mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
a991379a74
Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own.
109 lines
5.3 KiB
TypeScript
109 lines
5.3 KiB
TypeScript
import LoginAndRegisterTotp from "../../../helpers/LoginAndRegisterTotp";
|
|
import VerifySecretObserved from "../../../helpers/assertions/VerifySecretObserved";
|
|
import { StartDriver, StopDriver } from "../../../helpers/context/WithDriver";
|
|
import ValidateTotp from "../../../helpers/ValidateTotp";
|
|
import Logout from "../../../helpers/Logout";
|
|
import VisitPageAndWaitUrlIs from "../../../helpers/behaviors/VisitPageAndWaitUrlIs";
|
|
import VerifyBodyContains from "../../../helpers/assertions/VerifyBodyContains";
|
|
import VerifyUrlIs from "../../../helpers/assertions/WaitUrlIs";
|
|
|
|
async function ShouldHaveAccessTo(url: string) {
|
|
it('should have access to ' + url, async function() {
|
|
await VisitPageAndWaitUrlIs(this.driver, url);
|
|
await VerifySecretObserved(this.driver);
|
|
})
|
|
}
|
|
|
|
async function ShouldNotHaveAccessTo(url: string) {
|
|
it('should not have access to ' + url, async function() {
|
|
await VisitPageAndWaitUrlIs(this.driver, url);
|
|
await VerifyBodyContains(this.driver, "403 Forbidden");
|
|
})
|
|
}
|
|
|
|
// we verify that the user has only access to want he is granted to.
|
|
export default function() {
|
|
// We ensure that bob has access to what he is granted to
|
|
describe('Permissions of user john', function() {
|
|
before(async function() {
|
|
this.driver = await StartDriver();
|
|
const secret = await LoginAndRegisterTotp(this.driver, "john", "password", true);
|
|
await VisitPageAndWaitUrlIs(this.driver, 'https://login.example.com:8080/#/');
|
|
await ValidateTotp(this.driver, secret);
|
|
await VerifyUrlIs(this.driver, "https://home.example.com:8080/");
|
|
});
|
|
|
|
after(async function() {
|
|
await Logout(this.driver);
|
|
await StopDriver(this.driver);
|
|
});
|
|
|
|
ShouldHaveAccessTo('https://public.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://secure.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/groups/admin/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/groups/dev/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/users/john/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/users/harry/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/users/bob/secret.html');
|
|
ShouldHaveAccessTo('https://admin.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://mx1.mail.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://singlefactor.example.com:8080/secret.html');
|
|
ShouldNotHaveAccessTo('https://mx2.mail.example.com:8080/secret.html');
|
|
})
|
|
|
|
// We ensure that bob has access to what he is granted to
|
|
describe('Permissions of user bob', function() {
|
|
before(async function() {
|
|
this.driver = await StartDriver();
|
|
const secret = await LoginAndRegisterTotp(this.driver, "bob", "password", true);
|
|
await VisitPageAndWaitUrlIs(this.driver, 'https://login.example.com:8080/#/');
|
|
await ValidateTotp(this.driver, secret);
|
|
await VerifyUrlIs(this.driver, "https://home.example.com:8080/");
|
|
});
|
|
|
|
after(async function() {
|
|
await Logout(this.driver);
|
|
await StopDriver(this.driver);
|
|
});
|
|
|
|
ShouldHaveAccessTo('https://public.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://secure.example.com:8080/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/groups/admin/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/groups/dev/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/users/john/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/users/harry/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/users/bob/secret.html');
|
|
ShouldNotHaveAccessTo('https://admin.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://mx1.mail.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://singlefactor.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://mx2.mail.example.com:8080/secret.html');
|
|
});
|
|
|
|
// We ensure that harry has access to what he is granted to
|
|
describe('Permissions of user harry', function() {
|
|
before(async function() {
|
|
this.driver = await StartDriver();
|
|
const secret = await LoginAndRegisterTotp(this.driver, "harry", "password", true);
|
|
await VisitPageAndWaitUrlIs(this.driver, 'https://login.example.com:8080/#/');
|
|
await ValidateTotp(this.driver, secret);
|
|
await VerifyUrlIs(this.driver, "https://home.example.com:8080/");
|
|
});
|
|
|
|
after(async function() {
|
|
await Logout(this.driver);
|
|
await StopDriver(this.driver);
|
|
});
|
|
|
|
ShouldHaveAccessTo('https://public.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://secure.example.com:8080/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/groups/admin/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/groups/dev/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/users/john/secret.html');
|
|
ShouldHaveAccessTo('https://dev.example.com:8080/users/harry/secret.html');
|
|
ShouldNotHaveAccessTo('https://dev.example.com:8080/users/bob/secret.html');
|
|
ShouldNotHaveAccessTo('https://admin.example.com:8080/secret.html');
|
|
ShouldNotHaveAccessTo('https://mx1.mail.example.com:8080/secret.html');
|
|
ShouldHaveAccessTo('https://singlefactor.example.com:8080/secret.html');
|
|
ShouldNotHaveAccessTo('https://mx2.mail.example.com:8080/secret.html');
|
|
});
|
|
} |