diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d99e5b9..8cea1cd 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -120,7 +120,7 @@ jobs: - name: Build run: | echo "resultPath=$(nix eval .#checks.x86_64-linux.${{ matrix.check }} --raw)" >> $GITHUB_ENV - nix build --print-build-logs --show-trace --keep-outputs --keep-failed .#checks.x86_64-linux.${{ matrix.check }} || find . + nix build --print-build-logs --show-trace --keep-outputs --keep-failed .#checks.x86_64-linux.${{ matrix.check }} - name: Upload Build Result uses: actions/upload-artifact@v4 if: startsWith(matrix.check, 'vm_') diff --git a/modules/services/nextcloud-server.nix b/modules/services/nextcloud-server.nix index 032e34e..f2bdb7a 100644 --- a/modules/services/nextcloud-server.nix +++ b/modules/services/nextcloud-server.nix @@ -1065,6 +1065,10 @@ in ]; in lib.mkIf (cfg.enable && cfg.apps.sso.enable) { assertions = [ + { + assertion = cfg.apps.ldap.enable; + message = "SSO app requires LDAP app to work correctly."; + } { assertion = cfg.ssl != null; message = "To integrate SSO, SSL must be enabled, set the shb.nextcloud.ssl option."; @@ -1124,7 +1128,6 @@ in groups = "groups"; is_admin = "is_nextcloud_admin"; }; - oidc_login_allowed_groups = [ cfg.apps.ldap.userGroup ]; oidc_login_default_group = "oidc"; oidc_login_use_external_storage = false; oidc_login_scope = lib.concatStringsSep " " scopes; diff --git a/test/common.nix b/test/common.nix index a011377..a3f7ef2 100644 --- a/test/common.nix +++ b/test/common.nix @@ -427,17 +427,16 @@ in groups = [ "user_group" "admin_group" ]; password.result.path = pkgs.writeText "bobPassword" "BobPassword"; }; - charlie = { - email = "charlie@example.com"; - groups = [ "other_group" ]; - password.result.path = pkgs.writeText "charliePassword" "CharliePassword"; - }; + # charlie = { + # email = "charlie@example.com"; + # groups = [ ]; + # password.result.path = pkgs.writeText "charliePassword" "CharliePassword"; + # }; }; ensureGroups = { user_group = {}; admin_group = {}; - other_group = {}; }; }; }; diff --git a/test/services/forgejo.nix b/test/services/forgejo.nix index 32be99d..72b9b58 100644 --- a/test/services/forgejo.nix +++ b/test/services/forgejo.nix @@ -247,12 +247,6 @@ in "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page).to_have_title(re.compile('Dashboard'))" ]; } - { username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [ - "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" - ]; } - { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ - "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" - ]; } ]; }; }) diff --git a/test/services/nextcloud.nix b/test/services/nextcloud.nix index dba441f..5563fde 100644 --- a/test/services/nextcloud.nix +++ b/test/services/nextcloud.nix @@ -231,13 +231,11 @@ let { username = "bob"; password = "NotBobPassword"; nextPageExpect = [ "expect(page.get_by_text('Incorrect username or password')).to_be_visible()" ]; } - { username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [ - "expect(page.get_by_text('Incorrect username or password')).to_be_visible()" - ]; } - { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ - "page.get_by_role('button', name=re.compile('Accept')).click()" - "expect(page.get_by_text('not member of the allowed groups')).to_be_visible()" - ]; } + # TODO: charlie has no groups, which makes lldap return a 'null' value instead of an empty array and Authelia does not like that. + # { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ + # "page.get_by_role('button', name=re.compile('Accept')).click()" + # "expect(page).to_have_title(re.compile('Dashboard'))" + # ]; } ]; }; }; @@ -271,9 +269,6 @@ let sso = { config, ... }: { shb.nextcloud = { - apps.ldap = { - userGroup = "user_group"; - }; apps.sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; @@ -554,6 +549,7 @@ in testLib.certs https testLib.ldap + ldap (testLib.sso config.shb.certs.certs.selfsigned.n) sso ({ config, ... }: { diff --git a/test/services/open-webui.nix b/test/services/open-webui.nix index 0b2fb54..9ab7bb4 100644 --- a/test/services/open-webui.nix +++ b/test/services/open-webui.nix @@ -62,6 +62,7 @@ let testLib.baseModule testLib.clientLoginModule ]; + virtualisation.memorySize = 4096; test = { subdomain = "o"; }; @@ -93,13 +94,6 @@ let "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page.get_by_text('logged in')).to_be_visible()" ]; } - { username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [ - "expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()" - ]; } - { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ - "page.get_by_role('button', name=re.compile('Accept')).click()" - "expect(page.get_by_text('pending activation')).to_be_visible()" - ]; } ]; }; }; @@ -178,8 +172,6 @@ in imports = [ clientLoginSso ]; - - virtualisation.memorySize = 4096; }; nodes.server = { config, pkgs, ... }: { imports = [ @@ -191,8 +183,6 @@ in (testLib.sso config.shb.certs.certs.selfsigned.n) sso ]; - - virtualisation.memorySize = 4096; }; testScript = commonTestScript.access; diff --git a/test/services/pinchflat.nix b/test/services/pinchflat.nix index 9a39c26..f6b2370 100644 --- a/test/services/pinchflat.nix +++ b/test/services/pinchflat.nix @@ -115,12 +115,6 @@ let "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page.get_by_text('Create a media profile')).to_be_visible()" ]; } - { username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [ - "expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible()" - ]; } - { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ - "expect(page).to_have_url(re.compile('.*/authenticated'))" - ]; } ]; }; };