
};
};
ensureGroups = {
user_group = {};
admin_group = {};
other_group = {};
};
};
};

View file

@ -247,6 +247,12 @@ in
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_title(re.compile('Dashboard'))"
]; }
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
]; }
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
]; }
];
};
})

View file

@ -231,11 +231,13 @@ let
{ username = "bob"; password = "NotBobPassword"; nextPageExpect = [
"expect(page.get_by_text('Incorrect username or password')).to_be_visible()"
]; }
# TODO: charlie has no groups, which makes lldap return a 'null' value instead of an empty array and Authelia does not like that.
# { username = "charlie"; password = "CharliePassword"; nextPageExpect = [
# "page.get_by_role('button', name=re.compile('Accept')).click()"
# "expect(page).to_have_title(re.compile('Dashboard'))"
# ]; }
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
"expect(page.get_by_text('Incorrect username or password')).to_be_visible()"
]; }
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
"page.get_by_role('button', name=re.compile('Accept')).click()"
"expect(page.get_by_text('not member of the allowed groups')).to_be_visible()"
]; }
];
};
};
@ -269,6 +271,9 @@ let
sso = { config, ... }:
{
shb.nextcloud = {
apps.ldap = {
userGroup = "user_group";
};
apps.sso = {
enable = true;
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
@ -549,7 +554,6 @@ in
testLib.certs
https
testLib.ldap
ldap
(testLib.sso config.shb.certs.certs.selfsigned.n)
sso
({ config, ... }: {

View file

@ -94,6 +94,13 @@ let
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page.get_by_text('logged in')).to_be_visible()"
]; }
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()"
]; }
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
"page.get_by_role('button', name=re.compile('Accept')).click()"
"expect(page.get_by_text('unauthorized')).to_be_visible()"
]; }
];
};
};

View file

@ -115,6 +115,12 @@ let
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page.get_by_text('Create a media profile')).to_be_visible()"
]; }
{ username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()"
]; }
{ username = "charlie"; password = "CharliePassword"; nextPageExpect = [
"expect(page).to_have_url(re.compile('.*/authenticated'))"
]; }
];
};
};