diff options
| author | 6543 <6543@obermui.de> | 2024-02-24 05:18:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-24 12:18:49 +0800 |
| commit | 4ba642d07d50d7eb42ae33cd6f1f7f2c82c02a40 (patch) | |
| tree | 52f879a6788100115c2127d62c0c6182cd96ad41 /tests/integration | |
| parent | 875f5ea6d83c8371f309df99654ca3556623004c (diff) | |
| download | gitea-4ba642d07d50d7eb42ae33cd6f1f7f2c82c02a40.tar.gz gitea-4ba642d07d50d7eb42ae33cd6f1f7f2c82c02a40.zip | |
Revert "Support SAML authentication (#25165)" (#29358)
This reverts #25165 (5bb8d1924d77c675467694de26697b876d709a17), as there
was a chance some important reviews got missed.
so after reverting this patch it will be resubmitted for reviewing again
https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242
temporary Open #5512 again
Diffstat (limited to 'tests/integration')
| -rw-r--r-- | tests/integration/README.md | 17 | ||||
| -rw-r--r-- | tests/integration/saml_test.go | 150 |
2 files changed, 0 insertions, 167 deletions
diff --git a/tests/integration/README.md b/tests/integration/README.md index c691483511..f6f74ca21f 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -110,20 +110,3 @@ SLOW_FLUSH = 5S ; 5s is the default value ```bash GITEA_SLOW_TEST_TIME="10s" GITEA_SLOW_FLUSH_TIME="5s" make test-sqlite ``` - -## Running SimpleSAML for testing SAML locally - -```shell -docker run \ --p 8080:8080 \ --p 8443:8443 \ --e SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:3003/user/saml/test-sp/metadata \ --e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:3003/user/saml/test-sp/acs \ --e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://localhost:3003/user/saml/test-sp/acs \ ---add-host=localhost:192.168.65.2 \ --d allspice/simple-saml -``` - -```shell -TEST_SIMPLESAML_URL=localhost:8080 make test-sqlite#TestSAMLRegistration -``` diff --git a/tests/integration/saml_test.go b/tests/integration/saml_test.go deleted file mode 100644 index 585fd35c5f..0000000000 --- a/tests/integration/saml_test.go +++ /dev/null @@ -1,150 +0,0 @@ -// Copyright 2023 The Gitea Authors. All rights reserved. -// SPDX-License-Identifier: MIT - -package integration - -import ( - "crypto/tls" - "crypto/x509" - "fmt" - "io" - "net/http" - "net/http/cookiejar" - "net/url" - "os" - "regexp" - "strings" - "testing" - "time" - - "code.gitea.io/gitea/models/auth" - "code.gitea.io/gitea/models/db" - user_model "code.gitea.io/gitea/models/user" - "code.gitea.io/gitea/modules/setting" - "code.gitea.io/gitea/modules/test" - "code.gitea.io/gitea/services/auth/source/saml" - "code.gitea.io/gitea/tests" - - "github.com/stretchr/testify/assert" -) - -func TestSAMLRegistration(t *testing.T) { - defer tests.PrepareTestEnv(t)() - - samlURL := "localhost:8080" - - if os.Getenv("CI") == "" || !setting.Database.Type.IsPostgreSQL() { - // Make it possible to run tests against a local simplesaml instance - samlURL = os.Getenv("TEST_SIMPLESAML_URL") - if samlURL == "" { - t.Skip("TEST_SIMPLESAML_URL not set and not running in CI") - return - } - } - - privateKey, cert, err := saml.GenerateSAMLSPKeypair() - assert.NoError(t, err) - - // verify that the keypair can be parsed - keyPair, err := tls.X509KeyPair([]byte(cert), []byte(privateKey)) - assert.NoError(t, err) - keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0]) - assert.NoError(t, err) - - assert.NoError(t, auth.CreateSource(db.DefaultContext, &auth.Source{ - Type: auth.SAML, - Name: "test-sp", - IsActive: true, - IsSyncEnabled: false, - Cfg: &saml.Source{ - IdentityProviderMetadata: "", - IdentityProviderMetadataURL: fmt.Sprintf("http://%s/simplesaml/saml2/idp/metadata.php", samlURL), - InsecureSkipAssertionSignatureValidation: false, - NameIDFormat: 4, - ServiceProviderCertificate: "", // SimpleSAMLPhp requires that the SP certificate be specified in the server configuration rather than SP metadata - ServiceProviderPrivateKey: "", - EmailAssertionKey: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", - NameAssertionKey: "http://schemas.xmlsoap.org/claims/CommonName", - UsernameAssertionKey: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", - IconURL: "", - }, - })) - - // check the saml metadata url - req := NewRequest(t, "GET", "/user/saml/test-sp/metadata") - MakeRequest(t, req, http.StatusOK) - - req = NewRequest(t, "GET", "/user/saml/test-sp") - resp := MakeRequest(t, req, http.StatusTemporaryRedirect) - - jar, err := cookiejar.New(nil) - assert.NoError(t, err) - - client := http.Client{ - Timeout: 30 * time.Second, - Jar: jar, - } - - httpReq, err := http.NewRequest("GET", test.RedirectURL(resp), nil) - assert.NoError(t, err) - - var formRedirectURL *url.URL - client.CheckRedirect = func(req *http.Request, via []*http.Request) error { - // capture the redirected destination to use in POST request - formRedirectURL = req.URL - return nil - } - - res, err := client.Do(httpReq) - client.CheckRedirect = nil - assert.NoError(t, err) - assert.Equal(t, http.StatusOK, res.StatusCode) - assert.NotNil(t, formRedirectURL) - - form := url.Values{ - "username": {"user1"}, - "password": {"user1pass"}, - } - - httpReq, err = http.NewRequest("POST", formRedirectURL.String(), strings.NewReader(form.Encode())) - assert.NoError(t, err) - httpReq.Header.Add("Content-Type", "application/x-www-form-urlencoded") - - res, err = client.Do(httpReq) - assert.NoError(t, err) - assert.Equal(t, http.StatusOK, res.StatusCode) - - body, err := io.ReadAll(res.Body) - assert.NoError(t, err) - - samlResMatcher := regexp.MustCompile(`<input.*?name="SAMLResponse".*?value="([^"]+)".*?>`) - matches := samlResMatcher.FindStringSubmatch(string(body)) - assert.Len(t, matches, 2) - assert.NoError(t, res.Body.Close()) - - session := emptyTestSession(t) - - req = NewRequestWithValues(t, "POST", "/user/saml/test-sp/acs", map[string]string{ - "SAMLResponse": matches[1], - }) - resp = session.MakeRequest(t, req, http.StatusSeeOther) - assert.Equal(t, test.RedirectURL(resp), "/user/link_account") - - csrf := GetCSRF(t, session, test.RedirectURL(resp)) - - // link the account - req = NewRequestWithValues(t, "POST", "/user/link_account_signup", map[string]string{ - "_csrf": csrf, - "user_name": "samluser", - "email": "saml@example.com", - }) - - resp = session.MakeRequest(t, req, http.StatusSeeOther) - assert.Equal(t, test.RedirectURL(resp), "/") - - // verify that the user was created - u, err := user_model.GetUserByEmail(db.DefaultContext, "saml@example.com") - assert.NoError(t, err) - assert.NotNil(t, u) - assert.Equal(t, "samluser", u.Name) -} |