YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

ci: Fix test_permission_propagation_on_ssowat ?

Browse source
This commit is contained in:
Alexandre Aubin 2024-08-05 20:53:32 +02:00
parent 54fd311bec
commit 656e5c75d1
1 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/tests/test_sso_and_portalapi.py
View file

@ -7,7 +7,7 @@ import os
from .conftest import message, raiseYunohostError, get_test_apps_dir from .conftest import message, raiseYunohostError, get_test_apps_dir
from yunohost.domain import _get_maindomain, domain_add, domain_remove, domain_list from yunohost.domain import _get_maindomain, domain_add, domain_remove, domain_list
from yunohost.user import user_create, user_list, user_delete from yunohost.user import user_create, user_list, user_delete, user_update
from yunohost.authenticators.ldap_ynhuser import Authenticator, SESSION_FOLDER, short_hash from yunohost.authenticators.ldap_ynhuser import Authenticator, SESSION_FOLDER, short_hash
from yunohost.app import app_install, app_remove, app_setting, app_ssowatconf, app_change_url from yunohost.app import app_install, app_remove, app_setting, app_ssowatconf, app_change_url
from yunohost.permission import user_permission_list, user_permission_update from yunohost.permission import user_permission_list, user_permission_update
@ -229,19 +229,49 @@ def test_permission_propagation_on_ssowat():
"hellopy.main", remove=["visitors", "all_users"], add="alice" "hellopy.main", remove=["visitors", "all_users"], add="alice"
) )
# Visitors now get redirected to portal
r = request(f"https://{maindomain}/") r = request(f"https://{maindomain}/")
assert r.status_code == 302 assert r.status_code == 302
assert r.headers['Location'].startswith(f"https://{maindomain}/yunohost/sso?r=") assert r.headers['Location'].startswith(f"https://{maindomain}/yunohost/sso?r=")
# Alice can still access the app fine
r = request(f"https://{maindomain}/", logged_as="alice") r = request(f"https://{maindomain}/", logged_as="alice")
assert r.status_code == 200 and r.content.decode().strip() == "Hello world!" assert r.status_code == 200 and r.content.decode().strip() == "Hello world!"
# Bob can't even login because doesnt has access to any app on the domain
# (that's debattable tho) def test_login_right_depending_on_app_access_and_mail():
r = request(f"https://{maindomain}/", logged_as="bob")
assert r.status_code == 200 and r.content.decode().strip() == "Hello world!"
user_permission_update(
"hellopy.main", remove=["visitors", "all_users"], add="alice"
)
# Bob can still login even though he has no access to any apps, because its mail address is on the maindomain
with requests.Session() as session:
r = login(session, "bob")
assert session.cookies
if secondarydomain not in domain_list()["domains"]:
domain_add(secondarydomain)
user_update("bob", mail=f"bob@{secondarydomain}")
# Now bob shouldn't be able to login anymore (on the main domain)
with requests.Session() as session: with requests.Session() as session:
r = login(session, "bob") r = login(session, "bob")
assert not session.cookies assert not session.cookies
user_permission_update(
"hellopy.main", add="bob"
)
# Bob should be allowed to login again (even though its mail is on secondarydomain)
r = request(f"https://{maindomain}/", logged_as="bob")
assert r.status_code == 200 and r.content.decode().strip() == "Hello world!"
def test_sso_basic_auth_header(): def test_sso_basic_auth_header():