Skip to content
This repository has been archived by the owner on Jul 12, 2024. It is now read-only.

Commit

Permalink
fix tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@christian-stauffer
christian-stauffer committed Feb 16, 2024
1 parent 5caaa0a commit d1a1010
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 20 deletions.
43 changes: 23 additions & 20 deletions conf/init.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,41 +18,44 @@ CREATE SCHEMA IF NOT EXISTS saml_sp ;
GRANT USAGE ON SCHEMA saml_sp TO leicom ;
GRANT ALL ON SCHEMA saml_sp TO leicom ;

-- general settings for the SAML Service Provider (SP)
CREATE TABLE IF NOT EXISTS saml_sp.config (
id INT PRIMARY KEY NOT NULL DEFAULT 1 CHECK (id = 1) , -- due to the architecture of eliona only one configuration (1 sso per instance) is possible
id INT PRIMARY KEY NOT NULL DEFAULT 1 CHECK (id = 1) , -- due to the architecture of eliona only one configuration (1 sso per instance) is possible
enable BOOLEAN NOT NULL DEFAULT true ,
sp_certificate TEXT NOT NULL ,
sp_private_key TEXT NOT NULL ,
idp_metadata_url TEXT ,
metadata_xml TEXT DEFAULT NULL ,
own_url TEXT NOT NULL ,
user_to_archive BOOLEAN NOT NULL DEFAULT false ,
allow_initialization_by_idp BOOLEAN NOT NULL DEFAULT false ,
signed_request BOOLEAN NOT NULL DEFAULT true ,
sp_certificate TEXT NOT NULL , -- own cert
sp_private_key TEXT NOT NULL , -- key to own cert
idp_metadata_url TEXT , -- url where IdP's metadata can fetched
metadata_xml TEXT DEFAULT NULL , -- if no url is avalable, insert metadata xml here
own_url TEXT NOT NULL , -- the own url e.g. https://my.eliona.xy
user_to_archive BOOLEAN NOT NULL DEFAULT false , -- put user to archive @ first login (do not allow login, if not verified by sys admin)
allow_initialization_by_idp BOOLEAN NOT NULL DEFAULT false , -- if the IdP can initialize the login (means, no SAML request was issued by our sp)
signed_request BOOLEAN NOT NULL DEFAULT true , -- sign the SAML request
force_authn BOOLEAN NOT NULL DEFAULT false ,
entity_id TEXT NOT NULL DEFAULT '{ownUrl}/saml/metadata',
cookie_secure BOOLEAN NOT NULL DEFAULT false ,
login_failed_url TEXT NOT NULL DEFAULT '{ownUrl}/noLogin'
login_failed_url TEXT NOT NULL DEFAULT '{ownUrl}/noLogin' -- redirect url when a user login fails
) ;

-- general settings for adding a user
CREATE TABLE IF NOT EXISTS saml_sp.attribute_map ( -- SAML session attribute names.
id INT PRIMARY KEY NOT NULL DEFAULT 1 REFERENCES saml_sp.config(id) ON UPDATE CASCADE ,
email TEXT NOT NULL DEFAULT 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
email TEXT NOT NULL DEFAULT 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn', -- SAML attribute email and login
first_name TEXT DEFAULT NULL ,
last_name TEXT DEFAULT NULL ,
phone TEXT DEFAULT NULL
) ;

-- settings for define users permissions
CREATE TABLE IF NOT EXISTS saml_sp.permissions (
id INT PRIMARY KEY NOT NULL DEFAULT 1 REFERENCES saml_sp.config(id) ON UPDATE CASCADE,
default_system_role TEXT NOT NULL DEFAULT 'System user' , -- reference to is maybe a bad idea (due to the new ACL)
default_proj_role TEXT NOT NULL DEFAULT 'Project user' , -- can be the role name or role id
default_language TEXT NOT NULL DEFAULT 'en' ,
system_role_saml_attribute TEXT ,
system_role_map JSON , -- e.g. {"firm xy-Admin":"System admin", ...}
proj_role_saml_attribute TEXT ,
proj_role_map JSON ,
language_saml_attribute TEXT ,
language_map JSON , -- e.g. {"Sprache:Deutsch":"de", "Sprache:Englisch":"en"}
default_system_role TEXT NOT NULL DEFAULT 'System user' , -- reference to is maybe a bad idea (due to the new ACL)
default_proj_role TEXT NOT NULL DEFAULT 'Project user' , -- can be the role display name or role id
default_language TEXT NOT NULL DEFAULT 'en' , -- see constraint
system_role_saml_attribute TEXT , -- attribute that contains the system roles which should be mapped
system_role_map JSON , -- e.g. {"firm xy-Admin":"System admin", ...}
proj_role_saml_attribute TEXT , -- attribute that contains the project roles which should be mapped
proj_role_map JSON , -- e.g. {"firm xy-Employee":"Project user", ...}
language_saml_attribute TEXT , -- attribute that contains the users language which should be mapped
language_map JSON , -- e.g. {"Sprache:Deutsch":"de", "Sprache:Englisch":"en"}
CONSTRAINT chk_language CHECK (default_language IN ('en', 'de', 'it', 'fr'))
) ;
3 changes: 3 additions & 0 deletions utils/testing.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ func CreateRandomApiPermissions() apiserver.Permissions {
SystemRoleMap: nil, // ToDo
ProjRoleSamlAttribute: nil, // ToDo
ProjRoleMap: nil, // ToDo
DefaultLanguage: "en",
LanguageSamlAttribute: nil, // ToDo
LanguageMap: nil, // ToDo
}

if RandomBoolean() {
Expand Down

0 comments on commit d1a1010

Please sign in to comment.