namespace Tests\Auth;
-use BookStack\Auth\Role;
-use BookStack\Auth\User;
+use BookStack\Users\Models\Role;
+use BookStack\Users\Models\User;
use Tests\TestCase;
class Saml2Test extends TestCase
$req->assertSee(url('/saml2/acs'));
}
+ public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
+ {
+ config()->set([
+ 'saml2.autoload_from_metadata' => true,
+ 'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
+ 'saml2.onelogin.idp.singleSignOnService.url' => null,
+ ]);
+
+ $req = $this->get('/saml2/metadata');
+ $req->assertOk();
+ $req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
+ $req->assertSee('md:EntityDescriptor');
+ }
+
public function test_onelogin_overrides_functions_as_expected()
{
$json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "
[email protected]"}}}';
{
$req = $this->get('/login');
$req->assertSeeText('SingleSignOn-Testing');
- $req->assertElementExists('form[action$="/saml2/login"][method=POST] button');
+ $this->withHtml($req)->assertElementExists('form[action$="/saml2/login"][method=POST] button');
}
public function test_login()
'saml2.onelogin.strict' => false,
]);
- $resp = $this->actingAs($this->getEditor())->get('/');
- $resp->assertElementExists('a[href$="/saml2/logout"]');
- $resp->assertElementContains('a[href$="/saml2/logout"]', 'Logout');
+ $resp = $this->actingAs($this->users->editor())->get('/');
+ $this->withHtml($resp)->assertElementContains('form[action$="/saml2/logout"] button', 'Logout');
}
public function test_logout_sls_flow()
$this->followingRedirects()->post('/saml2/acs', ['SAMLResponse' => $this->acsPostData]);
- $req = $this->get('/saml2/logout');
+ $req = $this->post('/saml2/logout');
$redirect = $req->headers->get('location');
$this->assertStringStartsWith('http://saml.local/saml2/idp/SingleLogoutService.php', $redirect);
+ $sloData = $this->parseSamlDataFromUrl($redirect, 'SAMLRequest');
+ $this->assertStringContainsString('<samlp:SessionIndex>_4fe7c0d1572d64b27f930aa6f236a6f42e930901cc</samlp:SessionIndex>', $sloData);
+
$this->withGet(['SAMLResponse' => $this->sloResponseData], $handleLogoutResponse);
}
$this->followingRedirects()->post('/saml2/acs', ['SAMLResponse' => $this->acsPostData]);
$this->assertTrue($this->isAuthenticated());
- $req = $this->get('/saml2/logout');
+ $req = $this->post('/saml2/logout');
$req->assertRedirect('/');
$this->assertFalse($this->isAuthenticated());
}
public function test_saml_routes_are_only_active_if_saml_enabled()
{
config()->set(['auth.method' => 'standard']);
- $getRoutes = ['/logout', '/metadata', '/sls'];
+ $getRoutes = ['/metadata', '/sls'];
foreach ($getRoutes as $route) {
$req = $this->get('/saml2' . $route);
$this->assertPermissionError($req);
}
- $postRoutes = ['/login', '/acs'];
+ $postRoutes = ['/login', '/acs', '/logout'];
foreach ($postRoutes as $route) {
$req = $this->post('/saml2' . $route);
$this->assertPermissionError($req);
$resp = $this->post('/login');
$this->assertPermissionError($resp);
- $resp = $this->get('/logout');
+ $resp = $this->post('/logout');
$this->assertPermissionError($resp);
}
{
$req = $this->post('/saml2/login');
$location = $req->headers->get('Location');
- $query = explode('?', $location)[1];
+ return $this->parseSamlDataFromUrl($location, 'SAMLRequest');
+ }
+
+ protected function parseSamlDataFromUrl(string $url, string $paramName): string
+ {
+ $query = explode('?', $url)[1];
$params = [];
parse_str($query, $params);
- return gzinflate(base64_decode($params['SAMLRequest']));
+ return gzinflate(base64_decode($params[$paramName]));
}
protected function withGet(array $options, callable $callback)
projects / bookstack / blobdiff