mirror of
https://github.com/kanidm/kanidm.git
synced 2025-05-24 01:43:55 +02:00
Cleanup tests that are hitting native certs, or do nothing at all
This commit is contained in:
William Brown
parent
5e8e1cda53
commit
2eaa6984ea
1
Cargo.lock
generated
1
Cargo.lock
generated
|
|
@ -3247,7 +3247,6 @@ dependencies = [
|
|||
"escargot",
|
||||
"fantoccini",
|
||||
"futures",
|
||||
"http 1.2.0",
|
||||
"jsonschema",
|
||||
"kanidm_build_profiles",
|
||||
"kanidm_client",
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ use std::time::Duration;
|
|||
|
||||
use compact_jwt::Jwk;
|
||||
|
||||
pub use http;
|
||||
use kanidm_proto::constants::uri::V1_AUTH_VALID;
|
||||
use kanidm_proto::constants::{
|
||||
ATTR_DOMAIN_DISPLAY_NAME, ATTR_DOMAIN_LDAP_BASEDN, ATTR_DOMAIN_SSID, ATTR_ENTRY_MANAGED_BY,
|
||||
|
|
@ -585,6 +586,11 @@ fn find_reqwest_error_source<E: std::error::Error + 'static>(
|
|||
}
|
||||
|
||||
impl KanidmClient {
|
||||
/// Access the underlying reqwest client that has been configured for this Kanidm server
|
||||
pub fn client(&self) -> &reqwest::Client {
|
||||
&self.client
|
||||
}
|
||||
|
||||
pub fn get_origin(&self) -> &Url {
|
||||
&self.origin
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ webdriver = []
|
|||
dev-oauth2-device-flow = []
|
||||
|
||||
[dependencies]
|
||||
http = { workspace = true }
|
||||
kanidm_client = { workspace = true }
|
||||
kanidm_proto = { workspace = true }
|
||||
kanidmd_core = { workspace = true }
|
||||
|
|
@ -57,7 +56,6 @@ futures = { workspace = true }
|
|||
oauth2_ext = { workspace = true, default-features = false, features = [
|
||||
"reqwest",
|
||||
] }
|
||||
openssl = { workspace = true }
|
||||
petgraph = { version = "0.7.1", features = ["serde"] }
|
||||
serde_json = { workspace = true }
|
||||
time = { workspace = true }
|
||||
|
|
|
|||
|
|
@ -397,7 +397,7 @@ macro_rules! assert_no_cache {
|
|||
// Check we have correct nocache headers.
|
||||
let cache_header: &str = $response
|
||||
.headers()
|
||||
.get(http::header::CACHE_CONTROL)
|
||||
.get(kanidm_client::http::header::CACHE_CONTROL)
|
||||
.expect("missing cache-control header")
|
||||
.to_str()
|
||||
.expect("invalid cache-control header");
|
||||
|
|
|
|||
|
|
@ -12,21 +12,18 @@ async fn check_that_the_swagger_api_loads(rsclient: kanidm_client::KanidmClient)
|
|||
rsclient.set_token("".into()).await;
|
||||
info!("Running test: check_that_the_swagger_api_loads");
|
||||
let url = rsclient.make_url("/docs/v1/openapi.json");
|
||||
let openapi_response: OpenAPIResponse = reqwest::get(url.clone())
|
||||
|
||||
let openapi_response = rsclient
|
||||
.perform_get_request::<OpenAPIResponse>(url.as_str())
|
||||
.await
|
||||
.expect("Failed to get openapi.json")
|
||||
.json()
|
||||
.await
|
||||
.unwrap();
|
||||
.expect("Failed to get openapi.json");
|
||||
assert_eq!(openapi_response.openapi, "3.0.3");
|
||||
|
||||
// this validates that it's valid JSON schema, but not that it's valid openapi... but it's a start.
|
||||
let schema: serde_json::Value = reqwest::get(url)
|
||||
let schema = rsclient
|
||||
.perform_get_request::<serde_json::Value>(url.as_str())
|
||||
.await
|
||||
.expect("Failed to get openapi.json")
|
||||
.json()
|
||||
.await
|
||||
.unwrap();
|
||||
.expect("Failed to get openapi.json");
|
||||
|
||||
let instance = serde_json::json!("foo");
|
||||
let compiled = Validator::new(&schema).expect("A valid schema");
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
use kanidm_client::{ClientError, KanidmClient};
|
||||
use kanidm_client::{ClientError, KanidmClient, StatusCode};
|
||||
use kanidm_proto::constants::ATTR_DESCRIPTION;
|
||||
use kanidmd_testkit::{create_user, ADMIN_TEST_PASSWORD, ADMIN_TEST_USER};
|
||||
use serde_json::Value;
|
||||
|
|
@ -48,6 +48,6 @@ async fn test_v1_group_id_attr_post(rsclient: KanidmClient) {
|
|||
eprintln!("response: {:#?}", response);
|
||||
assert!(matches!(
|
||||
response,
|
||||
ClientError::Http(reqwest::StatusCode::BAD_REQUEST, _, _)
|
||||
ClientError::Http(StatusCode::BAD_REQUEST, _, _)
|
||||
));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,16 @@
|
|||
use kanidm_client::KanidmClient;
|
||||
use kanidm_client::{http::header, KanidmClient};
|
||||
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_https_manifest(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
let client = rsclient.client();
|
||||
|
||||
// here we test the /ui/ endpoint which should have the headers
|
||||
let response = match reqwest::get(rsclient.make_url("/manifest.webmanifest")).await {
|
||||
let response = match client
|
||||
.get(rsclient.make_url("/manifest.webmanifest"))
|
||||
.send()
|
||||
.await
|
||||
{
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
|
|
@ -20,8 +25,6 @@ async fn test_https_manifest(rsclient: KanidmClient) {
|
|||
|
||||
eprintln!(
|
||||
"csp headers: {:#?}",
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY)
|
||||
response.headers().get(header::CONTENT_SECURITY_POLICY)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,10 +12,8 @@ const DEFAULT_IP_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1));
|
|||
|
||||
#[kanidmd_testkit::test(trust_x_forward_for = false)]
|
||||
async fn dont_trust_xff_send_header(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(
|
||||
|
|
@ -35,10 +33,8 @@ async fn dont_trust_xff_send_header(rsclient: KanidmClient) {
|
|||
|
||||
#[kanidmd_testkit::test(trust_x_forward_for = false)]
|
||||
async fn dont_trust_xff_dont_send_header(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(
|
||||
|
|
@ -63,10 +59,8 @@ async fn dont_trust_xff_dont_send_header(rsclient: KanidmClient) {
|
|||
|
||||
#[kanidmd_testkit::test(trust_x_forward_for = true)]
|
||||
async fn trust_xff_send_invalid_header_single_value(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(
|
||||
|
|
@ -85,10 +79,8 @@ async fn trust_xff_send_invalid_header_single_value(rsclient: KanidmClient) {
|
|||
//
|
||||
#[kanidmd_testkit::test(trust_x_forward_for = true)]
|
||||
async fn trust_xff_send_invalid_header_multiple_values(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(
|
||||
|
|
@ -106,10 +98,8 @@ async fn trust_xff_send_invalid_header_multiple_values(rsclient: KanidmClient) {
|
|||
async fn trust_xff_send_valid_header_single_ipv4_address(rsclient: KanidmClient) {
|
||||
let ip_addr = "2001:db8:85a3:8d3:1319:8a2e:370:7348";
|
||||
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(X_FORWARDED_FOR, ip_addr)
|
||||
|
|
@ -128,10 +118,8 @@ async fn trust_xff_send_valid_header_single_ipv4_address(rsclient: KanidmClient)
|
|||
async fn trust_xff_send_valid_header_single_ipv6_address(rsclient: KanidmClient) {
|
||||
let ip_addr = "203.0.113.195";
|
||||
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(X_FORWARDED_FOR, ip_addr)
|
||||
|
|
@ -150,10 +138,8 @@ async fn trust_xff_send_valid_header_single_ipv6_address(rsclient: KanidmClient)
|
|||
async fn trust_xff_send_valid_header_multiple_address(rsclient: KanidmClient) {
|
||||
let first_ip_addr = "203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348";
|
||||
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(X_FORWARDED_FOR, first_ip_addr)
|
||||
|
|
@ -172,10 +158,6 @@ async fn trust_xff_send_valid_header_multiple_address(rsclient: KanidmClient) {
|
|||
|
||||
let second_ip_addr = "2001:db8:85a3:8d3:1319:8a2e:370:7348, 198.51.100.178, 203.0.113.195";
|
||||
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.header(X_FORWARDED_FOR, second_ip_addr)
|
||||
|
|
@ -195,10 +177,8 @@ async fn trust_xff_send_valid_header_multiple_address(rsclient: KanidmClient) {
|
|||
|
||||
#[kanidmd_testkit::test(trust_x_forward_for = true)]
|
||||
async fn trust_xff_dont_send_header(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let res = client
|
||||
.get(rsclient.make_url("/v1/debug/ipinfo"))
|
||||
.send()
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
use kanidm_client::http::header;
|
||||
use kanidm_client::KanidmClient;
|
||||
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_https_middleware_headers(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
let client = rsclient.client();
|
||||
|
||||
// here we test the /ui/ endpoint which should have the headers
|
||||
let response = match reqwest::get(rsclient.make_url("/ui")).await {
|
||||
let response = match client.get(rsclient.make_url("/ui")).send().await {
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
|
|
@ -19,19 +21,15 @@ async fn test_https_middleware_headers(rsclient: KanidmClient) {
|
|||
assert_eq!(response.status(), 200);
|
||||
eprintln!(
|
||||
"csp headers: {:#?}",
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY)
|
||||
response.headers().get(header::CONTENT_SECURITY_POLICY)
|
||||
);
|
||||
assert_ne!(
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY),
|
||||
response.headers().get(header::CONTENT_SECURITY_POLICY),
|
||||
None
|
||||
);
|
||||
|
||||
// here we test the /ui/login endpoint which should have the headers
|
||||
let response = match reqwest::get(rsclient.make_url("/ui/login")).await {
|
||||
let response = match client.get(rsclient.make_url("/ui/login")).send().await {
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
|
|
@ -46,14 +44,10 @@ async fn test_https_middleware_headers(rsclient: KanidmClient) {
|
|||
|
||||
eprintln!(
|
||||
"csp headers: {:#?}",
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY)
|
||||
response.headers().get(header::CONTENT_SECURITY_POLICY)
|
||||
);
|
||||
assert_ne!(
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY),
|
||||
response.headers().get(header::CONTENT_SECURITY_POLICY),
|
||||
None
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
use core::result::Result::Err;
|
||||
use kanidm_client::KanidmClient;
|
||||
use kanidm_client::{KanidmClient, StatusCode};
|
||||
use kanidm_proto::internal::OperationError;
|
||||
use kanidm_proto::internal::{IdentifyUserRequest, IdentifyUserResponse};
|
||||
|
||||
use kanidmd_lib::prelude::Attribute;
|
||||
use kanidmd_testkit::ADMIN_TEST_PASSWORD;
|
||||
use reqwest::StatusCode;
|
||||
|
||||
static UNIVERSAL_PW: &str = "eicieY7ahchaoCh0eeTa";
|
||||
|
||||
|
|
@ -26,14 +24,14 @@ async fn test_not_authenticated(rsclient: KanidmClient) {
|
|||
.idm_person_identify_user(USER_A_NAME, IdentifyUserRequest::Start)
|
||||
.await;
|
||||
assert!(
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(reqwest::StatusCode::UNAUTHORIZED, ..)))
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(StatusCode::UNAUTHORIZED, ..)))
|
||||
);
|
||||
|
||||
let res = rsclient
|
||||
.idm_person_identify_user(USER_A_NAME, IdentifyUserRequest::DisplayCode)
|
||||
.await;
|
||||
assert!(
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(reqwest::StatusCode::UNAUTHORIZED, ..)))
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(StatusCode::UNAUTHORIZED, ..)))
|
||||
);
|
||||
let res = rsclient
|
||||
.idm_person_identify_user(
|
||||
|
|
@ -43,7 +41,7 @@ async fn test_not_authenticated(rsclient: KanidmClient) {
|
|||
.await;
|
||||
|
||||
assert!(
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(reqwest::StatusCode::UNAUTHORIZED, ..)))
|
||||
matches!(res, Err(err) if matches!(err, kanidm_client::ClientError::Http(StatusCode::UNAUTHORIZED, ..)))
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ mod oauth2_test;
|
|||
mod person;
|
||||
mod proto_v1_test;
|
||||
mod scim_test;
|
||||
mod self_resources;
|
||||
mod service_account;
|
||||
mod system;
|
||||
mod unix;
|
||||
|
|
|
|||
|
|
@ -16,11 +16,10 @@ use kanidmd_lib::constants::NAME_IDM_ALL_ACCOUNTS;
|
|||
use kanidmd_lib::prelude::Attribute;
|
||||
use oauth2_ext::PkceCodeChallenge;
|
||||
use reqwest::header::{HeaderValue, CONTENT_TYPE};
|
||||
use reqwest::StatusCode;
|
||||
use uri::{OAUTH2_TOKEN_ENDPOINT, OAUTH2_TOKEN_INTROSPECT_ENDPOINT, OAUTH2_TOKEN_REVOKE_ENDPOINT};
|
||||
use url::{form_urlencoded::parse as query_parse, Url};
|
||||
|
||||
use kanidm_client::KanidmClient;
|
||||
use kanidm_client::{http::header, KanidmClient, StatusCode};
|
||||
use kanidmd_testkit::{
|
||||
assert_no_cache, ADMIN_TEST_PASSWORD, ADMIN_TEST_USER, NOT_ADMIN_TEST_EMAIL,
|
||||
NOT_ADMIN_TEST_PASSWORD, NOT_ADMIN_TEST_USERNAME, TEST_INTEGRATION_RS_DISPLAY,
|
||||
|
|
@ -137,6 +136,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
// from here, we can now begin what would be a "interaction" to the oauth server.
|
||||
// Create a new reqwest client - we'll be using this manually.
|
||||
let client = reqwest::Client::builder()
|
||||
.tls_built_in_native_certs(false)
|
||||
.redirect(reqwest::redirect::Policy::none())
|
||||
.no_proxy()
|
||||
.build()
|
||||
|
|
@ -152,11 +152,11 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send discovery preflight request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
let cors_header: &str = response
|
||||
.headers()
|
||||
.get(http::header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.expect("missing access-control-allow-origin header")
|
||||
.to_str()
|
||||
.expect("invalid access-control-allow-origin header");
|
||||
|
|
@ -168,12 +168,12 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
// Assert CORS on the GET too.
|
||||
let cors_header: &str = response
|
||||
.headers()
|
||||
.get(http::header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.expect("missing access-control-allow-origin header")
|
||||
.to_str()
|
||||
.expect("invalid access-control-allow-origin header");
|
||||
|
|
@ -221,7 +221,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
assert_no_cache!(response);
|
||||
|
||||
let mut jwk_set: JwkKeySet = response
|
||||
|
|
@ -264,7 +264,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
assert_no_cache!(response);
|
||||
|
||||
let consent_req: AuthorisationResponse = response
|
||||
|
|
@ -298,7 +298,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.expect("Failed to send request.");
|
||||
|
||||
// This should yield a 302 redirect with some query params.
|
||||
assert_eq!(response.status(), reqwest::StatusCode::FOUND);
|
||||
assert_eq!(response.status(), StatusCode::FOUND);
|
||||
assert_no_cache!(response);
|
||||
|
||||
// And we should have a URL in the location header.
|
||||
|
|
@ -343,11 +343,11 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send code exchange request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
let cors_header: &str = response
|
||||
.headers()
|
||||
.get(http::header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.expect("missing access-control-allow-origin header")
|
||||
.to_str()
|
||||
.expect("invalid access-control-allow-origin header");
|
||||
|
|
@ -379,7 +379,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send token introspect request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
tracing::trace!("{:?}", response.headers());
|
||||
assert!(
|
||||
response.headers().get(CONTENT_TYPE) == Some(&HeaderValue::from_static(APPLICATION_JSON))
|
||||
|
|
@ -485,7 +485,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send client credentials request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
let atr = response
|
||||
.json::<AccessTokenResponse>()
|
||||
|
|
@ -506,7 +506,7 @@ async fn test_oauth2_openid_basic_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send token introspect request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
|
||||
let tir = response
|
||||
.json::<AccessTokenIntrospectResponse>()
|
||||
|
|
@ -681,6 +681,7 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
// Create a new reqwest client - we'll be using this manually.
|
||||
let client = reqwest::Client::builder()
|
||||
.redirect(reqwest::redirect::Policy::none())
|
||||
.tls_built_in_native_certs(false)
|
||||
.no_proxy()
|
||||
.build()
|
||||
.expect("Failed to create client.");
|
||||
|
|
@ -692,7 +693,7 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
assert_no_cache!(response);
|
||||
|
||||
let mut jwk_set: JwkKeySet = response
|
||||
|
|
@ -733,7 +734,7 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
assert_no_cache!(response);
|
||||
|
||||
let consent_req: AuthorisationResponse = response
|
||||
|
|
@ -765,7 +766,7 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
.expect("Failed to send request.");
|
||||
|
||||
// This should yield a 302 redirect with some query params.
|
||||
assert_eq!(response.status(), reqwest::StatusCode::FOUND);
|
||||
assert_eq!(response.status(), StatusCode::FOUND);
|
||||
assert_no_cache!(response);
|
||||
|
||||
// And we should have a URL in the location header.
|
||||
|
|
@ -813,7 +814,7 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send code exchange request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
assert_no_cache!(response);
|
||||
|
||||
// The body is a json AccessTokenResponse
|
||||
|
|
@ -858,10 +859,10 @@ async fn test_oauth2_openid_public_flow_impl(
|
|||
.await
|
||||
.expect("Failed to send userinfo preflight request.");
|
||||
|
||||
assert_eq!(response.status(), reqwest::StatusCode::OK);
|
||||
assert_eq!(response.status(), StatusCode::OK);
|
||||
let cors_header: &str = response
|
||||
.headers()
|
||||
.get(http::header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
|
||||
.expect("missing access-control-allow-origin header")
|
||||
.to_str()
|
||||
.expect("invalid access-control-allow-origin header");
|
||||
|
|
@ -931,6 +932,7 @@ async fn test_oauth2_token_post_bad_bodies(rsclient: KanidmClient) {
|
|||
|
||||
let client = reqwest::Client::builder()
|
||||
.redirect(reqwest::redirect::Policy::none())
|
||||
.tls_built_in_native_certs(false)
|
||||
.no_proxy()
|
||||
.build()
|
||||
.expect("Failed to create client.");
|
||||
|
|
@ -966,6 +968,7 @@ async fn test_oauth2_token_revoke_post(rsclient: KanidmClient) {
|
|||
|
||||
let client = reqwest::Client::builder()
|
||||
.redirect(reqwest::redirect::Policy::none())
|
||||
.tls_built_in_native_certs(false)
|
||||
.no_proxy()
|
||||
.build()
|
||||
.expect("Failed to create client.");
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
use kanidm_client::{ClientError, KanidmClient};
|
||||
use kanidm_client::{ClientError, KanidmClient, StatusCode};
|
||||
use kanidm_proto::constants::ATTR_MAIL;
|
||||
use kanidmd_testkit::{create_user, ADMIN_TEST_PASSWORD, ADMIN_TEST_USER};
|
||||
use serde_json::Value;
|
||||
|
|
@ -48,6 +48,6 @@ async fn test_v1_person_id_ssh_pubkeys_post(rsclient: KanidmClient) {
|
|||
eprintln!("response: {:#?}", response);
|
||||
assert!(matches!(
|
||||
response,
|
||||
ClientError::Http(reqwest::StatusCode::BAD_REQUEST, _, _)
|
||||
ClientError::Http(StatusCode::BAD_REQUEST, _, _)
|
||||
));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -942,9 +942,8 @@ async fn test_server_rest_oauth2_basic_lifecycle(rsclient: KanidmClient) {
|
|||
assert!(res.is_ok());
|
||||
|
||||
//test getting the image
|
||||
let client = reqwest::Client::new();
|
||||
|
||||
let response = client
|
||||
let response = rsclient
|
||||
.client()
|
||||
.get(rsclient.make_url("/ui/images/oauth2/test_integration"))
|
||||
.bearer_auth(rsclient.get_token().await.unwrap());
|
||||
|
||||
|
|
@ -1780,7 +1779,8 @@ async fn start_password_session(
|
|||
password: &str,
|
||||
privileged: bool,
|
||||
) -> Result<UserAuthToken, ()> {
|
||||
let client = reqwest::Client::new();
|
||||
let fresh_rsclient = rsclient.new_session().unwrap();
|
||||
let client = fresh_rsclient.client();
|
||||
|
||||
let authreq = AuthRequest {
|
||||
step: AuthStep::Init2 {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ use kanidm_proto::scim_v1::ScimEntryGetQuery;
|
|||
use kanidmd_lib::constants::NAME_IDM_ADMINS;
|
||||
use kanidmd_lib::prelude::Attribute;
|
||||
use kanidmd_testkit::{ADMIN_TEST_PASSWORD, ADMIN_TEST_USER};
|
||||
use reqwest::header::HeaderValue;
|
||||
use std::str::FromStr;
|
||||
use url::Url;
|
||||
|
||||
|
|
@ -104,64 +103,6 @@ async fn test_sync_account_lifecycle(rsclient: KanidmClient) {
|
|||
.expect("Failed to destroy token");
|
||||
}
|
||||
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_scim_sync_get(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
|
||||
let mut headers = reqwest::header::HeaderMap::new();
|
||||
headers.insert(
|
||||
reqwest::header::AUTHORIZATION,
|
||||
HeaderValue::from_str(&format!("Bearer {:?}", rsclient.get_token().await)).unwrap(),
|
||||
);
|
||||
|
||||
let client = reqwest::Client::builder()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.default_headers(headers)
|
||||
.build()
|
||||
.unwrap();
|
||||
|
||||
// here we test the /ui/ endpoint which should have the headers
|
||||
let response = match client.get(rsclient.make_url("/scim/v1/Sync")).send().await {
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
"Failed to query {:?} : {:#?}",
|
||||
rsclient.make_url("/scim/v1/Sync"),
|
||||
error
|
||||
);
|
||||
}
|
||||
};
|
||||
eprintln!("response: {:#?}", response);
|
||||
assert!(response.status().is_client_error());
|
||||
|
||||
// check that the CSP headers are coming back
|
||||
eprintln!(
|
||||
"csp headers: {:#?}",
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY)
|
||||
);
|
||||
assert_ne!(
|
||||
response
|
||||
.headers()
|
||||
.get(http::header::CONTENT_SECURITY_POLICY),
|
||||
None
|
||||
);
|
||||
|
||||
// test that the proper content type comes back
|
||||
let url = rsclient.make_url("/scim/v1/Sink");
|
||||
let response = match client.get(url.clone()).send().await {
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!("Failed to query {:?} : {:#?}", url, error);
|
||||
}
|
||||
};
|
||||
assert!(response.status().is_success());
|
||||
let content_type = response.headers().get(http::header::CONTENT_TYPE).unwrap();
|
||||
assert!(content_type.to_str().unwrap().contains("text/html"));
|
||||
assert!(response.text().await.unwrap().contains("Sink"));
|
||||
}
|
||||
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_scim_sync_entry_get(rsclient: KanidmClient) {
|
||||
let res = rsclient
|
||||
|
|
|
|||
|
|
@ -1,57 +0,0 @@
|
|||
use kanidm_client::KanidmClient;
|
||||
|
||||
/// This literally tests that the thing exists and responds in a way we expect, probably worth testing it better...
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_v1_self_applinks(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
|
||||
let response = match client
|
||||
.get(rsclient.make_url("/v1/self/_applinks"))
|
||||
.send()
|
||||
.await
|
||||
{
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
"Failed to query {:?} : {:#?}",
|
||||
rsclient.make_url("/v1/self/_applinks"),
|
||||
error
|
||||
);
|
||||
}
|
||||
};
|
||||
eprintln!("response: {:#?}", response);
|
||||
assert_eq!(response.status(), 401);
|
||||
|
||||
let body = response.text().await.unwrap();
|
||||
eprintln!("{}", body);
|
||||
}
|
||||
|
||||
/// This literally tests that the thing exists and responds in a way we expect, probably worth testing it better...
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_v1_self_whoami_uat(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
|
||||
let response = match client.get(rsclient.make_url("/v1/self/_uat")).send().await {
|
||||
Ok(value) => value,
|
||||
Err(error) => {
|
||||
panic!(
|
||||
"Failed to query {:?} : {:#?}",
|
||||
rsclient.make_url("/v1/self/_uat"),
|
||||
error
|
||||
);
|
||||
}
|
||||
};
|
||||
eprintln!("response: {:#?}", response);
|
||||
assert_eq!(response.status(), 401);
|
||||
|
||||
let body = response.text().await.unwrap();
|
||||
eprintln!("{}", body);
|
||||
}
|
||||
|
|
@ -4,10 +4,7 @@ use kanidm_client::KanidmClient;
|
|||
#[kanidmd_testkit::test]
|
||||
async fn test_v1_service_account_id_attr_attr_delete(rsclient: KanidmClient) {
|
||||
// We need to do manual reqwests here.
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
// let post_body = serde_json::json!({"filter": "self"}).to_string();
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,7 @@ use kanidm_client::KanidmClient;
|
|||
/// This literally tests that the thing exists and responds in a way we expect, probably worth testing it better...
|
||||
#[kanidmd_testkit::test]
|
||||
async fn test_v1_system_post_attr(rsclient: KanidmClient) {
|
||||
let client = reqwest::ClientBuilder::new()
|
||||
.danger_accept_invalid_certs(true)
|
||||
.build()
|
||||
.unwrap();
|
||||
let client = rsclient.client();
|
||||
|
||||
let response = match client
|
||||
.post(rsclient.make_url("/v1/system/_attr/domain_name"))
|
||||
|
|
|
|||
Loading…
Reference in a new issue