correcting sso token port for coverage (#1981)
This commit is contained in:
Cesar Celis Hernandez
committed by
GitHub
GitHub
parent
fdb6d210d6
commit
c20e9adaeb
4
Makefile
4
Makefile
@@ -144,7 +144,7 @@ test-sso-integration:
|
||||
@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
|
||||
@(docker run \
|
||||
-e DEX_ISSUER=http://dex:5556/dex \
|
||||
-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
|
||||
-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
|
||||
-e DEX_LDAP_SERVER=openldap:389 \
|
||||
--network my-net \
|
||||
-p 5556:5556 \
|
||||
@@ -163,7 +163,7 @@ test-sso-integration:
|
||||
-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
|
||||
-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
|
||||
-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
|
||||
-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9001/oauth_callback \
|
||||
-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
|
||||
-e MINIO_ROOT_USER=minio \
|
||||
-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
|
||||
@echo "run mc commands to set the policy"
|
||||
|
||||
@@ -1,30 +1,15 @@
|
||||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import pdb
|
||||
import requests
|
||||
import pdb, sys, requests, pdb
|
||||
from bs4 import BeautifulSoup
|
||||
|
||||
result = requests.get('http://localhost:9001/api/v1/login')
|
||||
redirect = result.json()['redirect']
|
||||
result = requests.get(redirect)
|
||||
soup = BeautifulSoup(result.text, "html.parser")
|
||||
from urllib.parse import unquote
|
||||
|
||||
# Log in to Your Account via OpenLDAP Connector
|
||||
result = requests.get(sys.argv[1])
|
||||
soup = BeautifulSoup(result.text, "html.parser")
|
||||
url = "http://dex:5556" + soup.findAll('a')[1].get('href')
|
||||
result = requests.get(url)
|
||||
soup = BeautifulSoup(result.text, "html.parser")
|
||||
url = "http://dex:5556" + soup.form.get('action')
|
||||
|
||||
# Post the credentials in the form
|
||||
# From https://github.com/minio/minio-iam-testing/blob/main/ldap/bootstrap.ldif
|
||||
myobj = {
|
||||
'login': 'dillon@example.io',
|
||||
'password': 'dillon',
|
||||
}
|
||||
result2 = requests.post(url, data = myobj)
|
||||
code = result2.url.split("?code=")[1].split("&state=")[0]
|
||||
state = result2.url.split("?code=")[1].split("&state=")[1]
|
||||
|
||||
print(code)
|
||||
print(state)
|
||||
print(url)
|
||||
|
||||
@@ -20,10 +20,12 @@ import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
@@ -36,8 +38,12 @@ import (
|
||||
|
||||
var token string
|
||||
|
||||
func initConsoleServer() (*restapi.Server, error) {
|
||||
// os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
|
||||
func initConsoleServer(consoleIDPURL string) (*restapi.Server, error) {
|
||||
// Configure Console Server with vars to get the idp config from the container
|
||||
os.Setenv("CONSOLE_IDP_URL", consoleIDPURL)
|
||||
os.Setenv("CONSOLE_IDP_CLIENT_ID", "minio-client-app")
|
||||
os.Setenv("CONSOLE_IDP_SECRET", "minio-client-app-secret")
|
||||
os.Setenv("CONSOLE_IDP_CALLBACK", "http://127.0.0.1:9090/oauth_callback")
|
||||
|
||||
swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
|
||||
if err != nil {
|
||||
@@ -58,10 +64,9 @@ func initConsoleServer() (*restapi.Server, error) {
|
||||
server := restapi.NewServer(api)
|
||||
// register all APIs
|
||||
server.ConfigureAPI()
|
||||
consolePort, _ := strconv.Atoi("9090")
|
||||
|
||||
server.Host = "0.0.0.0"
|
||||
server.Port = consolePort
|
||||
server.Port = 9090
|
||||
restapi.Port = "9090"
|
||||
restapi.Hostname = "0.0.0.0"
|
||||
|
||||
@@ -74,7 +79,7 @@ func TestMain(t *testing.T) {
|
||||
// start console server
|
||||
go func() {
|
||||
fmt.Println("start server")
|
||||
srv, err := initConsoleServer()
|
||||
srv, err := initConsoleServer("http://dex:5556/dex/.well-known/openid-configuration")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
log.Println("init fail")
|
||||
@@ -90,43 +95,79 @@ func TestMain(t *testing.T) {
|
||||
Timeout: 2 * time.Second,
|
||||
}
|
||||
|
||||
// execute script to get the code and state
|
||||
cmd, err := exec.Command("python3", "dex-requests.py").Output()
|
||||
if err != nil {
|
||||
fmt.Printf("error %s", err)
|
||||
// Let's move this API here to increment our coverage
|
||||
getRequest, getError := http.NewRequest("GET", "http://localhost:9090/api/v1/login", nil)
|
||||
if getError != nil {
|
||||
log.Println(getError)
|
||||
return
|
||||
}
|
||||
output := string(cmd)
|
||||
|
||||
fmt.Println(" ")
|
||||
fmt.Println(" ")
|
||||
fmt.Println("output:")
|
||||
fmt.Println(output)
|
||||
fmt.Println(" ")
|
||||
fmt.Println(" ")
|
||||
|
||||
temp := strings.Split(output, "\n")
|
||||
|
||||
fmt.Println(" ")
|
||||
fmt.Println(" ")
|
||||
fmt.Println("temp:")
|
||||
fmt.Println(temp)
|
||||
fmt.Println(" ")
|
||||
fmt.Println(" ")
|
||||
|
||||
fmt.Println("index0")
|
||||
fmt.Println(temp[0])
|
||||
|
||||
if len(temp) >= 2 {
|
||||
fmt.Println("index 1")
|
||||
fmt.Println(temp[1])
|
||||
} else {
|
||||
assert.Fail("temp len is less than 2", len(temp))
|
||||
getRequest.Header.Add("Content-Type", "application/json")
|
||||
getResponse, getErr := client.Do(getRequest)
|
||||
// current value:
|
||||
// {"loginStrategy":"form"}
|
||||
// but we want our console server to provide loginStrategy = redirect for SSO
|
||||
if getErr != nil {
|
||||
log.Println(getErr)
|
||||
return
|
||||
}
|
||||
|
||||
body, err := io.ReadAll(getResponse.Body)
|
||||
getResponse.Body.Close()
|
||||
if getResponse.StatusCode > 299 {
|
||||
log.Fatalf("Response failed with status code: %d and\nbody: %s\n", getResponse.StatusCode, body)
|
||||
}
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
var jsonMap map[string]interface{}
|
||||
json.Unmarshal(body, &jsonMap)
|
||||
fmt.Println(jsonMap["redirect"])
|
||||
redirect := jsonMap["redirect"]
|
||||
redirectAsString := fmt.Sprint(redirect)
|
||||
fmt.Println(redirectAsString)
|
||||
|
||||
// execute script to get the code and state
|
||||
cmd, err := exec.Command("python3", "dex-requests.py", redirectAsString).Output()
|
||||
if err != nil {
|
||||
fmt.Printf("error %s", err)
|
||||
}
|
||||
urlOutput := string(cmd)
|
||||
requestLoginBody := bytes.NewReader([]byte("login=dillon%40example.io&password=dillon"))
|
||||
|
||||
// parse url remove carriage return
|
||||
temp2 := strings.Split(urlOutput, "\n")
|
||||
fmt.Println("temp2: ", temp2)
|
||||
urlOutput = temp2[0] // remove carriage return to avoid invalid control character in url
|
||||
|
||||
// validate url
|
||||
urlParseResult, urlParseError := url.Parse(urlOutput)
|
||||
if urlParseError != nil {
|
||||
panic(urlParseError)
|
||||
}
|
||||
fmt.Println(urlParseResult)
|
||||
|
||||
// prepare for post
|
||||
httpRequestLogin, newRequestError := http.NewRequest(
|
||||
"POST",
|
||||
urlOutput,
|
||||
requestLoginBody,
|
||||
)
|
||||
fmt.Println(newRequestError)
|
||||
httpRequestLogin.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
responseLogin, errorLogin := client.Do(httpRequestLogin)
|
||||
if errorLogin != nil {
|
||||
log.Println(errorLogin)
|
||||
}
|
||||
rawQuery := responseLogin.Request.URL.RawQuery
|
||||
fmt.Println(rawQuery)
|
||||
splitRawQuery := strings.Split(rawQuery, "&state=")
|
||||
codeValue := strings.ReplaceAll(splitRawQuery[0], "code=", "")
|
||||
stateValue := splitRawQuery[1]
|
||||
fmt.Println("stop", splitRawQuery, codeValue, stateValue)
|
||||
|
||||
// get login credentials
|
||||
codeVarIable := strings.TrimSpace(temp[0])
|
||||
stateVarIabl := strings.TrimSpace(temp[1])
|
||||
codeVarIable := strings.TrimSpace(codeValue)
|
||||
stateVarIabl := strings.TrimSpace(stateValue)
|
||||
requestData := map[string]string{
|
||||
"code": codeVarIable,
|
||||
"state": stateVarIabl,
|
||||
@@ -137,7 +178,7 @@ func TestMain(t *testing.T) {
|
||||
|
||||
request, _ := http.NewRequest(
|
||||
"POST",
|
||||
"http://localhost:9001/api/v1/login/oauth2/auth",
|
||||
"http://localhost:9090/api/v1/login/oauth2/auth",
|
||||
requestDataBody,
|
||||
)
|
||||
request.Header.Add("Content-Type", "application/json")
|
||||
@@ -146,7 +187,6 @@ func TestMain(t *testing.T) {
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
|
||||
if response != nil {
|
||||
for _, cookie := range response.Cookies() {
|
||||
if cookie.Name == "token" {
|
||||
@@ -162,3 +202,49 @@ func TestMain(t *testing.T) {
|
||||
fmt.Println(token)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBadLogin(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
|
||||
// start console server
|
||||
go func() {
|
||||
fmt.Println("start server")
|
||||
srv, err := initConsoleServer("http://dex:5556")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
log.Println("init fail")
|
||||
return
|
||||
}
|
||||
srv.Serve()
|
||||
}()
|
||||
fmt.Println("sleeping")
|
||||
time.Sleep(2 * time.Second)
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: 2 * time.Second,
|
||||
}
|
||||
|
||||
// get login credentials
|
||||
codeVarIable := "invalidCode"
|
||||
stateVarIabl := "invalidState"
|
||||
requestData := map[string]string{
|
||||
"code": codeVarIable,
|
||||
"state": stateVarIabl,
|
||||
}
|
||||
requestDataJSON, _ := json.Marshal(requestData)
|
||||
|
||||
requestDataBody := bytes.NewReader(requestDataJSON)
|
||||
|
||||
request, _ := http.NewRequest(
|
||||
"POST",
|
||||
"http://localhost:9090/api/v1/login/oauth2/auth",
|
||||
requestDataBody,
|
||||
)
|
||||
request.Header.Add("Content-Type", "application/json")
|
||||
|
||||
response, err := client.Do(request)
|
||||
fmt.Println(response)
|
||||
fmt.Println(err)
|
||||
expectedError := response.Status
|
||||
assert.Equal("500 Internal Server Error", expectedError)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user