Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test RA authentication unhappy flow #16

Merged
merged 2 commits into from
Sep 23, 2024
Merged

Test RA authentication unhappy flow #16

merged 2 commits into from
Sep 23, 2024

Conversation

MKodde
Copy link
Member

@MKodde MKodde commented Sep 19, 2024

When logging in to the RA is not possible, we need to be sure the right error page is displayed. That is tested here.

See: https://www.pivotaltracker.com/n/projects/1163646/stories/188230772
See: OpenConext/Stepup-RA#332

@MKodde MKodde mentioned this pull request Sep 19, 2024
Merged
@MKodde MKodde force-pushed the feature/ra-authn-error branch 2 times, most recently from 3bfc4c1 to 8b3ea28 Compare September 19, 2024 07:29
@MKodde
Correct the selfService webauthn gssp pubkey
6c3756b 
It refered to a non existing key. Causing issues when consuming the
assertion from the gssp in the Gateway. The dreaded signature validation
failure would occur
@MKodde
Test RA error handling during authentcation
3ed0140
@MKodde MKodde force-pushed the feature/ra-authn-error branch from 8b3ea28 to 3ed0140 Compare September 19, 2024 07:40
MKodde
MKodde commented Sep 19, 2024
View reviewed changes
stepup/tests/behat/features/bootstrap/RaContext.php
Comment on lines +720 to +723
public function andIDie()
{
$this->diePrintingContent();
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usefull when writing the test, to view what's happening in the browser

stepup/tests/behat/features/ra_login-exception.feature
Comment on lines +24 to +25
Scenario: User "joe-a3" tries to login while no acceptable 2FA token is available
Given a user "joe-a3" identified by "urn:collab:person:institution-a.example.com:joe-a3" from institution "institution-a.example.com"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arguably, this scenario looks a lot like the previous one.. But it is somewhat different as this time the idenitty does have a token (but it is not suitable)

@MKodde MKodde requested a review from johanib September 19, 2024 07:42
@MKodde MKodde merged commit 381e005 into main Sep 23, 2024
2 checks passed
@MKodde MKodde deleted the feature/ra-authn-error branch September 23, 2024 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanib johanib johanib approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MKodde @johanib