From 4b1e991ecdd91450aaf13acffc545a0b5ec9a3f9 Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Thu, 15 Aug 2024 02:38:31 +0200
Subject: [PATCH] add wip vaultwarden test to check auth
---
test/services/vaultwarden.nix | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/test/services/vaultwarden.nix b/test/services/vaultwarden.nix
index 4b5df32..464606c 100644
--- a/test/services/vaultwarden.nix
+++ b/test/services/vaultwarden.nix
@@ -18,6 +18,36 @@ let
8222
5432
];
+ # to get the get token test to succeed we need:
+ # 1. add group Vaultwarden_admin to LLDAP
+ # 2. add an Authelia user with to that group
+ # 3. login in Authelia with that user
+ # 4. go to the Vaultwarden /admin endpoint
+ # 5. create a Vaultwarden user
+ # 6. now login with that new user to Vaultwarden
+ extraScript = { node, proto_fqdn, ... }: ''
+ with subtest("prelogin"):
+ response = curl(client, "", "${proto_fqdn}/identity/accounts/prelogin", data=unline_with("", """
+ {"email": "me@example.com"}
+ """))
+ print(response)
+ if 'Kdf' not in response:
+ raise Exception("Unrecognized response: {}".format(response))
+
+ with subtest("get token"):
+ response = curl(client, "", "${proto_fqdn}/identity/connect/token", data=unline_with("", """
+ scope=api%20offline_access
+ &client_id=web
+ &deviceType=10
+ &deviceIdentifier=a60323bf-4686-4b4d-96e0-3c241fa5581c
+ &deviceName=firefox
+ &grant_type=password&username=me
+ &password=mypassword
+ """))
+ print(response)
+ if response["Message"] != "Username or password is incorrect. Try again":
+ raise Exception("Unrecognized response: {}".format(response))
+ '';
};
base = testLib.base pkgs' [
@@ -25,6 +55,7 @@ let
];
basic = { config, ... }: {
+ shb.nginx.accessLog = true;
shb.vaultwarden = {
enable = true;
inherit subdomain domain;