Build and ship CSS for SP Portal https://fedorahosted.org/ipsilon/ticket/148 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add CSS to preview an uploaded image https://fedorahosted.org/ipsilon/ticket/148 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add test suite for database upgrades Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Report to user if an LDAP error occurs Catch LDAP errors and display them properly rather than just dumping the exception. Rename variable authed to authok. Add test for case where LDAP server is not started to confirm the user receives the error alert. https://fedorahosted.org/ipsilon/ticket/55 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Clear testdir before test run Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
pylint 1.4.3 version fixes Pylint 1.4.3 completely stopped recognizing the star-args condition. In order to avoid pylint error with > 1.4.3 stop caring for star-args and add cmdline option to ignore those errors completly so older pylint versions are happy too. Also fix type() vs isinstance() checks, isinstance is generally a more correct approach to check for classes. In some 'admin' files the type() -> isinstance() fix required to invert the order in which ComplexList and MappingList are checked as the latter is a subclass of ComplexList, so it needs to be checked first otherwise the check for isinstance(option, ComplexList) matches for both and the code stops functioning properly. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Configure a KDC, add test for GSSAPI/Kerberos Using nss_wrappers so we can control host names we can setup a KDC and test GSSAPI, including fallback to forms-based auth. This also means that fetch_page() needs to handle 401 a bit better, so it can re-try a failed authentication or fall back to forms-based auth. Note for posterity: if gss_localname() fails this is likely due to using the wrong krb5.conf in Apache, so pass in all environment variables. The KDC setup code was based heavily on the tests in the gssproxy project. https://fedorahosted.org/ipsilon/ticket/116 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Add OpenID test suite This tests core OpenID and the Attribute Exchange, Simple Registration and Teams extensions. Using a small wsgi tool because mod_auth_openid does not support all extensions. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Add test for per-SP allowed and mapping attributes This buidls up a specific global mapping and allowed attributes then creates an SP-specific configuration which differs enough to confirm that it is in fact overriding the default. It finishes by removing the per-SP configuration and ensuring that it falls back to the IdP-default. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Check if test deps are installed https://fedorahosted.org/ipsilon/ticket/91 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Add tests for Name ID functionality Some Name ID formats are not implemented so are expected to fail. Kerberos is implemented but the test is done using form authentication so no Kerberos principal is available so authentication is denied. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Add LDAP test This finally tests the LDAP login/info plugins as well as the special "groups" attribute. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Build dated RPMs by default This stores the build date and git commit in the version. This way, it's a lot easier to determine when it was last built. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Use the IPA API directly when adding the HTTP principal This is the only way to force in a custom version string so that the remote IPA server doesn't reject the request as being newer than the server. This also removes the need to iterate over all servers as the IPA connection API does this automatically. https://fedorahosted.org/ipsilon/ticket/47 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Add test for REST Service Provider GET and POST Provision two Service Providers then test: - We can fetch a blank list of SPs - Add an SP via the admin interface - We get list of all SPs and that is it - Add an SP via POST - We get list of all SPs and now there are two - We get a specific SP and confirm we got the right one. https://fedorahosted.org/ipsilon/ticket/26 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Add Policy class to help filter attributes Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Test for Single Logout Service https://fedorahosted.org/ipsilon/ticket/24 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Make test results more clear Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Add test to check file based configuration works This is a stripped down version of test1 that manually stored the configuration of the IDP as well as the SP metadata in the admin.conf file, and then check thatthe SP can be successfully used. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add test to check a real database (pgsql) works Change config template to e able to set up ipsilon with an extrenal database. For the easy install the database server must have 3 datbases configured, and named exactly: admincondif, userprefs, transactions If different names are required manual instalation will be necessary. Database URLs (including credentials) can be set using the new option named --database-url Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>