Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: d3a57bc5c7
Ветки Метки
zammad
/
spec
/
models
/
setting
/
validation
/
saml
/
tls_spec.rb

tls_spec.rb 2.6 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Setting::Validation::Saml::TLS do
    6. 

  6. 

  7.   let(:setting_name) { 'auth_saml_credentials' }
    8. 

  8. 

  9.   context 'with blank settings' do
    10. 

  10.     it 'does not raise an error' do
    11. 

  11.       expect { Setting.set(setting_name, {}) }.not_to raise_error
    12. 

  12.     end
    13. 

  13.   end
    14. 

  14. 

  15.   context 'when changing only display_name' do
    16. 

  16.     it 'does not raise an error' do
    17. 

  17.       expect { Setting.set(setting_name, { display_name: 'Keycloak' }) }.not_to raise_error
    18. 

  18.     end
    19. 

  19.   end
    20. 

  20. 

  21.   context 'with self-signed certificate' do
    22. 

  22.     let(:setting_value) do
    23. 

  23.       {
    24. 

  24.         idp_sso_target_url:     'https://self-signed.badssl.com/',
    25. 

  25.         idp_slo_service_url:    'https://example.com',
    26. 

  26.         name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
    27. 

  27.         idp_cert:               '-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----',
    28. 

  28.         ssl_verify:             ssl_verify,
    29. 

  29.       }
    30. 

  30.     end
    31. 

  31. 

  32.     context 'when ssl verify is disabled' do
    33. 

  33.       let(:ssl_verify) { false }
    34. 

  34. 

  35.       it 'does not raise an error' do
    36. 

  36.         expect { Setting.set(setting_name, setting_value) }.not_to raise_error
    37. 

  37.       end
    38. 

  38.     end
    39. 

  39. 

  40.     context 'when ssl verify is enabled' do
    41. 

  41.       let(:ssl_verify) { true }
    42. 

  42. 

  43.       context 'with a SSL error' do
    44. 

  44.         it 'raises an error' do
    45. 

  45.           if ENV['CI'].present?
    46. 

  46.             result = UserAgent::Result.new(success: false, error: '#<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=')
    47. 

  47.             allow(UserAgent).to receive(:get).and_return(result)
    48. 

  48.           end
    49. 

  49. 

  50.           expect { Setting.set(setting_name, setting_value) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: The verification of the TLS connection failed. Please check the SAML IDP certificate.')
    51. 

  51.         end
    52. 

  52.       end
    53. 

  53. 

  54.       context 'with a HTTP error' do
    55. 

  55.         it 'raises no error' do
    56. 

  56.           result = UserAgent::Result.new(success: false, error: 'Client Error: #<Net::HTTPNotFound')
    57. 

  57.           allow(UserAgent).to receive(:get).and_return(result)
    58. 

  58. 

  59.           expect { Setting.set(setting_name, setting_value) }.not_to raise_error
    60. 

  60.         end
    61. 

  61.       end
    62. 

  62. 

  63.       context 'with a connection error' do
    64. 

  64.         it 'raises an error' do
    65. 

  65.           result = UserAgent::Result.new(success: false, error: '#<Errno::EHOSTUNREACH')
    66. 

  66.           allow(UserAgent).to receive(:get).and_return(result)
    67. 

  67. 

  68.           expect { Setting.set(setting_name, setting_value) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: The verification of the TLS connection is not possible. Please check the SAML IDP connection.')
    69. 

  69.         end
    70. 

  70.       end
    71. 

  71.     end
    72. 

  72.   end
    73. 

  73. end
    74.