[MM-26174] Automate SAML tests (#5968)

* commit file initially * WIP * intermediate files and stuff * Update naming * Undo some stuff * Auotmating SAML tests * fix linting * remove values * Fix tests * remove saml2 implementation test * Add MM to titles
mattermost · Aug 5, 2020 · b932a7b · b932a7b
1 parent a43cf73
commit b932a7b
Show file tree

Hide file tree

Showing 4 changed files with 206 additions and 3 deletions.
diff --git a/components/audit_table/__snapshots__/audit_table.test.jsx.snap b/components/audit_table/__snapshots__/audit_table.test.jsx.snap
@@ -43,7 +43,9 @@ exports[`components/audit_table/AuditTable should match snapshot with audits 1`]
  </th>
  </tr>
  </thead>
- <tbody>
+ <tbody
+ data-testid="auditTableBody"
+ >
  <tr
  key="id_2"
  >
@@ -179,6 +181,8 @@ exports[`components/audit_table/AuditTable should match snapshot with no audits
  </th>
  </tr>
  </thead>
- <tbody />
+ <tbody
+ data-testid="auditTableBody"
+ />
 </table>
 `;
diff --git a/components/audit_table/audit_table.jsx b/components/audit_table/audit_table.jsx
@@ -338,7 +338,7 @@ export class AuditTable extends React.PureComponent {
  {sessionContent}
  </tr>
  </thead>
- <tbody>
+ <tbody data-testid='auditTableBody'>
  {accessList}
  </tbody>
  </table>

diff --git a/components/user_settings/security/user_settings_security.jsx b/components/user_settings/security/user_settings_security.jsx
@@ -909,6 +909,7 @@ export default class SecurityTab extends React.PureComponent {
  <ToggleModalButton
  className='security-links color--link'
  dialogType={AccessHistoryModal}
+ id='viewAccessHistory'
  >
  <FormattedMessage
  id='user.settings.security.viewHistory.icon'

diff --git a/e2e/cypress/integration/enterprise/saml/saml_automated_spec.js b/e2e/cypress/integration/enterprise/saml/saml_automated_spec.js
@@ -0,0 +1,198 @@
+// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
+// See LICENSE.txt for license information.
+
+// ***************************************************************
+// - [#] indicates a test step (e.g. #. Go to a page)
+// - [*] indicates an assertion (e.g. * Check the title)
+// - Use element ID when selecting an element. Create one if none.
+// ***************************************************************
+
+// Stage: @prod
+// Group: @enterprise @saml
+// Skip: @headless @electron @firefox // run on Chrome (headed) only
+
+import users from '../../../fixtures/saml_users.json';
+
+//Manual Setup required: Follow the instructions mentioned in the mattermost/platform-private/config/saml-okta-setup.txt file
+context('LDAP SAML - Automated Tests (SAML TESTS)', () => {
+ const loginButtonText = 'SAML';
+
+ const regular1 = users.regulars['samluser-1'];
+
+ const {
+ oktaBaseUrl,
+ oktaMMAppName,
+ oktaMMEntityId,
+ } = Cypress.env();
+ const idpUrl = `${oktaBaseUrl}/app/${oktaMMAppName}/${oktaMMEntityId}/sso/saml`;
+ const idpMetadataUrl = `${oktaBaseUrl}/app/${oktaMMEntityId}/sso/saml/metadata`;
+
+ const newConfig = {
+ SamlSettings: {
+ Enable: true,
+ EnableSyncWithLdap: false,
+ EnableSyncWithLdapIncludeAuth: false,
+ Verify: true,
+ Encrypt: true,
+ SignRequest: true,
+ IdpUrl: idpUrl,
+ IdpDescriptorUrl: `http:https://www.okta.com/${oktaMMEntityId}`,
+ IdpMetadataUrl: idpMetadataUrl,
+ ServiceProviderIdentifier: `${Cypress.config('baseUrl')}/login/sso/saml`,
+ AssertionConsumerServiceURL: `${Cypress.config('baseUrl')}/login/sso/saml`,
+ SignatureAlgorithm: 'RSAwithSHA1',
+ CanonicalAlgorithm: 'Canonical1.0',
+ IdpCertificateFile: 'saml-idp.crt',
+ PublicCertificateFile: 'saml-public.crt',
+ PrivateKeyFile: 'saml-private.key',
+ IdAttribute: '',
+ GuestAttribute: '',
+ EnableAdminAttribute: false,
+ AdminAttribute: '',
+ FirstNameAttribute: '',
+ LastNameAttribute: '',
+ EmailAttribute: 'Email',
+ UsernameAttribute: 'Username',
+ LoginButtonText: loginButtonText,
+ },
+ ExperimentalSettings: {
+ UseNewSAMLLibrary: false,
+ },
+ GuestAccountsSettings: {
+ Enable: true,
+ },
+ };
+
+ let testSettings;
+
+ //Note: the assumption is that this test suite runs on a clean setup (empty DB) which would ensure that the users are not present in the Mattermost instance beforehand
+ describe('LDAP SAML - Automated Tests (SAML TESTS)', () => {
+ before(() => {
+ // * Check if server has license for SAML
+ cy.apiRequireLicenseForFeature('SAML');
+
+ // # Get certificates status and upload as necessary
+ cy.apiGetSAMLCertificateStatus().then((resp) => {
+ const data = resp.body;
+
+ if (!data.idp_certificate_file) {
+ cy.apiUploadSAMLIDPCert('saml-idp.crt');
+ }
+
+ if (!data.public_certificate_file) {
+ cy.apiUploadSAMLPublicCert('saml-public.crt');
+ }
+
+ if (!data.private_key_file) {
+ cy.apiUploadSAMLPrivateKey('saml-private.key');
+ }
+ });
+
+ // # Check SAML metadata if working properly
+ cy.apiGetMetadataFromIdp(idpMetadataUrl);
+
+ cy.oktaAddUsers(users);
+ cy.apiUpdateConfig(newConfig).then(({config}) => {
+ cy.setTestSettings(loginButtonText, config).then((_response) => {
+ testSettings = _response;
+ });
+ });
+ });
+
+ it('MM-T3012 - Check SAML Metadata without Enable Encryption', () => {
+ cy.apiAdminLogin();
+ const test1Settings = {
+ ...newConfig,
+ SamlSettings: {
+ ...newConfig.SamlSettings,
+ Encrypt: false,
+ PublicCertificateFile: '',
+ PrivateKeyFile: '',
+ },
+ };
+ cy.apiUpdateConfig(test1Settings).then(() => {
+ const baseUrl = Cypress.config('baseUrl');
+ cy.request(`${baseUrl}/api/v4/saml/metadata`).then((resp) => {
+ expect(resp.status).to.eq(200);
+ expect(resp.headers['content-type']).to.eq('application/xml');
+ expect(resp.body).to.contain('<?xml version');
+ });
+ });
+ });
+
+ it('MM-T3280 - SAML Login Audit', () => {
+ cy.apiAdminLogin();
+
+ cy.apiUpdateConfig(newConfig).then(() => {
+ testSettings.user = regular1;
+ cy.oktaGetOrCreateUser(testSettings.user).then((oktaUserId) => {
+ cy.oktaDeleteSession(oktaUserId);
+ cy.doSamlLogin(testSettings).then(() => {
+ cy.doOktaLogin(testSettings.user).then(() => {
+ cy.skipOrCreateTeam(testSettings, oktaUserId).then(() => {
+ cy.toAccountSettingsModal();
+ cy.get('#securityButton').click();
+ cy.findByTestId('viewAccessHistory').click();
+ cy.findByTestId('auditTableBody').find('td').
+ each(($el) => {
+ cy.wrap($el).
+ invoke('text').
+ then((text) => {
+ if (text.includes('Saml obtained user')) {
+ expect(text).to.contains('Saml obtained user');
+ }
+ });
+ });
+ });
+ });
+ });
+ });
+ });
+ });
+
+ it('MM-T3281 - SAML Signature Algorithm using RSAwithSHA256', () => {
+ cy.apiAdminLogin();
+ const test1Settings = {
+ ...newConfig,
+ SamlSettings: {
+ ...newConfig.SamlSettings,
+ SignatureAlgorithm: 'RSAwithSHA256',
+ },
+ };
+ cy.apiUpdateConfig(test1Settings).then(() => {
+ testSettings.user = regular1;
+ cy.oktaGetOrCreateUser(testSettings.user).then((oktaUserId) => {
+ cy.oktaDeleteSession(oktaUserId);
+ cy.doSamlLogin(testSettings).then(() => {
+ cy.doOktaLogin(testSettings.user).then(() => {
+ cy.skipOrCreateTeam(testSettings, oktaUserId);
+ cy.oktaDeleteSession(oktaUserId);
+ });
+ });
+ });
+ });
+ });
+
+ it('SAML Signature Algorithm using RSAwithSHA512', () => {
+ cy.apiAdminLogin();
+ const test1Settings = {
+ ...newConfig,
+ SamlSettings: {
+ ...newConfig.SamlSettings,
+ SignatureAlgorithm: 'RSAwithSHA512',
+ },
+ };
+ cy.apiUpdateConfig(test1Settings).then(() => {
+ testSettings.user = regular1;
+ cy.oktaGetOrCreateUser(testSettings.user).then((oktaUserId) => {
+ cy.oktaDeleteSession(oktaUserId);
+ cy.doSamlLogin(testSettings).then(() => {
+ cy.doOktaLogin(testSettings.user).then(() => {
+ cy.skipOrCreateTeam(testSettings, oktaUserId);
+ });
+ });
+ });
+ });
+ });
+ });
+});