diff --git a/.github/workflows/run-cypress.yml b/.github/workflows/run-cypress.yml index bf801dd099..603cff1f71 100644 --- a/.github/workflows/run-cypress.yml +++ b/.github/workflows/run-cypress.yml @@ -29,7 +29,7 @@ jobs: run: | cd docker && ${DOCKER_COMPOSE} up -d --build && - docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' SYMFONY_ENV=ci composer install --prefer-dist -n -o --ignore-platform-reqs && \ ./app/console cache:clear --env=ci && \ cd theme && CYPRESS_INSTALL_BINARY=0 yarn install --frozen-lockfile && EB_THEME=skeune yarn build @@ -38,13 +38,13 @@ jobs: if: always() run: | cd docker && \ - docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' EB_THEME=skeune ./theme/scripts/prepare-test.js ' && \ docker compose exec -T cypress bash -c ' cd e2e && yarn install && cypress run --spec cypress/integration/skeune/**/*.spec.js,cypress/integration/shared/*.spec.js --browser=chrome --headless ' && \ - docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' EB_THEME=openconext ./theme/scripts/prepare-test.js ' && \ docker compose exec -T cypress bash -c ' diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index d6411f3930..d109551e4c 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -29,7 +29,7 @@ jobs: run: | cd docker && ${DOCKER_COMPOSE} up -d --build && - docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' SYMFONY_ENV=ci composer install --prefer-dist -n -o --ignore-platform-reqs && \ ./app/console cache:clear --env=ci && \ cd theme && CYPRESS_INSTALL_BINARY=0 yarn install --frozen-lockfile && EB_THEME=skeune yarn build @@ -37,7 +37,7 @@ jobs: - name: Run code quality tests if: always() run: | - cd docker && docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + cd docker && docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' echo -e "\nPHP Mess Detector\n" && \ ./vendor/bin/phpmd src text ci/qa-config/phpmd.xml --exclude */Tests/* && \ echo -e "\nPHP CodeSniffer\n" && \ @@ -52,7 +52,7 @@ jobs: - name: Run unit tests if: always() run: | - cd docker && APP_ENV=ci docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + cd docker && APP_ENV=ci SYMFONY_ENV=ci docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' echo -e "\nInstalling database fixtures...\n" && \ ./app/console doctrine:schema:drop --force --env=ci && \ ./app/console doctrine:schema:create --env=ci && \ @@ -70,7 +70,7 @@ jobs: - name: Run acceptance tests if: always() run: | - cd docker && docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + cd docker && docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' echo -e "\nInstalling database fixtures...\n" && \ ./app/console doctrine:schema:drop --force --env=ci && \ ./app/console doctrine:schema:create --env=ci && \ @@ -86,7 +86,7 @@ jobs: - name: Run linting tests if: always() run: | - cd docker && docker compose exec -T --user www-data php-fpm.vm.openconext.org bash -c ' + cd docker && docker compose exec -T --user www-data php-fpm.dev.openconext.org bash -c ' echo -e "\nTwig lint\n" && \ app/console lint:twig theme/ && \ cd theme && \ @@ -98,7 +98,7 @@ jobs: - name: Show log on failure if: failure() run: | - cd docker && docker compose exec -T php-fpm.vm.openconext.org cat /opt/openconext/OpenConext-engineblock/app/logs/ci/ci.log + cd docker && docker compose exec -T php-fpm.dev.openconext.org cat /opt/openconext/OpenConext-engineblock/app/logs/ci/ci.log - name: Send notification on production build nightly build failure uses: sonots/slack-notice-action@v3 with: diff --git a/app/config/config_ci.yml b/app/config/config_ci.yml index 1295836479..633d24421c 100644 --- a/app/config/config_ci.yml +++ b/app/config/config_ci.yml @@ -10,7 +10,7 @@ doctrine: driver: pdo_mysql # This must be PDO until all database interaction runs through doctrine server_version: 5.5 dbname: "%database.dbname%" - host: "db.vm.openconext.org" + host: "db.dev.openconext.org" port: "%database.port%" user: "%database.user%" password: "%database.password%" @@ -18,7 +18,7 @@ doctrine: driver: pdo_mysql # This must be PDO until all database interaction runs through doctrine server_version: 5.5 dbname: "%database.test.dbname%" - host: "db-test.vm.openconext.org" + host: "db-test.dev.openconext.org" port: "%database.test.port%" user: "%database.test.user%" password: "%database.test.password%" diff --git a/composer.json b/composer.json index 87866fe4b8..616486b3de 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ "source": "https://github.com/OpenConext/OpenConext-engineblock" }, "require": { - "php": "7.2", + "php": "~7.2", "ext-dom": "*", "ext-json": "*", "ext-mbstring": "*", diff --git a/docker/docker-compose-php72.yml b/docker/docker-compose-php72.yml index f0da915366..96687e3f5d 100644 --- a/docker/docker-compose-php72.yml +++ b/docker/docker-compose-php72.yml @@ -1,6 +1,6 @@ version: '2.4' services: - php-fpm.vm.openconext.org: + php-fpm.dev.openconext.org: build: dockerfile: docker/php-fpm/Dockerfile-php72 diff --git a/docker/docker-compose-php82.yml b/docker/docker-compose-php82.yml index f939712621..08bedb4404 100644 --- a/docker/docker-compose-php82.yml +++ b/docker/docker-compose-php82.yml @@ -1,6 +1,6 @@ version: '2.4' services: - php-fpm.vm.openconext.org: + php-fpm.dev.openconext.org: build: dockerfile: docker/php-fpm/Dockerfile-php82 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 8d33d39f15..75d1fe090b 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -2,7 +2,7 @@ version: '2.4' services: - db.vm.openconext.org: + db.dev.openconext.local: image: mariadb:10.2 restart: always container_name: eb-db @@ -19,7 +19,7 @@ services: timeout: 2s retries: 20 - db-test.vm.openconext.org: + db-test.dev.openconext.local: image: mariadb:10.2 restart: always container_name: eb-db-test @@ -37,7 +37,7 @@ services: retries: 20 interval: 2s - php-fpm.vm.openconext.org: + php-fpm.dev.openconext.local: build: context: ../ # override this in a dedicated dockerfile per php version @@ -45,24 +45,24 @@ services: container_name: eb-phpfpm volumes: - ../:/opt/openconext/OpenConext-engineblock - - ../ci/qa-config/files/engine.vm.openconext.org.crt:/etc/apache2/ssl/engine.vm.openconext.org.crt - - ../ci/qa-config/files/engine.vm.openconext.org.key:/etc/apache2/ssl/engine.vm.openconext.org.key + - ../ci/qa-config/files/engine.dev.openconext.local.crt:/etc/apache2/ssl/engine.dev.openconext.local.crt + - ../ci/qa-config/files/engine.dev.openconext.local.key:/etc/apache2/ssl/engine.dev.openconext.local.key depends_on: - db.vm.openconext.org: + db.dev.openconext.local: condition: service_healthy - db-test.vm.openconext.org: + db-test.dev.openconext.local: condition: service_healthy extra_hosts: - - 'engine.vm.openconext.org: 127.0.0.1' + - 'engine.dev.openconext.local: 127.0.0.1' environment: APP_ENV: ci SYMFONY_ENV: ci networks: default: aliases: - - engine.vm.openconext.org + - engine.dev.openconext.local - selenium.vm.openconext.org: + selenium.dev.openconext.local: image: selenium/standalone-chrome:2.53.1 container_name: eb-selenium user: "${UID}:${GID}" @@ -79,7 +79,7 @@ services: cypress: image: "cypress/included:13.1.0" environment: - - CYPRESS_baseUrl=https://engine.vm.openconext.org + - CYPRESS_baseUrl=https://engine.dev.openconext.local working_dir: /e2e entrypoint: cypress open --project . volumes: diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf deleted file mode 100644 index d4f5a4e61d..0000000000 --- a/docker/nginx/nginx.conf +++ /dev/null @@ -1,58 +0,0 @@ -server { - listen 443 ssl; - server_name engine.vm.openconext.org; - root /var/www/web; - - ssl_certificate /etc/nginx/certs/engine.vm.openconext.org.crt; - ssl_certificate_key /etc/nginx/certs/engine.vm.openconext.org.key; - - - location / { - # try to serve file directly, fallback to app.php - try_files $uri /app.php$is_args$args; - } - - # optionally disable falling back to PHP script for the asset directories; - # nginx will return a 404 error when files are not found instead of passing the - # request to Symfony (improves performance but Symfony's 404 page is not displayed) - # location /bundles { - # try_files $uri =404; - # } - - location ~ ^/app\.php(/|$) { - fastcgi_pass php-fpm.vm.openconext.org:9000; - - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - - # optionally set the value of the environment variables used in the application - # fastcgi_param APP_ENV prod; - # fastcgi_param APP_SECRET ; - # fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name"; - fastcgi_param ENGINEBLOCK_ENV ci; - fastcgi_param SYMFONY_ENV ci; - - # When you are using symlinks to link the document root to the - # current version of your application, you should pass the real - # application path instead of the path to the symlink to PHP - # FPM. - # Otherwise, PHP's OPcache may not properly detect changes to - # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 - # for more information). - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - # Prevents URIs that include the front controller. This will 404: - # http://domain.tld/index.php/some-path - # Remove the internal directive to allow URIs like this - internal; - } - - # return 404 for all other php files not matching the front controller - # this prevents access to other php files you don't want to be accessible. - location ~ \.php$ { - return 404; - } - - error_log /proc/self/fd/2; - access_log /proc/self/fd/2; -} diff --git a/library/EngineBlock/Application/FunctionalTestDiContainer.php b/library/EngineBlock/Application/FunctionalTestDiContainer.php index 567f7bd254..933bef68fd 100644 --- a/library/EngineBlock/Application/FunctionalTestDiContainer.php +++ b/library/EngineBlock/Application/FunctionalTestDiContainer.php @@ -76,7 +76,7 @@ public function getEncryptionKeysConfiguration() $basePath = $this->container->getParameter('kernel.project_dir'); return [ 'default' => [ - 'publicFile' => '/etc/openconext/engineblock.crt', + 'publicFile' => '/config/engine/engineblock.crt', 'privateFile' => $basePath . '/ci/qa-config/files/engineblock.pem', ], ]; diff --git a/library/EngineBlock/Application/TestDiContainer.php b/library/EngineBlock/Application/TestDiContainer.php index 1b09a6de81..74b425fab7 100644 --- a/library/EngineBlock/Application/TestDiContainer.php +++ b/library/EngineBlock/Application/TestDiContainer.php @@ -73,7 +73,7 @@ public function getEncryptionKeysConfiguration() return [ 'default' => [ - 'publicFile' => '/etc/openconext/engineblock.crt', + 'publicFile' => '/config/engine/engineblock.crt', 'privateFile' => $basePath . '/ci/qa-config/files/engineblock.pem', ], ]; diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature index cf7dcb8071..d0a6622e38 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/AttributeManipulation.feature @@ -188,11 +188,11 @@ Feature: And I select "Dummy-IdP" on the WAYF And I pass through EngineBlock And I pass through the IdP - Then I should not see "https://engine.vm.openconext.org/authentication/idp/single-sign-on" + Then I should not see "https://engine.dev.openconext.org/authentication/idp/single-sign-on" When I give my consent And I pass through EngineBlock Then the url should match "functional-testing/SP-with-Attribute-Manipulations/acs" - And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:uid"]/saml:AttributeValue[text()="https://engine.vm.openconext.org/authentication/idp/single-sign-on"]' + And the response should match xpath '/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="urn:mace:dir:attribute-def:uid"]/saml:AttributeValue[text()="https://engine.dev.openconext.org/authentication/idp/single-sign-on"]' Scenario: The manipulation reduces a multivalued attribute to a single value Given the IdP "Dummy-IdP" sends attribute "urn:mace:dir:attribute-def:eduPersonAffiliation" with values "student,faculty,guest,member" and xsi:type is "xs:string" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature index 6783f5e926..609d92ac16 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/ClearErrorMessages.feature @@ -165,7 +165,7 @@ Feature: When I log in at "Dummy SP" And I pass through EngineBlock Then I should see "HTTP Method not allowed" - And I should see "The HTTP method \"GET\" is not allowed for location \"https://engine.vm.openconext.org/authentication/sp/consume-assertion\". Supported methods are: POST." + And I should see "The HTTP method \"GET\" is not allowed for location \"https://engine.dev.openconext.org/authentication/sp/consume-assertion\". Supported methods are: POST." Scenario: An Identity Provider sends a response without a SHO Given the IdP does not send the attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature index d26e1e45c9..592e25c680 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature @@ -20,7 +20,7 @@ Feature: And I pass through the IdP Then I should see "Identity Provider" And I should see "Entity ID" - And I should see "https://engine.vm.openconext.org/functional-testing/Second-IdP/metadata" + And I should see "https://engine.dev.openconext.org/functional-testing/Second-IdP/metadata" And I should see "Naam" And I should see "Second-IdP" And I should see "Logo" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature index 0654bcb7d3..27477a9c0b 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Encryption.feature @@ -13,7 +13,7 @@ Feature: Scenario: EngineBlock accepts RSA Encrypted Responses Given the SP uses the HTTP POST Binding And feature "eb.encrypted_assertions" is enabled - And the IdP encrypts its assertions with the public key in "/etc/openconext/engineblock.crt" + And the IdP encrypts its assertions with the public key in "/config/engine/engineblock.crt" When I log in at "Dummy SP" And I pass through the SP And I pass through EngineBlock diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature index 58698f5f98..fab1914f5f 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Metadata.feature @@ -11,13 +11,13 @@ Feature: Scenario: A user can request the EngineBlock SP Proxy metadata When I go to Engineblock URL "/authentication/sp/metadata" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/sp/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/sp/metadata"]' # Verify the display name (EN) correctly set in the metadata And the response should match xpath '//mdui:DisplayName[@xml:lang="en" and text()="OpenConext EngineBlock"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify the ACS location and binding - And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.vm.openconext.org/authentication/sp/consume-assertion"]' + And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.dev.openconext.org/authentication/sp/consume-assertion"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -26,13 +26,13 @@ Feature: Scenario: A user can request the EngineBlock IdP Proxy metadata When I go to Engineblock URL "/authentication/idp/metadata" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/idp/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/idp/metadata"]' # Verify the display name (EN) correctly set in the metadata And the response should match xpath '//mdui:DisplayName[@xml:lang="en" and text()="OpenConext EngineBlock"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify SSO location and binding is set correctly - And the response should match xpath '//md:SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" and @Location="https://engine.vm.openconext.org/authentication/idp/single-sign-on"]' + And the response should match xpath '//md:SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" and @Location="https://engine.dev.openconext.org/authentication/idp/single-sign-on"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -41,11 +41,11 @@ Feature: Scenario: A user can request the EngineBlock stepup metadata When I go to Engineblock URL "/authentication/stepup/metadata" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/stepup/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/stepup/metadata"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify the ACS location and binding - And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.vm.openconext.org/authentication/stepup/consume-assertion"]' + And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.dev.openconext.org/authentication/stepup/consume-assertion"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -57,17 +57,17 @@ Feature: And an Identity Provider named "Regular-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata" # Verify the three IdPs are present in the list - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Known-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Second-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Regular-IdP/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Known-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Second-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Regular-IdP/metadata"]' # And Engine IdP is not listed - And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/idp/metadata"]' + And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/idp/metadata"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key And the response should match xpath '//ds:Signature//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the schema and hostname are not appende twice as was done prior to resolving: https://www.pivotaltracker.com/story/show/169724838 - And the response should not match xpath '//mdui:Logo[text()="https://engine.vm.openconext.orghttps://engine.vm.openconext.org/images/logo.png"]' + And the response should not match xpath '//mdui:Logo[text()="https://engine.dev.openconext.orghttps://engine.dev.openconext.org/images/logo.png"]' Scenario: A user can request the metadata and does not see invisible IdPs Given an Identity Provider named "Known-IdP" @@ -76,10 +76,10 @@ Feature: And the IdP "Hidden-IdP" is hidden When I go to Engineblock URL "/authentication/proxy/idps-metadata" # Verify the two IdPs are present in the list - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Known-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Second-IdP/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Known-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Second-IdP/metadata"]' # The Hidden IdP is not listed - And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Hidden-IdP/metadata"]' + And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Hidden-IdP/metadata"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -91,9 +91,9 @@ Feature: And the Idp with name "Known-IdP" has shibd scope "foobar.example.com" When I go to Engineblock URL "/authentication/proxy/idps-metadata" # Verify the two IdPs are present in the list - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Known-IdP/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Known-IdP/metadata"]' And the response should match xpath '//shibmd:Scope[@regexp="false" and text() = "foobar.example.com"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Second-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Second-IdP/metadata"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -105,14 +105,14 @@ Feature: And an Identity Provider named "Not-Connected-IdP" And a Service Provider named "Test-SP" And SP "Test-SP" is not connected to IdP "Not-Connected-IdP" - When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.vm.openconext.org/functional-testing/Test-SP/metadata" + When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.dev.openconext.org/functional-testing/Test-SP/metadata" # Verify the two connected IdPs are present in the list - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Connected-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Second-Connected-IdP/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Connected-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Second-Connected-IdP/metadata"]' # Verify the disconnected IdP is not listed - And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Not-Connected-IdP/metadata"]' + And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Not-Connected-IdP/metadata"]' # Verify the SP enitty is not listed (used to be the case in older EB versions) - And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Test-SP/metadata"]' + And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Test-SP/metadata"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -123,13 +123,13 @@ Feature: Scenario: A user can request the EngineBlock SP Proxy metadata with a keyID When I go to Engineblock URL "/authentication/sp/metadata/key:default" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/sp/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/sp/metadata"]' # Verify the display name (EN) correctly set in the metadata And the response should match xpath '//mdui:DisplayName[@xml:lang="en" and text()="OpenConext EngineBlock"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify the ACS location and binding - And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.vm.openconext.org/authentication/sp/consume-assertion"]' + And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.dev.openconext.org/authentication/sp/consume-assertion"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -138,13 +138,13 @@ Feature: Scenario: A user can request the EngineBlock IdP Proxy metadata with a keyID When I go to Engineblock URL "/authentication/idp/metadata/key:default" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/idp/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/idp/metadata"]' # Verify the display name (EN) correctly set in the metadata And the response should match xpath '//mdui:DisplayName[@xml:lang="en" and text()="OpenConext EngineBlock"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify SSO location and binding is set correctly including Key ID - And the response should match xpath '//md:SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" and @Location="https://engine.vm.openconext.org/authentication/idp/single-sign-on/key:default"]' + And the response should match xpath '//md:SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" and @Location="https://engine.dev.openconext.org/authentication/idp/single-sign-on/key:default"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -153,11 +153,11 @@ Feature: Scenario: A user can request the EngineBlock stepup metadata with a keyID When I go to Engineblock URL "/authentication/stepup/metadata/key:default" # Verify the entity id is correctly set in the metadata - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/stepup/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/stepup/metadata"]' # Verify the signature method is set to sha256 And the response should match xpath '//ds:SignatureMethod[@Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"]' # Verify the ACS location and binding - And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.vm.openconext.org/authentication/stepup/consume-assertion"]' + And the response should match xpath '//md:AssertionConsumerService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and @Location="https://engine.dev.openconext.org/authentication/stepup/consume-assertion"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key @@ -169,17 +169,17 @@ Feature: And an Identity Provider named "Regular-IdP" When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default" # Verify the three IdPs are present in the list - Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Known-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Second-IdP/metadata"]' - And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/functional-testing/Regular-IdP/metadata"]' + Then the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Known-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Second-IdP/metadata"]' + And the response should match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/functional-testing/Regular-IdP/metadata"]' # And Engine IdP is not listed - And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.vm.openconext.org/authentication/idp/metadata"]' + And the response should not match xpath '//md:EntityDescriptor[@entityID="https://engine.dev.openconext.org/authentication/idp/metadata"]' # Verify the propagated signing key is EB key And the response should match xpath '//md:KeyDescriptor[@use="signing"]//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the used signing key is EB key And the response should match xpath '//ds:Signature//ds:X509Certificate[starts-with(.,"MIIDuDCCAqCgAwIBAgIJAPdqJ9JQKN6vMA0GCSqGSIb3DQEBBQUAMEYxDzANBgNVBAMT")]' # Verify the schema and hostname are not appende twice as was done prior to resolving: https://www.pivotaltracker.com/story/show/169724838 - And the response should not match xpath '//mdui:Logo[text()="https://engine.vm.openconext.orghttps://engine.vm.openconext.org/images/logo.png"]' + And the response should not match xpath '//mdui:Logo[text()="https://engine.dev.openconext.orghttps://engine.vm.openconext.org/images/logo.png"]' Scenario: A user can request the metadata of the IdPs connected to a specific SP with a keyID Given an Identity Provider named "Connected-IdP" diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingStepupGatewayMockConfiguration.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingStepupGatewayMockConfiguration.php index 5c2d750107..bbb9b0c991 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingStepupGatewayMockConfiguration.php +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/FunctionalTestingStepupGatewayMockConfiguration.php @@ -57,7 +57,7 @@ public function __construct( // Set gateway configured IDP $mockEbIdp = $this->mockIdentityProviderFactory->createNew('Stepup gateway'); - $mockEbIdp->setEntityId('https://engine.vm.openconext.org/authentication/stepup/metadata'); + $mockEbIdp->setEntityId('https://engine.dev.openconext.org/authentication/stepup/metadata'); $mockEbIdp->setPrivateKey($keysConfig['default']['privateFile']); $mockEbIdp->setCertificate($keysConfig['default']['publicFile']); @@ -65,7 +65,7 @@ public function __construct( // Set gateway configured SP $mockSp = $this->mockServiceProviderFactory->createNew('ebStepupSp'); - $mockSp->setEntityId('https://engine.vm.openconext.org/authentication/stepup/metadata'); + $mockSp->setEntityId('https://engine.dev.openconext.org/authentication/stepup/metadata'); $this->mockServiceProvider = $mockSp; } diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/ServiceRegistryFixture.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/ServiceRegistryFixture.php index 571f5805e6..400d733e40 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/ServiceRegistryFixture.php +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Fixtures/ServiceRegistryFixture.php @@ -157,7 +157,7 @@ public function registerSp($name, $entityId, $acsLocation, $certData = '') 0 ); - $this->setCoin($sp, 'termsOfServiceUrl', 'http://welcome.vm.openconext.org'); + $this->setCoin($sp, 'termsOfServiceUrl', 'http://welcome.dev.openconext.org'); $sp->getMdui()->setLogo(new Logo('/images/placeholder.png')); diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Resources/config/services.yml b/src/OpenConext/EngineBlockFunctionalTestingBundle/Resources/config/services.yml index b4031c05fe..8df368392a 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Resources/config/services.yml +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Resources/config/services.yml @@ -95,8 +95,8 @@ services: engineblock.configuration.stepup.endpoint: class: OpenConext\EngineBlock\Stepup\StepupEndpoint arguments: - - "https://engine.vm.openconext.org/authentication/stepup/metadata" - - "https://engine.vm.openconext.org/functional-testing/gateway/second-factor-only/single-sign-on" + - "https://engine.dev.openconext.org/authentication/stepup/metadata" + - "https://engine.dev.openconext.org/functional-testing/gateway/second-factor-only/single-sign-on" - "%stepup.gateway.sfo.key_file%" engineblock.functional_testing.mock.translator: diff --git a/tests/behat-ci.yml b/tests/behat-ci.yml index 41457d6997..a5ff4121a6 100644 --- a/tests/behat-ci.yml +++ b/tests/behat-ci.yml @@ -67,7 +67,7 @@ default: extensions: Behat\MinkExtension: - base_url: https://engine.vm.openconext.org/ + base_url: https://engine.dev.openconext.org/ goutte: ~ sessions: default: @@ -77,7 +77,7 @@ default: chrome: selenium2: browser: chrome - wd_host: http://selenium.vm.openconext.org:4444/wd/hub + wd_host: http://selenium.dev.openconext.org:4444/wd/hub capabilities: chrome: switches: diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/AttributeReleasePolicyControllerApiTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/AttributeReleasePolicyControllerApiTest.php index 66f34d5827..aaed2f4c12 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/AttributeReleasePolicyControllerApiTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/AttributeReleasePolicyControllerApiTest.php @@ -46,7 +46,7 @@ public function tearDown(): void public function authentication_is_required_for_applying_arps() { $unauthenticatedClient = static::createClient(); - $unauthenticatedClient->request('POST', 'https://engine-api.vm.openconext.org/arp'); + $unauthenticatedClient->request('POST', 'https://engine-api.dev.openconext.org/arp'); $this->assertStatusCode(Response::HTTP_UNAUTHORIZED, $unauthenticatedClient); } diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsControllerTest.php index ed922ada3b..1076f30ab9 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsControllerTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConnectionsControllerTest.php @@ -39,7 +39,7 @@ class ConnectionsControllerTest extends WebTestCase public function authentication_is_required_for_pushing_metadata() { $unauthenticatedClient = static::createClient();; - $unauthenticatedClient->request('POST', 'https://engine-api.vm.openconext.org/api/connections'); + $unauthenticatedClient->request('POST', 'https://engine-api.dev.openconext.org/api/connections'); $this->assertStatusCode(Response::HTTP_UNAUTHORIZED, $unauthenticatedClient); } @@ -59,7 +59,7 @@ public function only_post_requests_are_allowed_when_pushing_metadata($invalidHtt 'PHP_AUTH_PW' => $this->getContainer()->getParameter('api.users.metadataPush.password'), ]); - $client->request($invalidHttpMethod, 'https://engine-api.vm.openconext.org/api/connections'); + $client->request($invalidHttpMethod, 'https://engine-api.dev.openconext.org/api/connections'); $this->assertStatusCode(Response::HTTP_METHOD_NOT_ALLOWED, $client); $isContentTypeJson = $client->getResponse()->headers->contains('Content-Type', 'application/json'); @@ -82,7 +82,7 @@ public function cannot_push_metadata_if_feature_is_disabled() $this->disableMetadataPushApiFeatureFor($client); - $client->request('POST', 'https://engine-api.vm.openconext.org/api/connections'); + $client->request('POST', 'https://engine-api.dev.openconext.org/api/connections'); $this->assertStatusCode(Response::HTTP_NOT_FOUND, $client); $isContentTypeJson = $client->getResponse()->headers->contains('Content-Type', 'application/json'); @@ -102,7 +102,7 @@ public function cannot_push_metadata_if_user_does_not_have_manage_role() 'PHP_AUTH_PW' => 'no_roles', ]); - $client->request('POST', 'https://engine-api.vm.openconext.org/api/connections'); + $client->request('POST', 'https://engine-api.dev.openconext.org/api/connections'); $this->assertStatusCode(Response::HTTP_FORBIDDEN, $client); $isContentTypeJson = $client->getResponse()->headers->contains('Content-Type', 'application/json'); diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConsentControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConsentControllerTest.php index 754d713a02..5ec948df75 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConsentControllerTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/ConsentControllerTest.php @@ -62,7 +62,7 @@ public function authentication_is_required_for_accessing_the_consent_api() $userId = 'my-name-id'; $unauthenticatedClient = static::createClient(); - $unauthenticatedClient->request('GET', 'https://engine-api.vm.openconext.org/consent/' . $userId); + $unauthenticatedClient->request('GET', 'https://engine-api.dev.openconext.org/consent/' . $userId); $this->assertStatusCode(Response::HTTP_UNAUTHORIZED, $unauthenticatedClient); $unauthenticatedClient = static::createClient(); diff --git a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/HeartbeatControllerTest.php b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/HeartbeatControllerTest.php index 3ea41b6af7..ac9e977e6a 100644 --- a/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/HeartbeatControllerTest.php +++ b/tests/functional/OpenConext/EngineBlockBundle/Controller/Api/HeartbeatControllerTest.php @@ -31,7 +31,7 @@ final class HeartbeatControllerTest extends WebTestCase public function engineblock_has_a_heartbeat() { $client = $this->createClient(); - $client->request('GET', 'https://engine-api.vm.openconext.org/'); + $client->request('GET', 'https://engine-api.dev.openconext.org/'); $this->assertStatusCode(Response::HTTP_OK, $client); } diff --git a/tests/resources/saml/responses/assertion_id_does_not_match_signature_reference_uri.xml b/tests/resources/saml/responses/assertion_id_does_not_match_signature_reference_uri.xml index d8b98d62eb..29837d39ab 100644 --- a/tests/resources/saml/responses/assertion_id_does_not_match_signature_reference_uri.xml +++ b/tests/resources/saml/responses/assertion_id_does_not_match_signature_reference_uri.xml @@ -1,6 +1,6 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata diff --git a/tests/resources/saml/responses/h01_response.xml b/tests/resources/saml/responses/h01_response.xml index 2b33b6fb40..f2d62fa5a7 100644 --- a/tests/resources/saml/responses/h01_response.xml +++ b/tests/resources/saml/responses/h01_response.xml @@ -1,5 +1,5 @@ - + http://mock-idp @@ -40,12 +40,12 @@ admin - + - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata @@ -87,7 +87,7 @@ john-a1 - + diff --git a/tests/resources/saml/responses/multiple_assertions_response.xml b/tests/resources/saml/responses/multiple_assertions_response.xml index 76cbd6c4cb..494f892080 100644 --- a/tests/resources/saml/responses/multiple_assertions_response.xml +++ b/tests/resources/saml/responses/multiple_assertions_response.xml @@ -1,6 +1,6 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata @@ -126,14 +126,14 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata diff --git a/tests/resources/saml/responses/multiple_signed_info_elements.xml b/tests/resources/saml/responses/multiple_signed_info_elements.xml index 661f1a111e..bbdd4d4348 100644 --- a/tests/resources/saml/responses/multiple_signed_info_elements.xml +++ b/tests/resources/saml/responses/multiple_signed_info_elements.xml @@ -1,6 +1,6 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata diff --git a/tests/resources/saml/responses/signature_value_not_second_child.xml b/tests/resources/saml/responses/signature_value_not_second_child.xml index c6f92686d5..906b58659b 100644 --- a/tests/resources/saml/responses/signature_value_not_second_child.xml +++ b/tests/resources/saml/responses/signature_value_not_second_child.xml @@ -1,6 +1,6 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata diff --git a/tests/resources/saml/responses/signed_info_not_first_child.xml b/tests/resources/saml/responses/signed_info_not_first_child.xml index 57b3d67872..3a9a067872 100644 --- a/tests/resources/saml/responses/signed_info_not_first_child.xml +++ b/tests/resources/saml/responses/signed_info_not_first_child.xml @@ -1,6 +1,6 @@ admin + Recipient="https://engine.dev.openconext.org/authentication/sp/consume-assertion"/> - https://engine.vm.openconext.org/authentication/sp/metadata + https://engine.dev.openconext.org/authentication/sp/metadata diff --git a/tests/unit/OpenConext/EngineBlock/Metadata/MfaEntityCollectionTest.php b/tests/unit/OpenConext/EngineBlock/Metadata/MfaEntityCollectionTest.php index aa1d2b3f60..87e044f23b 100644 --- a/tests/unit/OpenConext/EngineBlock/Metadata/MfaEntityCollectionTest.php +++ b/tests/unit/OpenConext/EngineBlock/Metadata/MfaEntityCollectionTest.php @@ -33,14 +33,14 @@ public function test_works_with_correct_data() { $collection = MfaEntityCollection::fromMetadataPush($this->validData()); $this->assertCount(2, $collection); - $entity = $collection->findByEntityId('https://teams.vm.openconext.org/shibboleth'); + $entity = $collection->findByEntityId('https://teams.dev.openconext.org/shibboleth'); $this->assertInstanceOf(MfaEntity::class, $entity); - $this->assertEquals('https://teams.vm.openconext.org/shibboleth', $entity->entityId()); + $this->assertEquals('https://teams.dev.openconext.org/shibboleth', $entity->entityId()); $this->assertEquals('http://schemas.microsoft.com/claims/multipleauthn', $entity->level()); - $entity = $collection->findByEntityId('https://aa.vm.openconext.org/shibboleth'); + $entity = $collection->findByEntityId('https://aa.dev.openconext.org/shibboleth'); $this->assertInstanceOf(MfaEntity::class, $entity); - $this->assertEquals('https://aa.vm.openconext.org/shibboleth', $entity->entityId()); + $this->assertEquals('https://aa.dev.openconext.org/shibboleth', $entity->entityId()); $this->assertEquals('http://schemas.microsoft.com/claims/multipleauthn', $entity->level()); } @@ -48,7 +48,7 @@ public function test_find_by_can_return_null() { $data = [ [ - "name" => "https://teams.vm.openconext.org/shibboleth", + "name" => "https://teams.dev.openconext.org/shibboleth", "level" => "http://schemas.microsoft.com/claims/multipleauthn", ], ]; @@ -60,11 +60,11 @@ public function test_rejects_duplicate_entity_ids() { $data = [ [ - "name" => "https://teams.vm.openconext.org/shibboleth", + "name" => "https://teams.dev.openconext.org/shibboleth", "level" => "http://schemas.microsoft.com/claims/multipleauthn", ], [ - "name" => "https://teams.vm.openconext.org/shibboleth", + "name" => "https://teams.dev.openconext.org/shibboleth", "level" => "http://schemas.microsoft.com/claims/multipleauthn", ], ]; @@ -78,11 +78,11 @@ private function validData(): array { return [ [ - "name" => "https://teams.vm.openconext.org/shibboleth", + "name" => "https://teams.dev.openconext.org/shibboleth", "level" => "http://schemas.microsoft.com/claims/multipleauthn", ], [ - "name" => "https://aa.vm.openconext.org/shibboleth", + "name" => "https://aa.dev.openconext.org/shibboleth", "level" => "http://schemas.microsoft.com/claims/multipleauthn", ], ];