Reinstate the Selenium behat tests

Test one and two have been fixed. The Yubikey and SMS tests could be enabled in the new (SSP based) test environment. The Tiqr variant could not yet be enabled as Tiqr is not functioning in that environment yet. During enabling the SMS test, I found out that the SMS Bypass fix was not taken into account in the existing sfo test. That has been updated.
OpenConext · Aug 10, 2023 · 09f0601 · 09f0601
1 parent 9da1c54
commit 09f0601
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 40 deletions.
diff --git a/public/index.php b/public/index.php
@@ -23,7 +23,10 @@
 // To run behat tests in smoketest mode, the app env needs to be 'dev' or 'test'
 // and the user agent needs to be that of the behat guzzle client.
 $isTestOrDev = ($_SERVER['APP_ENV'] === 'dev' || $_SERVER['APP_ENV'] === 'test');
-if ($isTestOrDev && $_SERVER['HTTP_USER_AGENT'] === 'Symfony BrowserKit') {
+// When running the selenium tests, a test cookie indicate if we should switch to the smoketest env
+$hasTestCookie = (array_key_exists('testcookie', $_COOKIE) && $_COOKIE['testcookie'] === 'testcookie');
+
+if (($isTestOrDev && $_SERVER['HTTP_USER_AGENT'] === 'Symfony BrowserKit') || ($isTestOrDev && $hasTestCookie)) {
     $_SERVER['APP_ENV'] = 'smoketest';
 }
 

diff --git a/tests/features/bootstrap/FeatureContext.php b/tests/features/bootstrap/FeatureContext.php
@@ -24,7 +24,6 @@
 use Behat\Mink\Exception\ExpectationException;
 use RuntimeException;
 use Surfnet\StepupGateway\Behat\Service\FixtureService;
-use function error_reporting;
 
 class FeatureContext implements Context
 {
@@ -158,6 +157,17 @@ public function iEnterTheSmsVerificationCode()
         $this->minkContext->pressButton('Submit');
     }
 
+    /**
+     * @When I enter the expired SMS verification code
+     */
+    public function iEnterTheExpiredSmsVerificationCode()
+    {
+        $cookieValue = $this->minkContext->getSession()->getDriver()->getCookie('smoketest-sms-service');
+        $matches = [];
+        preg_match('/^Your\ SMS\ code:\ (.*)$/', $cookieValue, $matches);
+        $this->minkContext->fillField('gateway_verify_sms_challenge_challenge', $matches[1]);
+        $this->minkContext->pressButton('gateway_verify_sms_challenge_verify_challenge');
+    }
 
     /**
      * @When I finish the Tiqr authentication
@@ -168,8 +178,6 @@ public function iFinishGsspAuthentication()
         $this->minkContext->pressButton('Submit');
     }
 
-
-
     /**
      * @Given /^a whitelisted institution ([^"]*)$/
      */
@@ -273,7 +281,7 @@ public function theResponseShouldHaveASSO2FACookie()
     /**
      * @Given /^the user cleared cookies from browser$/
      */
-    public function userClearedCookide()
+    public function userClearedCookies()
     {
         $this->minkContext->visit('https://gateway.stepup.example.com/info');
         $this->minkContext->getSession()->setCookie($this->sso2faCookieName, null);

diff --git a/tests/features/bootstrap/MinkContext.php b/tests/features/bootstrap/MinkContext.php
@@ -155,6 +155,10 @@ public function iShouldNotSeeUrl($url)
      */
     public function iOpenTwoBrowserTabsIdentifiedBy($numberOfTabs, $tabNames)
     {
+        // On successive scenarios, reset the session to get rid of browser (session) state from previous scenarios
+        if ($this->getMink()->getSession()->isStarted()) {
+            $this->getMink()->getSession()->restart();
+        }
         // Make sure the browser is ready (without this other browser interactions fail)
         $this->getSession()->visit($this->locatePath('#'));
 
@@ -164,6 +168,8 @@ public function iOpenTwoBrowserTabsIdentifiedBy($numberOfTabs, $tabNames)
                 'Please identify all tabs you are opening in order to refer to them at a later stage'
             );
         }
+        // Set the testcookie ensuring the selenium tests run in the smoketest env
+        $this->getMink()->getSession()->setCookie('testcookie', 'testcookie');
 
         foreach ($tabs as $tab) {
             $this->getMink()

diff --git a/tests/features/bootstrap/ServiceProviderContext.php b/tests/features/bootstrap/ServiceProviderContext.php
@@ -20,6 +20,7 @@
 
 use Behat\Behat\Context\Context;
 use Behat\Behat\Hook\Scope\BeforeScenarioScope;
+use Behat\Mink\Driver\Selenium2Driver;
 use Behat\Symfony2Extension\Context\KernelAwareContext;
 use RuntimeException;
 use RobRichards\XMLSecLibs\XMLSecurityKey;
@@ -38,7 +39,6 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpKernel\KernelInterface;
-use function http_build_query;
 
 class ServiceProviderContext implements Context, KernelAwareContext
 {
@@ -233,15 +233,15 @@ public function iStartAnADFSAuthenticationWithLoaRequirement($nameId, $loa)
     }
 
     /**
-     * @When /^([^\']*) starts an authentication$/
+     * @When /^([^\']*) starts an authentication at Default SP$/
      */
-    public function iStartAnAuthentication($nameId)
+    public function iStartAnAuthenticationAtDefaultSP($nameId)
     {
         $authnRequest = new AuthnRequest();
         // In order to later assert if the response succeeded or failed, set our own dummy ACS location
         $authnRequest->setAssertionConsumerServiceURL(SamlEntityRepository::SP_ACS_LOCATION);
         $issuerVo = new Issuer();
-        $issuerVo->setValue($this->currentSp['entityId']);
+        $issuerVo->setValue('https://ssp.stepup.example.com/module.php/saml/sp/metadata.php/default-sp');
         $authnRequest->setIssuer($issuerVo);
         $authnRequest->setDestination(self::SSO_ENDPOINT_URL);
         $authnRequest->setProtocolBinding(Constants::BINDING_HTTP_REDIRECT);
@@ -309,8 +309,10 @@ public function iAuthenticateAtTheIdp($username)
         $this->minkContext->fillField('password', $username);
         // Submit the form
         $this->minkContext->pressButton('Login');
-        // Submit the SAML Response
-        $this->minkContext->pressButton('Submit');
+        if (!$this->getSession()->getDriver() instanceof Selenium2Driver) {
+            // Submit the SAML Response
+            $this->minkContext->pressButton('Submit');
+        }
     }
 
     /**

diff --git a/tests/features/sfo-multiple-authentications.feature b/tests/features/sfo-multiple-authentications.feature
@@ -3,23 +3,24 @@ Feature: As an institution that uses the second factor only feature
   In order to facilitate SFO rollover from StepUp to EngineBlock
   I must be able to run SFO and regular authentications in parallel
   Background:
-    Given an SFO enabled SP with EntityID https://ssp.stepup.example.com/module.php/saml/sp/metadata.php/second-sp
+    Given an SP with EntityID https://ssp.stepup.example.com/module.php/saml/sp/metadata.php/default-sp
+    And an SFO enabled SP with EntityID https://ssp.stepup.example.com/module.php/saml/sp/metadata.php/second-sp
     And an IdP with EntityID https://ssp.stepup.example.com/saml2/idp/metadata.php
     And a whitelisted institution stepup.example.com
-    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:john_haack" with a vetted "Yubikey" token
-    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:john_haack" with a vetted "SMS" token
-    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:john_haack" with a vetted "tiqr" token
+    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:user-1" with a vetted "Yubikey" token
+    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:user-1" with a vetted "SMS" token
+    And a user from "stepup.example.com" identified by "urn:collab:person:stepup.example.com:user-1" with a vetted "tiqr" token
     And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2"
 
   Scenario: A regular and SFO authentication in parallel using Yubikey token
     When I switch to "Browser tab 1"
-    And urn:collab:person:stepup.example.com:john_haack starts an authentication
-    And I authenticate at the IdP
+    And urn:collab:person:stepup.example.com:user-1 starts an authentication at Default SP
+    And I authenticate at the IdP as user-1
     Then I should be on the WAYG
     And I select my Yubikey token on the WAYG
     And I should see the Yubikey OTP screen
     And I switch to "Browser tab 2"
-    And urn:collab:person:stepup.example.com:john_haack starts an SFO authentication
+    And urn:collab:person:stepup.example.com:user-1 starts an SFO authentication with LoA 2
     Then I should be on the WAYG
     And I select my Yubikey token on the WAYG
     And I should see the Yubikey OTP screen
@@ -31,36 +32,37 @@ Feature: As an institution that uses the second factor only feature
 
   Scenario: A regular and SFO authentication in parallel using SMS token
     When I switch to "Browser tab 1"
-    And urn:collab:person:stepup.example.com:john_haack starts an authentication
-    And I authenticate at the IdP
+    And urn:collab:person:stepup.example.com:user-1 starts an authentication at Default SP
+    And I authenticate at the IdP as user-1
     Then I should be on the WAYG
     And I select my SMS token on the WAYG
     And I should see the SMS verification screen
     And I switch to "Browser tab 2"
-    And urn:collab:person:stepup.example.com:john_haack starts an SFO authentication
+    And urn:collab:person:stepup.example.com:user-1 starts an SFO authentication with LoA 2
     Then I should be on the WAYG
     And I select my SMS token on the WAYG
     Then I should see the SMS verification screen
     When I enter the SMS verification code
     Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'
     When I switch to "Browser tab 1"
-    When I enter the SMS verification code
-    Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'
+    Then I enter the expired SMS verification code
+    And the response should contain 'gateway.form.send_sms_challenge.challenge_expired'
 
-  Scenario: A regular and SFO authentication in parallel using Tiqr token
-    When I switch to "Browser tab 1"
-    And urn:collab:person:stepup.example.com:john_haack starts an authentication
-    And I authenticate at the IdP
-    Then I should be on the WAYG
-    And I select my Tiqr token on the WAYG
-    Then I should see the Tiqr authentication screen
-    And I switch to "Browser tab 2"
-    And urn:collab:person:stepup.example.com:john_haack starts an SFO authentication
-    Then I should be on the WAYG
-    And I select my Tiqr token on the WAYG
-    Then I should see the Tiqr authentication screen
-    And I finish the Tiqr authentication
-    Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'
-    When I switch to "Browser tab 1"
-    And I finish the Tiqr authentication
-    Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'
+# Tiqr is not yet functioning in the Behat (smoketest) environment
+#  Scenario: A regular and SFO authentication in parallel using Tiqr token
+#    When I switch to "Browser tab 1"
+#    And urn:collab:person:stepup.example.com:user-1 starts an authentication at Default SP
+#    And I authenticate at the IdP as user-1
+#    Then I should be on the WAYG
+#    And I select my Tiqr token on the WAYG
+#    Then I should see the Tiqr authentication screen
+#    And I switch to "Browser tab 2"
+#    And urn:collab:person:stepup.example.com:user-1 starts an SFO authentication with LoA 2
+#    Then I should be on the WAYG
+#    And I select my Tiqr token on the WAYG
+#    Then I should see the Tiqr authentication screen
+#    And I finish the Tiqr authentication
+#    Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'
+#    When I switch to "Browser tab 1"
+#    And I finish the Tiqr authentication
+#    Then the response should match xpath '//samlp:StatusCode[@Value="urn:oasis:names:tc:SAML:2.0:status:Success"]'