Hotfix the WebTests

The app_env override prevented the webtest from running in test env, as the default is now always set to PROD. I fixed this by overriding the parametesr.yaml for test. Not the best solution, but works for now. When @quartje's work is landing, and we start running the tests in a dedicated test container, this work should be reverted partially. Additionally I fixed an issue where the app-secret was set to the app_env.
OpenConext · Dec 19, 2023 · cd00335 · cd00335
1 parent 73c549f
commit cd00335
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 3 deletions.
diff --git a/.github/workflows/test-acceptance.yml b/.github/workflows/test-acceptance.yml
@@ -1,4 +1,4 @@
-name: Run acceptance tests (Behat)
+name: Run acceptance tests (WebTests & Behat)
 on: [pull_request]
 
 jobs:
@@ -19,6 +19,9 @@ jobs:
       - name: Copy certificate material
         run: mkdir /config && cp -r ./ci/config/* /config/
 
+      - name: Grab the right parameters.yaml
+        run: cp ./config/openconext/parameters.yaml.test.dist ./config/openconext/parameters.yaml
+
       - name: Composer install
         run: composer install
 

diff --git a/config/openconext/parameters.yaml.test.dist b/config/openconext/parameters.yaml.test.dist
@@ -0,0 +1,24 @@
+parameters:
+    app_env: test
+    app_debug: false
+    app_secret: [email protected]
+
+    support_url:
+        en_GB: "https://support.example.org/faq-strong-authentication"
+        nl_NL: "https://support.example.org/faq-sterke-authenticatie"
+    support_email: [email protected]
+    locales:
+        - nl_NL
+        - en_GB
+    default_locale: en_GB
+
+
+    saml_idp_publickey: '/config/azuremfa/azuremfa_idp.crt'
+    saml_idp_privatekey: '/config/azuremfa/azuremfa_idp.key'
+    saml_metadata_publickey: '/config/azuremfa/azuremfa_idp.crt'
+    saml_metadata_privatekey: '/config/axuremfa/azuremfa_idp.key'
+    saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/azuremfa/metadata'
+    saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt'
+    saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/azuremfa/consume-assertion'
+# Authentication issuers matching this regex will send ForceAuthn to the Azure MFA. The at sign is used as delimiter, be sure to escape the first sign as Symfony would see it as a reference to a service.
+    ra_issuer_entity_id_regex: '@@^https://(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/vetting-procedure/gssf/azuremfa/metadata$@'
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
@@ -3,7 +3,7 @@ framework:
     trusted_proxies: '192.0.0.1,10.0.0.0/8'
     trusted_headers: [ 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix' ]
 
-    secret: '%app_env%'
+    secret: '%app_secret%'
     csrf_protection: true
     http_method_override: true
     error_controller: Surfnet\AzureMfa\Infrastructure\Controller\ExceptionController::show

diff --git a/tests/Functional/WebTests/DefaultControllerTest.php b/tests/Functional/WebTests/DefaultControllerTest.php
@@ -24,7 +24,7 @@ class DefaultControllerTest extends WebTestCase
     public function testIndex()
     {
         $client = static::createClient();
-        $crawler = $client->request('GET', '/');
+        $crawler = $client->request('GET', 'https://azuremfa.dev.openconext.local');
         $this->assertEquals(200, $client->getInternalResponse()->getStatusCode());
         $this->assertStringContainsString('Welcome to the Azure MFA', $crawler->filter('h2')->text());
     }