1
0
Fork 0

make authelia test validate clients exists

This commit is contained in:
ibizaman 2024-01-23 21:52:23 -08:00 committed by Pierre Penninckx
parent 43beb92ed2
commit fdf4f54ef3

View file

@ -23,7 +23,7 @@ in
enable = true; enable = true;
dcdomain = "dc=example,dc=com"; dcdomain = "dc=example,dc=com";
subdomain = "ldap"; subdomain = "ldap";
domain = "example.com"; domain = "machine";
ldapUserPasswordFile = pkgs.writeText "user_password" ldapAdminPassword; ldapUserPasswordFile = pkgs.writeText "user_password" ldapAdminPassword;
jwtSecretFile = pkgs.writeText "jwt_secret" "securejwtsecret"; jwtSecretFile = pkgs.writeText "jwt_secret" "securejwtsecret";
}; };
@ -31,7 +31,7 @@ in
shb.authelia = { shb.authelia = {
enable = true; enable = true;
subdomain = "authelia"; subdomain = "authelia";
domain = "example.com"; domain = "machine";
ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}"; ldapEndpoint = "ldap://127.0.0.1:${builtins.toString config.shb.ldap.ldapPort}";
dcdomain = config.shb.ldap.dcdomain; dcdomain = config.shb.ldap.dcdomain;
secrets = { secrets = {
@ -45,25 +45,67 @@ in
identityProvidersOIDCIssuerPrivateKeyFile = pkgs.writeText "identityProvidersOIDCIssuerPrivateKeyFile" (builtins.readFile ./keypair.pem); identityProvidersOIDCIssuerPrivateKeyFile = pkgs.writeText "identityProvidersOIDCIssuerPrivateKeyFile" (builtins.readFile ./keypair.pem);
}; };
oidcClients = [ oidcClients = [
{ {
id = "myclient"; id = "client1";
description = "My Client"; description = "My Client 1";
secretFile = pkgs.writeText "secret" "mysecuresecret"; secretFile = pkgs.writeText "secret" "mysecuresecret";
public = false; public = false;
authorization_policy = "one_factor"; authorization_policy = "one_factor";
redirect_uris = [ "https://myclient.exapmle.com/redirect" ]; redirect_uris = [ "http://client1.machine/redirect" ];
}
{
id = "client2";
description = "My Client 2";
secretFile = pkgs.writeText "secret" "myothersecret";
public = false;
authorization_policy = "one_factor";
redirect_uris = [ "http://client2.machine/redirect" ];
} }
]; ];
}; };
}; };
testScript = { nodes, ... }: '' testScript = { nodes, ... }: ''
import json
start_all() start_all()
machine.wait_for_unit("lldap.service") machine.wait_for_unit("lldap.service")
machine.wait_for_unit("authelia-authelia.example.com.service") machine.wait_for_unit("authelia-authelia.machine.service")
machine.wait_for_open_port(${toString nodes.machine.services.authelia.instances."authelia.machine".settings.server.port})
endpoints = json.loads(machine.succeed("curl -s http://machine/.well-known/openid-configuration"))
auth_endpoint = endpoints['authorization_endpoint']
machine.succeed(
"curl -f -s '"
+ auth_endpoint
+ "?client_id=other"
+ "&redirect_uri=http://client1.machine/redirect"
+ "&scope=openid%20profile%20email"
+ "&response_type=code"
+ "&state=99999999'"
)
machine.succeed(
"curl -f -s '"
+ auth_endpoint
+ "?client_id=client1"
+ "&redirect_uri=http://client1.machine/redirect"
+ "&scope=openid%20profile%20email"
+ "&response_type=code"
+ "&state=11111111'"
)
machine.succeed(
"curl -f -s '"
+ auth_endpoint
+ "?client_id=client2"
+ "&redirect_uri=http://client2.machine/redirect"
+ "&scope=openid%20profile%20email"
+ "&response_type=code"
+ "&state=22222222'"
)
''; '';
}; };
} }