Skip to content
Snippets Groups Projects
Select Git revision
  • main default
  • 139-remove-part-of-the-helm-chart-that-is-moved-to-the-dashboard-helmchart
  • 122-admin-logins-should-gain-admin-privileges
  • 116-allow-password-change-without-ssl-public-endpoint-in-startup-job
  • 114-create-development-scripts-for-reverse-proxy-solution
  • 110-enable-hydra-maester
  • 82-pylint-job-broken-2
  • 93-0.2.11
  • master protected
  • update-hydra
  • spike-use-kratos-as-identity-manager
  • merge_master_into_0.2
  • 56-fix-link-in-the-readme
  • 0.2
  • 40-replace-flask-oauth-with-oauthlib-in-test-login_logout
  • 45-update-user-panel-to-fix-jobs
  • 41-make-oauth2-client-data-persistent
  • force-https
  • 42-ldap-support
  • 33-wordpress-sso-admin-login-doesn-t-work
  • 0.8.0
  • 0.7.7
  • 0.7.6
  • 0.7.4
  • 0.7.1
  • 0.5.2
  • 0.5.0
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.4.0
  • 0.2.11
  • 0.2.10
  • 0.2.9
  • 0.2.8
  • 0.2.7
  • 0.2.6
  • 0.2.5
  • 0.2.4
  • 0.2.3
40 results
Compare History
Maarten de Waard's avatar
update Dockerfile versions and use newer version of user-panel with updated Dockerfile
Maarten de Waard authored
30365a94
Name Last commit Last update
..
test
Dockerfile
README.md
app.py
requirements.txt
README.md

This is a test application to verify that all of the components provided in this repository work together according to OpenID Connect Standards

Prerequisites

The single sign-on application needs to be up and running. Instructions on how to accomplish that can be found in ../../README.md.

Create oAuth Client

You also need to create an oAuth2-Client to enable this application to communicate with the oAuth server.

To do that you can run the create-hydra-client script in this repository:

bash ../create-hydra-client.bash testapplication clientsecret http://localhost:4445 http://localhost:13337/callback http://localhost:13337/ http://localhost:13337/logout

http://localhost:4445 refers to the hydra-admin service. http://localhost:13337/callback is the callback uri of the test application. The third uri (http://localhost:13337) will be used as a post logout redirect uri. The agent is forwarded to this address after the single-sign-off process finishes. The last argument specifies the uri that is used to trigger a OIDC frontchanel logout.

Make sure that the callback url you specified as the 4th argument when executing the create-hydra-client.bash script exactly matches one of the insecure redirect urls that are specified in ../../docker-compose.yml (line 16). The argument to look out for is called --dangerous-allow-insecure-redirect-urls:

serve all --dangerous-force-http --dangerous-allow-insecure-redirect-urls "http://localhost:13337/callback"

Create users

In the default setup, users can be created by executing the scripts contained in ../../user-panel/backend/utils/

bash ../../user-panel/backend/utils/create-user.bash admin <choose-password-here> admin@example.net
bash ../../user-panel/backend/utils/create-application.bash testapplication
bash ../../user-panel/backend/utils/grant-access.bash admin testapplication
bash ../../user-panel/backend/utils/create-role.bash admin
bash ../../user-panel/backend/utils/assign-role.bash admin admin

Installation

Install the requirements with:

python3 -m venv venv
. venv/bin/activate
pip3 install -r requrements.txt

Configuration

Make sure you export the following environment variables with values according to your setup. Use the default values provided here if you run your setup locally.

export BASE_URL=http://localhost:4444/                         # Hydra public API Base
export KEY=testapplication                                     # name of your oauth/openID Connect client (application)
export SECRET=clientsecret                                     # secret of your oauth/openID Connect client (application)

Run the tests

Start the application with:

flask run --port=13337

Navigate to http://localhost:13337/ to trigger the openID connect authentication flow. During the login process your agent's browser will be redirected multiple times. If successful, you will see a json reply containing your oAuth token.

Navigate to http://localhost:13337/userinfo after you received the token to pull userinfo via openID Connect scopes.

Run auto tests

Run the following commands to run the tests

export TESTUSER_USERNAME=user
export TESTUSER_PASSWORD=secret
export TESTUSER_USERNAME2=user2
export TESTUSER_EMAIL=test@example.net
export ROLE=admin
bash ../../user-panel/utils/create-user.bash $TESTUSER_USERNAME $TESTUSER_PASSWORD $TESTUSER_EMAIL
bash ../../user-panel/utils/create-user.bash $TESTUSER_USERNAME2 RANDOMPW $TESTUSER_EMAIL
bash ../../user-panel/utils/create-application.bash testapplication
bash ../../user-panel/utils/grant-access.bash $TESTUSER_USERNAME testapplication
bash ../../user-panel/utils/create-role.bash $ROLE
bash ../../user-panel/utils/assign-role.bash $TESTUSER_USERNAME $ROLE
python3 -m behave \
-D headless=True \
-D url=http://localhost:13337 \
-D username=${TESTUSER_USERNAME} \
-D username2=${TESTUSER_USERNAME2} \
-D password=${TESTUSER_PASSWORD} \
-D email=${TESTUSER_EMAIL} \
-D role=${ROLE}

Note: You need to have chromedriver isntalled to run the tests