Skip to content

Commit

Permalink
Add activation tests IdP attribute preference
Browse files Browse the repository at this point in the history
  • Loading branch information
@pablothedude
pablothedude committed Nov 25, 2024
1 parent af5a4cd commit 4632e58
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 2 deletions.
23 changes: 23 additions & 0 deletions stepup/tests/behat/features/bootstrap/SecondFactorAuthContext.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

use Behat\Behat\Context\Context;
use Behat\Behat\Hook\Scope\BeforeScenarioScope;
use Behat\Gherkin\Node\TableNode;
use Behat\Mink\Exception\ElementNotFoundException;
use Behat\MinkExtension\Context\MinkContext;

Expand Down Expand Up @@ -361,6 +362,28 @@ public function authenticateWithIdentityProvider()

}

/**
* @Given /^I receive the following attributes for "([^"]*)" from the IdP:$/
* @param TableNode $table
*/
public function authenticateIdentityProviderAndExpectAttributes(string $user, TableNode $table)
{
$this->minkContext->visit('https://ssp.dev.openconext.local/simplesaml/aa.php');

$this->minkContext->pressButton('delete all');

$hash = $table->getHash();
foreach ($hash as $row) {
var_dump($row);
$name = $row['name'];
$value = $row['value'];
$this->minkContext->fillField('uid', $user);
$this->minkContext->fillField('name', $name);
$this->minkContext->fillField('value', $value);
$this->minkContext->pressButton('add');
}
}

/**
* @When I authenticate as :arg1 with the identity provider
*/
Expand Down
30 changes: 28 additions & 2 deletions stepup/tests/behat/features/selfservice_activation_flow.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,41 @@ Feature: A user manages his tokens in the SelfService portal
I must be able to manage my second factor tokens

Scenario: A user registers a Yubikey token in selfservice using RA vetting preference
Given I log into the selfservice portal as "joe-a4" with activation preference "ra"
Given I receive the following attributes for "joe-a4" from the IdP:
| name | value |
And I log into the selfservice portal as "joe-a4" with activation preference "ra"
When I register a new "Yubikey" token
And I verify my e-mail address
And I visit the "overview" page in the selfservice portal
And I activate my token
Then I should see "Activation code"

Scenario: A user registers a Yubikey token in selfservice using self vetting preference
Given I log into the selfservice portal as "joe-a5" with activation preference "self"
Given I receive the following attributes for "joe-a5" from the IdP:
| name | value |
And I log into the selfservice portal as "joe-a5" with activation preference "self"
When I register a new "Yubikey" token
And I verify my e-mail address
And I visit the "overview" page in the selfservice portal
And I activate my token
Then I should see "Add recovery method"

Scenario: A user registers a Yubikey token in selfservice using RA vetting preference set through eduPersonEntitlement attribute
Given I receive the following attributes for "jane-a4" from the IdP:
| name | value |
| urn:mace:dir:attribute-def:eduPersonEntitlement | urn:mace:surf.nl:surfsecureid:activation:ra |
And I am logged in into the selfservice portal as "jane-a4"
When I register a new "Yubikey" token
And I verify my e-mail address
And I visit the "overview" page in the selfservice portal
And I activate my token
Then I should see "Activation code"

Scenario: A user registers a Yubikey token in selfservice using self vetting preference set through eduPersonEntitlement attribute
Given I receive the following attributes for "jane-a5" from the IdP:
| name | value |
| urn:mace:dir:attribute-def:eduPersonEntitlement | urn:mace:surf.nl:surfsecureid:activation:self |
And I am logged in into the selfservice portal as "jane-a5"
When I register a new "Yubikey" token
And I verify my e-mail address
And I visit the "overview" page in the selfservice portal
Expand Down

0 comments on commit 4632e58

Please sign in to comment.