mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-14 20:40:17 -05:00
[SP] e2e tests for SAML/LDAP (#19182)
* [SP] e2e tests for SAML/LDAP * [server-pro] tests: prefetch ldap and saml docker images --------- Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com> GitOrigin-RevId: 64298df3f3941a8267a8aacd431757d21b43c75b
This commit is contained in:
parent
fa6a178e61
commit
30a64401b2
7 changed files with 117 additions and 3 deletions
|
@ -12,7 +12,7 @@ export IMAGE_TAG_PRO ?= quay.io/sharelatex/sharelatex-pro:latest
|
||||||
|
|
||||||
test-e2e-native:
|
test-e2e-native:
|
||||||
docker compose -f docker-compose.yml -f docker-compose.native.yml up --build --no-log-prefix sharelatex host-admin -d
|
docker compose -f docker-compose.yml -f docker-compose.native.yml up --build --no-log-prefix sharelatex host-admin -d
|
||||||
CYPRESS_ADMIN_CLIENT_URL='http://localhost:8081' CYPRESS_GIT_BRIDGE_PUBLIC_HOST='localhost' npm run cypress:open
|
CYPRESS_ADMIN_CLIENT_URL='http://localhost:8081' CYPRESS_GIT_BRIDGE_PUBLIC_HOST='localhost' CYPRESS_SAML_PUBLIC_HOST='localhost:8082' CYPRESS_OVERLEAF_PUBLIC_HOST='localhost:8082' npm run cypress:open
|
||||||
|
|
||||||
test-e2e:
|
test-e2e:
|
||||||
docker compose up --build --no-log-prefix --exit-code-from=e2e e2e
|
docker compose up --build --no-log-prefix --exit-code-from=e2e e2e
|
||||||
|
@ -24,7 +24,7 @@ clean:
|
||||||
docker compose down --volumes --timeout 0
|
docker compose down --volumes --timeout 0
|
||||||
|
|
||||||
prefetch:
|
prefetch:
|
||||||
docker compose pull e2e mongo redis
|
docker compose pull e2e mongo redis saml ldap
|
||||||
docker compose build
|
docker compose build
|
||||||
echo -n "$$ALL_TEX_LIVE_DOCKER_IMAGES" | xargs -d, -I% \
|
echo -n "$$ALL_TEX_LIVE_DOCKER_IMAGES" | xargs -d, -I% \
|
||||||
sh -exc 'tag=%; re_tag=quay.io/sharelatex/$${tag#*/}; docker pull $$tag; docker tag $$tag $$re_tag'
|
sh -exc 'tag=%; re_tag=quay.io/sharelatex/$${tag#*/}; docker pull $$tag; docker tag $$tag $$re_tag'
|
||||||
|
|
|
@ -12,3 +12,10 @@ services:
|
||||||
environment:
|
environment:
|
||||||
NATIVE_CYPRESS: 'true'
|
NATIVE_CYPRESS: 'true'
|
||||||
ACCESS_CONTROL_ALLOW_ORIGIN: 'http://localhost'
|
ACCESS_CONTROL_ALLOW_ORIGIN: 'http://localhost'
|
||||||
|
|
||||||
|
saml:
|
||||||
|
ports:
|
||||||
|
- 127.0.0.1:8082:80
|
||||||
|
environment:
|
||||||
|
SAML_BASE_URL_PATH: 'http://localhost:8082/simplesaml/'
|
||||||
|
SAML_TEST_SP_LOCATION: 'http://localhost/saml/callback'
|
||||||
|
|
|
@ -108,3 +108,15 @@ services:
|
||||||
interval: 3s
|
interval: 3s
|
||||||
timeout: 3s
|
timeout: 3s
|
||||||
retries: 30
|
retries: 30
|
||||||
|
|
||||||
|
saml:
|
||||||
|
restart: always
|
||||||
|
image: gcr.io/overleaf-ops/saml-test
|
||||||
|
environment:
|
||||||
|
SAML_TEST_SP_ENTITY_ID: 'sharelatex-test-saml'
|
||||||
|
SAML_BASE_URL_PATH: 'http://saml/simplesaml/'
|
||||||
|
SAML_TEST_SP_LOCATION: 'http://sharelatex/saml/callback'
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
restart: always
|
||||||
|
image: rroemhild/test-openldap:1.1
|
||||||
|
|
65
server-ce/test/external-auth.spec.ts
Normal file
65
server-ce/test/external-auth.spec.ts
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
import { startWith } from './helpers/config'
|
||||||
|
|
||||||
|
describe('SAML', () => {
|
||||||
|
const overleafPublicHost = Cypress.env('OVERLEAF_PUBLIC_HOST') || 'sharelatex'
|
||||||
|
const samlPublicHost = Cypress.env('SAML_PUBLIC_HOST') || 'saml'
|
||||||
|
|
||||||
|
startWith({
|
||||||
|
pro: true,
|
||||||
|
vars: {
|
||||||
|
EXTERNAL_AUTH: 'saml',
|
||||||
|
OVERLEAF_SAML_ENTRYPOINT: `http://${samlPublicHost}/simplesaml/saml2/idp/SSOService.php`,
|
||||||
|
OVERLEAF_SAML_CALLBACK_URL: `http://${overleafPublicHost}/saml/callback`,
|
||||||
|
OVERLEAF_SAML_ISSUER: 'sharelatex-test-saml',
|
||||||
|
OVERLEAF_SAML_IDENTITY_SERVICE_NAME: 'SAML Test Server',
|
||||||
|
OVERLEAF_SAML_EMAIL_FIELD: 'email',
|
||||||
|
OVERLEAF_SAML_FIRST_NAME_FIELD: 'givenName',
|
||||||
|
OVERLEAF_SAML_LAST_NAME_FIELD: 'sn',
|
||||||
|
OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN: 'true',
|
||||||
|
OVERLEAF_SAML_CERT:
|
||||||
|
'MIIDXTCCAkWgAwIBAgIJAOvOeQ4xFTzsMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTYxMTE1MTQxMjU5WhcNMjYxMTE1MTQxMjU5WjBFMQswCQYDVQQGEwJHQjETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCT6MBe5G9VoLU8MfztOEbUhnwLp17ak8eFUqxqeXkkqtWB0b/cmIBU3xoQoO3dIF8PBzfqehqfYVhrNt/TFgcmDfmJnPJRL1RJWMW3VmiP5odJ3LwlkKbZpkeT3wZ8HEJIR1+zbpxiBNkbd2GbdR1iumcsHzMYX1A2CBj+ZMV5VijC+K4P0e9c05VsDEUtLmfeAasJAiumQoVVgAe/BpiXjICGGewa6EPFI7mKkifIRKOGxdRESwZZjxP30bI31oDN0cgKqIgSJtJ9nfCn9jgBMBkQHu42WMuaWD4jrGd7+vYdX+oIfArs9aKgAH5kUGhGdew2R9SpBefrhbNxG8QIDAQABo1AwTjAdBgNVHQ4EFgQU+aSojSyyLChP/IpZcafvSdhj7KkwHwYDVR0jBBgwFoAU+aSojSyyLChP/IpZcafvSdhj7KkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABl3+OOVLBWMKs6PjA8lPuloWDNzSr3v76oUcHqAb+cfbucjXrOVsS9RJ0X9yxvCQyfM9FfY43DbspnN3izYhdvbJD8kKLNf0LA5st+ZxLfy0ACyL2iyAwICaqndqxAjQYplFAHmpUiu1DiHckyBPekokDJd+ze95urHMOsaGS5RWPoKJVE0bkaAeZCmEu0NNpXRSBiuxXSTeSAJfv6kyE/rkdhzUKyUl/cGQFrsVYfAFQVA+W6CKOh74ErSEzSHQQYndl7nD33snD/YqdU1ROxV6aJzLKCg+sdj+wRXSP2u/UHnM4jW9TGJfhO42jzL6WVuEvr9q4l7zWzUQKKKhtQ==',
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
it('login', () => {
|
||||||
|
cy.visit('/')
|
||||||
|
cy.findByText('Log in with SAML Test Server').click()
|
||||||
|
|
||||||
|
cy.origin(`http://${samlPublicHost}`, () => {
|
||||||
|
cy.get('input[name="username"]').type('sally')
|
||||||
|
cy.get('input[name="password"]').type('sally123')
|
||||||
|
cy.get('button[type="submit"]').click()
|
||||||
|
})
|
||||||
|
|
||||||
|
cy.findByText('Create a new project')
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
describe('LDAP', () => {
|
||||||
|
startWith({
|
||||||
|
pro: true,
|
||||||
|
vars: {
|
||||||
|
EXTERNAL_AUTH: 'ldap',
|
||||||
|
OVERLEAF_LDAP_URL: 'ldap://ldap:389',
|
||||||
|
OVERLEAF_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com',
|
||||||
|
OVERLEAF_LDAP_SEARCH_FILTER: '(uid={{username}})',
|
||||||
|
OVERLEAF_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com',
|
||||||
|
OVERLEAF_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone',
|
||||||
|
OVERLEAF_LDAP_EMAIL_ATT: 'mail',
|
||||||
|
OVERLEAF_LDAP_NAME_ATT: 'cn',
|
||||||
|
OVERLEAF_LDAP_LAST_NAME_ATT: 'sn',
|
||||||
|
OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true',
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
it('login', () => {
|
||||||
|
cy.visit('/')
|
||||||
|
cy.findByText('Log in LDAP')
|
||||||
|
|
||||||
|
cy.get('input[name="login"]').type('fry')
|
||||||
|
cy.get('input[name="password"]').type('fry')
|
||||||
|
cy.get('button[type="submit"]').click()
|
||||||
|
|
||||||
|
cy.findByText('Create a new project')
|
||||||
|
})
|
||||||
|
})
|
|
@ -14,7 +14,12 @@ export function startWith({
|
||||||
}) {
|
}) {
|
||||||
before(async function () {
|
before(async function () {
|
||||||
Object.assign(vars, varsFn())
|
Object.assign(vars, varsFn())
|
||||||
const cfg = JSON.stringify({ pro, version, vars, withDataDir })
|
const cfg = JSON.stringify({
|
||||||
|
pro,
|
||||||
|
version,
|
||||||
|
vars,
|
||||||
|
withDataDir,
|
||||||
|
})
|
||||||
if (lastConfig === cfg) return
|
if (lastConfig === cfg) return
|
||||||
|
|
||||||
this.timeout(STARTUP_TIMEOUT)
|
this.timeout(STARTUP_TIMEOUT)
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
import { createProject } from './helpers/project'
|
import { createProject } from './helpers/project'
|
||||||
import { throttledRecompile } from './helpers/compile'
|
import { throttledRecompile } from './helpers/compile'
|
||||||
import { ensureUserExists, login } from './helpers/login'
|
import { ensureUserExists, login } from './helpers/login'
|
||||||
|
import { startWith } from './helpers/config'
|
||||||
|
|
||||||
describe('History', function () {
|
describe('History', function () {
|
||||||
|
startWith({})
|
||||||
ensureUserExists({ email: 'user@example.com' })
|
ensureUserExists({ email: 'user@example.com' })
|
||||||
beforeEach(function () {
|
beforeEach(function () {
|
||||||
login('user@example.com')
|
login('user@example.com')
|
||||||
|
|
|
@ -132,6 +132,25 @@ const allowedVars = Joi.object(
|
||||||
'OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS',
|
'OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS',
|
||||||
'OVERLEAF_ALLOW_PUBLIC_ACCESS',
|
'OVERLEAF_ALLOW_PUBLIC_ACCESS',
|
||||||
'OVERLEAF_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING',
|
'OVERLEAF_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING',
|
||||||
|
'EXTERNAL_AUTH',
|
||||||
|
'OVERLEAF_SAML_ENTRYPOINT',
|
||||||
|
'OVERLEAF_SAML_CALLBACK_URL',
|
||||||
|
'OVERLEAF_SAML_ISSUER',
|
||||||
|
'OVERLEAF_SAML_IDENTITY_SERVICE_NAME',
|
||||||
|
'OVERLEAF_SAML_EMAIL_FIELD',
|
||||||
|
'OVERLEAF_SAML_FIRST_NAME_FIELD',
|
||||||
|
'OVERLEAF_SAML_LAST_NAME_FIELD',
|
||||||
|
'OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN',
|
||||||
|
'OVERLEAF_SAML_CERT',
|
||||||
|
'OVERLEAF_LDAP_URL',
|
||||||
|
'OVERLEAF_LDAP_SEARCH_BASE',
|
||||||
|
'OVERLEAF_LDAP_SEARCH_FILTER',
|
||||||
|
'OVERLEAF_LDAP_BIND_DN',
|
||||||
|
'OVERLEAF_LDAP_BIND_CREDENTIALS',
|
||||||
|
'OVERLEAF_LDAP_EMAIL_ATT',
|
||||||
|
'OVERLEAF_LDAP_NAME_ATT',
|
||||||
|
'OVERLEAF_LDAP_LAST_NAME_ATT',
|
||||||
|
'OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN',
|
||||||
// Old branding, used for upgrade tests
|
// Old branding, used for upgrade tests
|
||||||
'SHARELATEX_MONGO_URL',
|
'SHARELATEX_MONGO_URL',
|
||||||
'SHARELATEX_REDIS_HOST',
|
'SHARELATEX_REDIS_HOST',
|
||||||
|
@ -153,6 +172,10 @@ function setVarsDockerCompose({ pro, vars, version, withDataDir }) {
|
||||||
cfg.services.sharelatex.depends_on = []
|
cfg.services.sharelatex.depends_on = []
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (['ldap', 'saml'].includes(vars.EXTERNAL_AUTH)) {
|
||||||
|
cfg.services.sharelatex.depends_on.push(vars.EXTERNAL_AUTH)
|
||||||
|
}
|
||||||
|
|
||||||
const dataDirInContainer =
|
const dataDirInContainer =
|
||||||
version === 'latest' || version >= '5.0'
|
version === 'latest' || version >= '5.0'
|
||||||
? '/var/lib/overleaf/data'
|
? '/var/lib/overleaf/data'
|
||||||
|
|
Loading…
Reference in a new issue