diff --git a/integration-tests/README.md b/integration-tests/README.md index c57d4517..ed493ed0 100644 --- a/integration-tests/README.md +++ b/integration-tests/README.md @@ -10,12 +10,13 @@ The integration test defines some flags. Use the following command to see them. ### Setup The integration tests can be run directly with Go or with a Docker container. -You must pass the app's credentials to the tests through environment -variables as follows: +You must pass your [MIRACL Trust Portal](https://trust.miracl.cloud) application's +credentials to the tests through environment variables as follows: ``` bash export CLIENT_ID= export CLIENT_SECRET= +export PROJECT_DOMAIN= ``` ### Run @@ -23,7 +24,8 @@ export CLIENT_SECRET= ```bash go test . \ -client-id $CLIENT_ID \ - -client-secret $CLIENT_SECRET + -client-secret $CLIENT_SECRET \ + -project-domain $PROJECT_DOMAIN ``` ### Build and run the test binary @@ -32,7 +34,8 @@ go test . \ go test -mod=vendor -c -o integration-tests . ./integration-tests \ -client-id $CLIENT_ID \ - -client-secret $CLIENT_SECRET + -client-secret $CLIENT_SECRET \ + -project-domain $PROJECT_DOMAIN ``` ### See flags @@ -48,5 +51,6 @@ docker run \ --network host \ ghcr.io/miracl/oidc-samples/integration-tests:latest \ --client-id $CLIENT_ID \ - --client-secret $CLIENT_SECRET + --client-secret $CLIENT_SECRET \ + --project-domain $PROJECT_DOMAIN ``` diff --git a/integration-tests/auth_utils.go b/integration-tests/auth_utils.go index af8bd80a..568f0c56 100644 --- a/integration-tests/auth_utils.go +++ b/integration-tests/auth_utils.go @@ -71,7 +71,7 @@ func pass1Request(httpClient *http.Client, identity identity, proof []byte, scop resp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/pass1", + options.projectDomain+"/rps/v2/pass1", "POST", payload, ) @@ -99,7 +99,7 @@ func pass2Request(httpClient *http.Client, identity identity, proof []byte, wid resp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/pass2", + options.projectDomain+"/rps/v2/pass2", "POST", payload, ) @@ -123,7 +123,7 @@ func authenticateRequest(httpClient *http.Client, authOTT string) (authResponse resp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/authenticate", + options.projectDomain+"/rps/v2/authenticate", "POST", payload, ) @@ -147,7 +147,7 @@ func accessRequest(httpClient *http.Client, webOTT string) (accessResponse *acce resp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/access", + options.projectDomain+"/rps/v2/access", "POST", payload, ) diff --git a/integration-tests/main_test.go b/integration-tests/main_test.go index 4389da6f..cb775a32 100644 --- a/integration-tests/main_test.go +++ b/integration-tests/main_test.go @@ -10,9 +10,8 @@ import ( var options struct { clientID string clientSecret string - projectID string redirectURL string - apiURL string + projectDomain string sampleURL string proxyHost string proxyPort string @@ -23,11 +22,10 @@ var options struct { } func TestMain(m *testing.M) { - flag.StringVar(&options.clientID, "client-id", "", "the client id for the portal app") - flag.StringVar(&options.clientSecret, "client-secret", "", "the client secret for the portal app") - flag.StringVar(&options.projectID, "project-id", "", "the project id for the portal app") - flag.StringVar(&options.redirectURL, "redirect-url", "http://localhost:8000/login", "the redirect url from the portal app") - flag.StringVar(&options.apiURL, "api-url", "https://api.mpin.io", "the mpin api URL") + flag.StringVar(&options.clientID, "client-id", "", "the client id of your MIRACL Trust Portal application") + flag.StringVar(&options.clientSecret, "client-secret", "", "the client secret of your MIRACL Trust Portal application") + flag.StringVar(&options.redirectURL, "redirect-url", "http://localhost:8000/login", "the redirect url of your MIRACL Trust Portal application") + flag.StringVar(&options.projectDomain, "project-domain", "", "the project domain of your MIRACL Trust Portal application") flag.StringVar(&options.sampleURL, "sample-url", "http://127.0.0.1:8000", "the sample URL") flag.StringVar(&options.proxyHost, "proxy-host", "", "Sample's proxy HOST") flag.StringVar(&options.proxyPort, "proxy-port", "", "Sample's proxy PORT") @@ -38,6 +36,10 @@ func TestMain(m *testing.M) { flag.Parse() + if options.projectDomain == "" { + fmt.Println("ERROR: project-domain is missing.\nUse -h flag to see all args.") + } + if options.clientSecret == "" && options.clientID == "" { fmt.Println("ERROR: client-id and client-secret args are missing.\nUse -h flag to see all args.") os.Exit(1) diff --git a/integration-tests/register_utils.go b/integration-tests/register_utils.go index fb7a3f9a..b2ccfdd5 100644 --- a/integration-tests/register_utils.go +++ b/integration-tests/register_utils.go @@ -12,18 +12,18 @@ import ( "code.miracl.com/maas/maas/src/lib/gomiracl/wrap" ) -func createSession(httpClient *http.Client, userID string) (*sessionResponse, error) { +func createSession(httpClient *http.Client, projectID, userID string) (*sessionResponse, error) { sessionRequest := &struct { ProjectID string `json:"projectId"` UserID string `json:"userId"` }{ - options.projectID, + projectID, userID, } sessionResp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/session", + options.projectDomain+"/rps/v2/session", http.MethodPost, sessionRequest, header{Key: "Content-Type", Value: "application/json"}) @@ -40,9 +40,9 @@ func createSession(httpClient *http.Client, userID string) (*sessionResponse, er return createSessionResponse, nil } -func register(httpClient *http.Client, userID, deviceName string, pin int, accessID string) (i identity, err error) { +func register(httpClient *http.Client, projectID, userID, deviceName string, pin int, accessID string) (i identity, err error) { // Call to /verification endpoint. - verifyURL, err := verificationRequest(httpClient, userID, deviceName, accessID) + verifyURL, err := verificationRequest(httpClient, userID, deviceName, accessID, projectID) if err != nil { return identity{}, err } @@ -65,6 +65,28 @@ func register(httpClient *http.Client, userID, deviceName string, pin int, acces return id, nil } +func getProjectID(httpClient *http.Client) (projectID string, err error) { + resp, err := makeRequest( + httpClient, + options.projectDomain+"/.well-known/project-configuration", + "GET", + nil, + ) + if err != nil { + return "", err + } + + var projectResponse *struct { + ID string `json:"id"` + } + + if err := json.Unmarshal(resp, &projectResponse); err != nil { + return "", err + } + + return projectResponse.ID, nil +} + func newIdentity(httpClient *http.Client, userID, deviceName, accessID, activationToken string, pin int) (i identity, err error) { // Call to /rps/v2/user endpoint. regResponse, err := registerRequest(httpClient, userID, deviceName, accessID, activationToken) @@ -103,7 +125,7 @@ func newIdentity(httpClient *http.Client, userID, deviceName, accessID, activati }, nil } -func verificationRequest(httpClient *http.Client, userID, deviceName, accessID string) (string, error) { +func verificationRequest(httpClient *http.Client, userID, deviceName, accessID, projectID string) (string, error) { clientIDAndSecret := options.clientID + ":" + options.clientSecret authHeaderValue := "Basic " + b64.StdEncoding.EncodeToString([]byte(clientIDAndSecret)) @@ -115,7 +137,7 @@ func verificationRequest(httpClient *http.Client, userID, deviceName, accessID s Delivery string `json:"delivery"` Authorization string `json:"-"` }{ - options.projectID, + projectID, userID, deviceName, accessID, @@ -125,7 +147,7 @@ func verificationRequest(httpClient *http.Client, userID, deviceName, accessID s resp, err := makeRequest( httpClient, - options.apiURL+"/verification", + options.projectDomain+"/verification", "POST", payload, header{Key: "Authorization", Value: authHeaderValue}, @@ -158,7 +180,7 @@ func registerRequest(httpClient *http.Client, userID, deviceName, accessID, acti resp, err := makeRequest( httpClient, - options.apiURL+"/rps/v2/user", + options.projectDomain+"/rps/v2/user", "PUT", payload, header{Key: "X-MIRACL-CID", Value: "mcl"}, @@ -180,7 +202,7 @@ var errInvalidSignatureResponse = errors.New("invalid signature response") func signatureRequest(httpClient *http.Client, mpinID, regOTT string) (*signatureResponse, error) { resp, err := makeRequest( httpClient, - fmt.Sprintf(options.apiURL+"/rps/v2/signature/%v?regOTT=%v", mpinID, regOTT), + fmt.Sprintf(options.projectDomain+"/rps/v2/signature/%v?regOTT=%v", mpinID, regOTT), "GET", nil, ) @@ -239,7 +261,7 @@ func verificationConfirmation(httpClient *http.Client, userID, code string) (str resp, err := makeRequest( httpClient, - options.apiURL+"/verification/confirmation", + options.projectDomain+"/verification/confirmation", "POST", payload, ) diff --git a/integration-tests/sample_test.go b/integration-tests/sample_test.go index 2d966054..ea3fec7c 100644 --- a/integration-tests/sample_test.go +++ b/integration-tests/sample_test.go @@ -23,7 +23,12 @@ func TestAuth(t *testing.T) { }, } - sessionResponse, err := createSession(httpClient, userID) + projectID, err := getProjectID(httpClient) + if err != nil { + t.Fatalf("failed to get project configuration: %v", err.Error()) + } + + sessionResponse, err := createSession(httpClient, projectID, userID) if err != nil { t.Fatalf("failed to create session: %v", err.Error()) } @@ -35,7 +40,7 @@ func TestAuth(t *testing.T) { accessID := qrURL.Fragment - identity, err := register(httpClient, userID, deviceName, pin, accessID) + identity, err := register(httpClient, projectID, userID, deviceName, pin, accessID) if err != nil { t.Fatalf("Error registering: %v", err) } @@ -70,6 +75,11 @@ func TestValidateSignature(t *testing.T) { }, } + projectID, err := getProjectID(httpClient) + if err != nil { + t.Fatalf("failed to get project configuration: %v", err.Error()) + } + client := newSampleClient(options.sampleURL, httpClient) client.restart(options.restarterHost, options.restarterPort, options.sampleName) @@ -83,7 +93,7 @@ func TestValidateSignature(t *testing.T) { deviceName := "The device of " + name pin := randPIN() - sessionResponse, err := createSession(httpClient, userID) + sessionResponse, err := createSession(httpClient, projectID, userID) if err != nil { t.Fatalf("failed to create session: %v", err.Error()) } @@ -95,7 +105,7 @@ func TestValidateSignature(t *testing.T) { accessID := qrURL.Fragment - identity, err := register(httpClient, userID, deviceName, pin, accessID) + identity, err := register(httpClient, projectID, userID, deviceName, pin, accessID) if err != nil { t.Fatalf("Error registering: %v", err) } @@ -126,7 +136,7 @@ func modifySignatureHandler(w http.ResponseWriter, r *http.Request) { defer r.Body.Close() - const jwksURI = "https://api.mpin.io:443/oidc/certs" + var jwksURI = options.projectDomain + "/oidc/certs" originalRequestURL := r.Header.Get("X-Forwarded-Host") if originalRequestURL == jwksURI {