From 6245830e3188417acba7f90195e17cd0ec1aa1d1 Mon Sep 17 00:00:00 2001 From: Michiel Kodde Date: Mon, 12 Feb 2024 16:05:32 +0100 Subject: [PATCH] Repair the ra_candidate features The Event stream needed some tweaking (mainly to get my first name out of the identities ;) ) --- .../behat/features/bootstrap/RaContext.php | 1 - .../tests/behat/features/ra_candidate.feature | 59 +++++++++++-------- .../behat/features/ra_candidate2.feature | 20 ++++--- .../behat/features/ra_candidate3.feature | 7 +-- stepup/tests/behat/fixtures/events.sql | 4 +- 5 files changed, 51 insertions(+), 40 deletions(-) diff --git a/stepup/tests/behat/features/bootstrap/RaContext.php b/stepup/tests/behat/features/bootstrap/RaContext.php index dd6f9e8..3bfbfb4 100644 --- a/stepup/tests/behat/features/bootstrap/RaContext.php +++ b/stepup/tests/behat/features/bootstrap/RaContext.php @@ -495,7 +495,6 @@ public function iVisitTheRAManagementPage() public function iRelieveOfHisRole($userName, $institution, $role) { $page = $this->minkContext->getSession()->getPage(); - // There should be a td with the username in it, select that TR to press that button on. $searchResult = $page->findAll('xpath', sprintf("//tr[./td[contains(.,'%s')]]", $userName)); diff --git a/stepup/tests/behat/features/ra_candidate.feature b/stepup/tests/behat/features/ra_candidate.feature index e6d1a51..ba700e0 100644 --- a/stepup/tests/behat/features/ra_candidate.feature +++ b/stepup/tests/behat/features/ra_candidate.feature @@ -1,4 +1,3 @@ -@SKIP Feature: A RAA manages ra candidates in the ra environment In order to promote candidates As a RAA @@ -8,11 +7,12 @@ Feature: A RAA manages ra candidates in the ra environment Given institution "institution-a.example.com" can "select_raa" from institution "institution-a.example.com" And institution "institution-b.example.com" can "select_raa" from institution "institution-a.example.com" And institution "institution-d.example.com" can "select_raa" from institution "institution-a.example.com" - And a user "Jane Toppan" identified by "urn:collab:person:institution-a.example.com:jane-a-ra" from institution "institution-a.example.com" + And a user "jane-a-ra" identified by "urn:collab:person:institution-a.example.com:jane-a-ra" from institution "institution-a.example.com" + And a user "jane-a1" identified by "urn:collab:person:institution-a.example.com:jane-a1" from institution "institution-a.example.com" # The two users below are only used to create institutions for the SRAA switcher - And a user "DUMMY1" identified by "urn:collab:person:institution-b.example.com:dummy1" from institution "institution-b.example.com" - And a user "DUMMY2" identified by "urn:collab:person:institution-d.example.com:dummy2" from institution "institution-d.example.com" - And the user "urn:collab:person:institution-a.example.com:jane-a-ra" has a vetted "yubikey" + And a user "user-b1" identified by "urn:collab:person:institution-b.example.com:user-b1" from institution "institution-b.example.com" + And a user "user-b2" identified by "urn:collab:person:institution-d.example.com:user-b2" from institution "institution-d.example.com" + And the user "urn:collab:person:institution-a.example.com:jane-a-ra" has a vetted "yubikey" with identifier "00000001" And the user "urn:collab:person:institution-a.example.com:jane-a-ra" has the role "raa" for institution "institution-a.example.com" And the user "urn:collab:person:institution-a.example.com:jane-a-ra" has the role "raa" for institution "institution-b.example.com" And the user "urn:collab:person:institution-a.example.com:jane-a-ra" has the role "raa" for institution "institution-d.example.com" @@ -21,56 +21,67 @@ Feature: A RAA manages ra candidates in the ra environment Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA promotion page Then I should see the following candidates: - | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | - | Admin | dev.openconext.local | + | name | institution | + | jane-a-ra | institution-a.example.com | + | jane-b1 institution-b.example.com | institution-b.example.com | + | user-b-ra institution-b.example.com | institution-b.example.com | + | user-b5 institution-b.example.com | institution-b.example.com | + | Admin | dev.openconext.local | + | SRAA2 | dev.openconext.local | Scenario: SRAA user checks if "Jane Toppan" is a candidate for all institutions (with filtering on institution-a) Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA promotion page Then I should see the following candidates for "institution-a.example.com": | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | + | jane-a-ra | institution-a.example.com | + Scenario: SRAA user checks if "Jane Toppan" is a candidate for all institutions (with filtering on institution-b) Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA promotion page Then I should see the following candidates for "institution-b.example.com": - | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | + | name | institution | + | jane-b1 institution-b.example.com | institution-b.example.com | + | user-b-ra institution-b.example.com | institution-b.example.com | + | user-b5 institution-b.example.com | institution-b.example.com | - Scenario: SRAA user demotes "Jane" to no longer be an RAA for "institution-a" + Scenario: SRAA user demotes "jane-a-ra" to no longer be an RAA for "institution-a" Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA Management page - Then I relieve "Jane Toppan" from "institution-a.example.com" of his "RAA" role + Then I relieve "jane-a-ra" from "institution-a.example.com" of his "RAA" role Scenario: SRAA user checks if "Jane Toppan" is a candidate for "institution-a" Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA promotion page Then I should see the following candidates for "institution-a.example.com": - | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | - | Jane Toppan | institution-a.example.com | + | name | institution | + | jane-a-ra | institution-a.example.com | + | jane-b1 institution-b.example.com | institution-b.example.com | + | user-b-ra institution-b.example.com | institution-b.example.com | + | user-b5 institution-b.example.com | institution-b.example.com | Scenario: SRAA user checks if "Jane Toppan" is not a candidate for "institution-b" Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA promotion page Then I should see the following candidates for "institution-b.example.com": - | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | + | name | institution | + | jane-b1 institution-b.example.com | institution-b.example.com | + | user-b-ra institution-b.example.com | institution-b.example.com | + | user-b5 institution-b.example.com | institution-b.example.com | Scenario: SRAA user checks if "Jane Toppan" is not listed for "institution-a" Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA Management page Then I should see the following raas: - | name | institution | role | - | Jane Toppan | institution-b.example.com | RAA | - | Jane Toppan | institution-d.example.com | RAA | + | name | institution | role | + | jane-a-ra | institution-b.example.com | RAA | + | jane-a-ra | institution-d.example.com | RAA | Scenario: SRAA user checks if "Jane Toppan" is listed for "institution-b" Given I am logged in into the ra portal as "admin" with a "yubikey" token When I visit the RA Management page Then I should see the following raas: - | name | institution | role | - | Jane Toppan | institution-b.example.com | RAA | - | Jane Toppan | institution-d.example.com | RAA | + | name | institution | role | + | jane-a-ra | institution-b.example.com | RAA | + | jane-a-ra | institution-d.example.com | RAA | diff --git a/stepup/tests/behat/features/ra_candidate2.feature b/stepup/tests/behat/features/ra_candidate2.feature index acf3163..126ed72 100644 --- a/stepup/tests/behat/features/ra_candidate2.feature +++ b/stepup/tests/behat/features/ra_candidate2.feature @@ -1,4 +1,3 @@ -@SKIP Feature: A RAA manages ra candidates in the ra environment (see: https://www.pivotaltracker.com/story/show/171703175) In order to promote candidates As a RAA @@ -11,16 +10,19 @@ Feature: A RAA manages ra candidates in the ra environment (see: https://www.piv And institution "institution-d.example.com" can "select_raa" from institution "institution-a.example.com" - And a user "joe-a-raa institution-a" identified by "urn:collab:person:institution-a.example.com:joe-a-raa" from institution "institution-a.example.com" - And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" + And a user "joe-a-raa institution-a" identified by "urn:collab:person:institution-a.example.com:joe-a-raa" from institution "institution-a.example.com" with UUID "3af4eba5-8d1b-4da4-a6ba-c730356f36e1" + And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" identified by "00000002" And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has the role "raa" for institution "institution-a.example.com" + And a user "jane-a2 institution-a" identified by "urn:collab:person:institution-a.example.com:jane-a2" from institution "institution-a.example.com" with UUID "3af4eba5-8d1b-4da4-a6ba-c730356f36e2" + And the user "urn:collab:person:institution-a.example.com:jane-a2" has a vetted "yubikey" identified by "00000003" - And a user "jane-d-raa institution-d.nl" identified by "urn:collab:person:institution-d.example.com:jane-d-raa" from institution "institution-d.example.com" - And the user "urn:collab:person:institution-d.example.com:jane-d-raa" has a vetted "yubikey" + And a user "jane-d-raa institution-d.nl" identified by "urn:collab:person:institution-d.example.com:jane-d-raa" from institution "institution-d.example.com" with UUID "3af4eba5-8d1b-4da4-a6ba-c730356f36e3" + And the user "urn:collab:person:institution-d.example.com:jane-d-raa" has a vetted "yubikey" identified by "00000004" - Scenario: RAA from instititution a should not see an RA(A) candidate from institution d + Scenario: RAA from institution a should not see an RA(A) candidate from institution d Given I am logged in into the ra portal as "joe-a-raa" with a "yubikey" token When I visit the RA promotion page - Then I should see the following candidates for "institution-d.example.com": - | name | institution | - | jane-a1 institution-a.example.com | institution-a.example.com | + Then I should see the following candidates for "institution-a.example.com": + | name | institution | + | jane-a2 institution-a | institution-a.example.com | + | joe-a-raa institution-a | institution-a.example.com | diff --git a/stepup/tests/behat/features/ra_candidate3.feature b/stepup/tests/behat/features/ra_candidate3.feature index fda072e..859afb1 100644 --- a/stepup/tests/behat/features/ra_candidate3.feature +++ b/stepup/tests/behat/features/ra_candidate3.feature @@ -1,4 +1,3 @@ -@SKIP Feature: A RAA manages ra candidates from virtual institutions in the ra environment In order to promote candidates from virtual institutions As a RAA @@ -12,13 +11,13 @@ Feature: A RAA manages ra candidates from virtual institutions in the ra environ And institution "institution-d.example.com" can "select_raa" from institution "institution-a.example.com" And a user "joe-a-raa institution-a" identified by "urn:collab:person:institution-a.example.com:joe-a-raa" from institution "institution-a.example.com" with UUID "00000000-0000-4000-8000-000000000010" - And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" + And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" identified by "00000004" Scenario: RAA from institution a should see "joe-a-raa" as an RA(A) candidate from "institution-d" Given I am logged in into the ra portal as "admin" with a "yubikey" token And I visit the "management/create-ra/00000000-0000-4000-8000-000000000010" page in the RA environment Then the "#ra_management_create_ra_roleAtInstitution_institution" element should contain "institution-a.example.com" - And the "#ra_management_create_ra_roleAtInstitution_institution" element should contain "institution-d.example.com" + And the "#ra_management_create_ra_roleAtInstitution_institution" element should contain "institution-b.example.com" Scenario: SRAA user promotes "joe-a-raa" to be a RA for "institution-d" Given I am logged in into the ra portal as "admin" with a "yubikey" token @@ -29,7 +28,7 @@ Feature: A RAA manages ra candidates from virtual institutions in the ra environ Given I am logged in into the ra portal as "admin" with a "yubikey" token And I visit the "management/create-ra/00000000-0000-4000-8000-000000000010" page in the RA environment Then the "#ra_management_create_ra_roleAtInstitution_institution" element should contain "institution-a.example.com" - And the "#ra_management_create_ra_roleAtInstitution_institution" element should not contain "institution-d.example.com" + And the "#ra_management_create_ra_roleAtInstitution_institution" element should not contain "institution-c.example.com" Scenario: SRAA user demotes "joe-a-raa" from a RA of "institution-d" Given I am logged in into the ra portal as "admin" with a "yubikey" token diff --git a/stepup/tests/behat/fixtures/events.sql b/stepup/tests/behat/fixtures/events.sql index f807cd1..5629575 100644 --- a/stepup/tests/behat/fixtures/events.sql +++ b/stepup/tests/behat/fixtures/events.sql @@ -40,7 +40,7 @@ CREATE TABLE `event_stream` ( LOCK TABLES `event_stream` WRITE; /*!40000 ALTER TABLE `event_stream` DISABLE KEYS */; -INSERT INTO `event_stream` VALUES ('0007699b-7a29-4526-9e08-fe291806361f',0,'{\"class\":\"Broadway\\\\Domain\\\\Metadata\",\"payload\":[]}','{\"class\":\"Surfnet\\\\Stepup\\\\Identity\\\\Event\\\\IdentityCreatedEvent\",\"payload\":{\"id\":\"0007699b-7a29-4526-9e08-fe291806361f\",\"institution\":\"dev.openconext.local\",\"name_id\":\"urn:collab:person:dev.openconext.local:michiel\",\"preferred_locale\":\"en_GB\"}}','2023-09-14T12:22:22.541496+00:00','Surfnet.Stepup.Identity.Event.IdentityCreatedEvent'),('0007699b-7a29-4526-9e08-fe291806361f',1,'{\"class\":\"Broadway\\\\Domain\\\\Metadata\",\"payload\":[]}','{\"class\":\"Surfnet\\\\Stepup\\\\Identity\\\\Event\\\\YubikeySecondFactorBootstrappedEvent\",\"payload\":{\"identity_id\":\"0007699b-7a29-4526-9e08-fe291806361f\",\"name_id\":\"urn:collab:person:dev.openconext.local:michiel\",\"identity_institution\":\"dev.openconext.local\",\"preferred_locale\":\"en_GB\",\"second_factor_id\":\"f2b1e616-ecde-458b-9f12-1536ad63ded0\"}}','2023-09-14T12:22:22.545350+00:00','Surfnet.Stepup.Identity.Event.YubikeySecondFactorBootstrappedEvent'),('12345678-abcd-4321-abcd-123456789012',0,'{\"class\":\"Broadway\\\\Domain\\\\Metadata\",\"payload\":[]}','{\"class\":\"Surfnet\\\\Stepup\\\\Configuration\\\\Event\\\\NewConfigurationCreatedEvent\",\"payload\":{\"id\":\"12345678-abcd-4321-abcd-123456789012\"}}','2023-07-19T06:46:34.940735+00:00','Surfnet.Stepup.Configuration.Event.NewConfigurationCreatedEvent'),('12345678-abcd-4321-abcd-123456789012',1,'{\"class\":\"Broadway\\\\Domain\\\\Metadata\",\"payload\":[]}','{\"class\":\"Surfnet\\\\Stepup\\\\Configuration\\\\Event\\\\ConfigurationUpdatedEvent\",\"payload\":{\"id\":\"12345678-abcd-4321-abcd-123456789012\",\"new_configuration\":{\"sraa\":[\"urn:collab:person:dev.openconext.local:admin\",\"urn:collab:person:dev.openconext.local:pieter\",\"urn:collab:person:dev.openconext.local:joost\"],\"email_templates\":{\"confirm_email\":{\"en_GB\":\"

Dear {{ commonName }},<\\/p>

Thank you for registering your token. Please visit this link to verify your email address:<\\/p>

{{ verificationUrl }}<\\/a><\\/p>

If you can not click on the URL, please copy the link and paste it in the address bar of your browser.<\\/p>\",\"nl_NL\":\"

Beste {{ commonName }},<\\/p>

Bedankt voor het registreren van je token. Klik op onderstaande link om je e-mailadres te bevestigen:<\\/p>

{{ verificationUrl }}<\\/a><\\/p>

Is klikken op de link niet mogelijk? Kopieer dan de link en plak deze in de adresbalk van je browser.<\\/p>\"},\"registration_code_with_ras\":{\"en_GB\":\"

Dear {{ commonName }},<\\/p>

Thank you for registering your token. Please visit one of the locations below within 14 days to get your token activated. After {{ expirationDate | localizeddate(\'full\', \'none\', locale) }} your activation code is no longer valid.<\\/p>

Please bring the following:<\\/p>