Merge pull request #1 from eliona-smart-building-assistant/testing

Testing
eliona-smart-building-assistant · Sep 29, 2023 · eb0f902 · eb0f902
2 parents 8a7a7e7 + 90fab4d
commit eb0f902
Show file tree

Hide file tree

Showing 13 changed files with 121 additions and 30 deletions.
diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
@@ -21,3 +21,6 @@ jobs:
           vuln-type: 'os,library'
           severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
           # skip-files: 'openapi.yaml'
+
+      - name: Build Docker Test IdP image
+        run: docker build --file Dockerfile-TestIdP .
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -22,9 +22,11 @@ jobs:
 
       - name: Run application tests
         id: run_app_test
-        run: go test -v ./...
+        run: go test -v ./... -cover
         env:
           CONNECTION_STRING: postgres://postgres:secret@172.17.0.1:5432?sslmode=disable
           API_ENDPOINT: http://172.17.0.1:3000/v2
           API_TOKEN: secret
+          APP_NAME: saml-sso
+          LOG_LEVEL: debug
           START_MODE: docker
diff --git a/Dockerfile-TestIdP b/Dockerfile-TestIdP
@@ -0,0 +1,42 @@
+#  This file is part of the eliona project.
+#  Copyright © 2023 Eliona by IoTEC AG. All Rights Reserved.
+#  ______ _ _
+# |  ____| (_)
+# | |__  | |_  ___  _ __   __ _
+# |  __| | | |/ _ \| '_ \ / _` |
+# | |____| | | (_) | | | | (_| |
+# |______|_|_|\___/|_| |_|\__,_|
+#
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+#  BUT NOT LIMITED  TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+#  DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# docker run -d -p 8000:8000 -v ./config.json:./cmd/identity_provider/cnf.json --name identity-provider identiryProviderImage
+
+FROM eliona/base-golang:latest-1-alpine AS build
+
+RUN apk add git
+
+WORKDIR /
+COPY . ./
+
+RUN go mod download
+RUN go build -o idp ./cmd/identity_provider/main.go
+
+FROM eliona/base-alpine:latest-3.17 AS target
+
+RUN apk update
+RUN apk upgrade
+
+COPY --from=build /idp ./
+COPY cmd/identity_provider/*.pem ./ cmd/identity_provider/
+COPY cmd/identity_provider/*.json ./ cmd/identity_provider/
+
+COPY openapi.yaml ./
+
+ENV APPNAME=saml-idp
+
+ENV TZ=Europe/Zurich
+CMD [ "/idp" ]
diff --git a/README.md b/README.md
@@ -16,21 +16,21 @@ This initialization can be handled by the `reset.sql` script.
 
 ### Environment variables
 
-<mark>Todo: Describe further environment variables tables the app needs for configuration</mark>
 
-
-- `APPNAME`: must be set to `template`. Some resources use this name to identify the app inside an Eliona environment.
+- `APPNAME`: must be set to `saml-sso`. Some resources use this name to identify the app inside an Eliona environment.
 
 - `CONNECTION_STRING`: configures the [Eliona database](https://github.com/eliona-smart-building-assistant/go-eliona/tree/main/db). Otherwise, the app can't be initialized and started. (e.g. `postgres://user:pass@localhost:5432/iot`)
 
 - `API_ENDPOINT`:  configures the endpoint to access the [Eliona API v2](https://github.com/eliona-smart-building-assistant/eliona-api). Otherwise, the app can't be initialized and started. (e.g. `http://api-v2:3000/v2`)
 
 - `API_TOKEN`: defines the secret to authenticate the app and access the Eliona API.
 
-- `API_SERVER_PORT`(optional): define the port the API server listens. The default value is Port `3000`. <mark>Todo: Decide if the app needs its own API. If so, an API server have to implemented and the port have to be configurable.</mark>
+- `API_SERVER_PORT`(optional): define the port the API server listens. The default value is Port `3000`.
 
 - `LOG_LEVEL`(optional): defines the minimum level that should be [logged](https://github.com/eliona-smart-building-assistant/go-utils/blob/main/log/README.md). The default level is `info`.
 
+- `SSO_SERVER_PORT` (optional): defines the port for Single Sign On Services, here SAML 2.0. The default value is Port `8080`.
+
 ### Database tables ###
 
 <mark>Todo: Describe the database objects the app needs for configuration</mark>

diff --git a/app.go b/app.go
@@ -32,9 +32,9 @@ import (
 )
 
 const (
-	LOG_REGIO        = "app"
-	API_SERVER_PORT  = 3000
-	SAML_SERVER_PORT = 8080
+	LOG_REGIO       = "app"
+	API_SERVER_PORT = 3000
+	SSO_SERVER_PORT = 8080
 
 	SAML_SPECIFIC_ENDPOINT_PATH = "/saml/"
 )
@@ -81,7 +81,7 @@ func run() {
 	}
 
 	apiPort := common.Getenv("API_SERVER_PORT", strconv.Itoa(API_SERVER_PORT))
-	samlSpPort := common.Getenv("SAML_SP_SERVER_PORT", strconv.Itoa(SAML_SERVER_PORT))
+	samlSpPort := common.Getenv("SSO_SERVER_PORT", strconv.Itoa(SSO_SERVER_PORT))
 
 	fmt.Println(basicConfig.OwnUrl + ":" + apiPort)
 	sp, err := saml.NewServiceProviderAdvanced(basicConfig.ServiceProviderCertificate,

diff --git a/conf/conf.go b/conf/conf.go
@@ -516,7 +516,7 @@ func UserLeicomInit() error {
 
 	if err != nil || userRet != userLeicom {
 		// user not exist
-		_, err = db.Exec("CREATE USER $1 NOLOGIN", userLeicom)
+		_, err = db.Exec("CREATE USER leicom NOLOGIN")
 	}
 
 	return err

diff --git a/conf/conf_test.go b/conf/conf_test.go
@@ -17,7 +17,6 @@ package conf_test
 
 import (
 	"context"
-	"fmt"
 	"saml-sso/apiserver"
 	"saml-sso/conf"
 	"saml-sso/utils"
@@ -191,8 +190,6 @@ func TestApp_Conf_InsertUpdateConfig(t *testing.T) {
 		if diff := deep.Equal(&advConfig1, advRet1); diff != nil {
 			t.Error("missmatch advanced config 1_1: ", diff)
 		}
-		fmt.Println(advConfig1)
-		fmt.Println(advConfig2)
 		advRet2, err := conf.SetAdvancedConfig(context.Background(), &advConfig2)
 		if err != nil {
 			t.Error(err)

diff --git a/eliona/apiv2.go b/eliona/apiv2.go
@@ -37,6 +37,12 @@ func NewEliApiV2() *EliApiV2 {
 	}
 }
 
+func (e *EliApiV2) GetApiVersion() (map[string]interface{}, error) {
+	ver, _, err := e.client.VersionAPI.GetVersion(e.authCtx).Execute()
+
+	return ver, err
+}
+
 func (e *EliApiV2) GetUserIfExists(email string) (*api.User, error) {
 	users, resp, err := e.client.UsersAPI.GetUsers(e.authCtx).Execute()
 	if err != nil {

diff --git a/eliona/apiv2_test.go b/eliona/apiv2_test.go
@@ -25,6 +25,15 @@ import (
 
 // need a running apiv2 and exported API_TOKEN / API_ENDPOINT
 
+func TestApp_EliApi_Version(t *testing.T) {
+	eApi := eliona.NewEliApiV2()
+	ver, err := eApi.GetApiVersion()
+	if err != nil {
+		t.Error("get version,  ", err)
+	}
+	t.Log("APIv2 Version: ", ver)
+}
+
 func TestApp_EliApi_AddUser(t *testing.T) {
 	fistName := "myFirstName"
 	lastName := "myLastName"

diff --git a/eliona/others.go b/eliona/others.go
@@ -20,31 +20,70 @@ package eliona
 import (
 	"database/sql"
 	"errors"
+	"strings"
 
 	"github.com/eliona-smart-building-assistant/go-eliona/app"
 	"github.com/eliona-smart-building-assistant/go-utils/db"
+	"github.com/eliona-smart-building-assistant/go-utils/log"
 )
 
 type ElionaJwt struct {
 	Jwt string
 }
 
+const (
+	OTHERS_GET_JWT_QUERY_V10 = "(SELECT public.make_jwt(jwt,secret) " +
+		"FROM  public.eliona_user u JOIN public.eliona_secret " +
+		"USING (schema), public.claim_jwt(role, now() + validity,user_id,null) jwt " +
+		"WHERE lower(u.email) = lower($1) AND NOT u.archived)"
+
+	OTHERS_GET_JWT_QUERY_V11 = "(SELECT public.make_jwt(jwt,secret) " +
+		"FROM  public.eliona_user u " +
+		"JOIN public.acl_role r ON (u.role_id = r.role_id) " +
+		"JOIN public.eliona_secret " +
+		"USING (schema), public.claim_jwt(role, now() + validity,user_id,null) jwt " +
+		"WHERE lower(u.email) = lower($1) AND NOT u.archived)"
+)
+
 func GetElionaJsonWebToken(email string) (*string, error) {
 
-	var jwt ElionaJwt = ElionaJwt{}
+	var (
+		err      error
+		version  string
+		jwt      ElionaJwt = ElionaJwt{}
+		jwtQuery string
+	)
+
+	db := getDb()
+
+	// find version
+	row := db.QueryRow("SELECT version FROM versioning.latest_version WHERE app_name = 'public'")
+	if row == nil {
+		return nil, row.Err()
+	}
+	err = row.Scan(&version)
+	if row == nil {
+		return nil, err
+	}
+
+	// before v10 docker matching images are available.
+	if strings.Contains(version, "v10.") {
+		log.Debug(LOG_REGIO, "eliona v10")
+		jwtQuery = OTHERS_GET_JWT_QUERY_V10
+	} else {
+		// assume, that the version is newer (with ACL)
+		jwtQuery = OTHERS_GET_JWT_QUERY_V11
+	}
 
-	row := getDb().QueryRow("(SELECT public.make_jwt(jwt,secret) "+
-		"FROM  public.eliona_user u JOIN public.eliona_secret "+
-		"USING (schema), public.claim_jwt(role, now() + validity,user_id,null) jwt "+
-		"WHERE lower(u.email) = lower($1) AND NOT u.archived)", email)
+	row = db.QueryRow(jwtQuery, email)
 
 	if row == nil {
 		return nil, errors.New("returned row is nil")
 	} else if row.Err() != nil {
 		return nil, row.Err()
 	}
 
-	err := row.Scan(&jwt.Jwt)
+	err = row.Scan(&jwt.Jwt)
 
 	return &jwt.Jwt, err
 }

diff --git a/eliona/others_test.go b/eliona/others_test.go
@@ -23,7 +23,7 @@ import (
 )
 
 func TestApp_Others(t *testing.T) {
-	token, err := eliona.GetElionaJsonWebToken("sv#@eliona.io")
+	token, err := eliona.GetElionaJsonWebToken("su#@eliona.io")
 	if err != nil {
 		t.Error(err)
 	}

diff --git a/go.mod b/go.mod
@@ -4,9 +4,8 @@ go 1.20
 
 require (
 	github.com/crewjam/saml v0.4.13
-	github.com/eliona-smart-building-assistant/app-integration-tests v1.0.1
 	github.com/eliona-smart-building-assistant/go-eliona v1.9.16
-	github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.3-2
+	github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.4
 	github.com/eliona-smart-building-assistant/go-utils v1.0.38
 	github.com/friendsofgo/errors v0.9.2
 	github.com/go-test/deep v1.1.0
@@ -26,7 +25,6 @@ replace github.com/ericlagergren/decimal => github.com/ericlagergren/decimal v0.
 require (
 	github.com/beevik/etree v1.1.0 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gofrs/uuid v4.2.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
@@ -42,13 +40,11 @@ require (
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russellhaering/goxmldsig v1.2.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/stretchr/testify v1.8.4 // indirect
 	github.com/volatiletech/inflect v0.0.1 // indirect
 	github.com/volatiletech/randomize v0.0.1 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -123,12 +123,10 @@ github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4
 github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eliona-smart-building-assistant/app-integration-tests v1.0.1 h1:dlhkHbY4PQlgMBBIow6J9ns7EmCCm8bnHjZ0+e2+sAY=
-github.com/eliona-smart-building-assistant/app-integration-tests v1.0.1/go.mod h1:xEX9Kb1gMQ0rv+ATI0+jamikcEZ/fH6yMHLWauNUCK8=
 github.com/eliona-smart-building-assistant/go-eliona v1.9.16 h1:ycvJEiAM3G5yYcF4YRDfK1Bs5FZrUDUh0iPCBEgOoTE=
 github.com/eliona-smart-building-assistant/go-eliona v1.9.16/go.mod h1:ehuVQA1bNiSaCQV08QEwpoX7/F3rlGUTQzek/YPthFQ=
-github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.3-2 h1:9ZE39FoM2KmuID6eWeS2QxfkBXaTvNVfAoMyKHo01vQ=
-github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.3-2/go.mod h1:cyKWAhCHbCrKrpbX8BJjWrxQ9mWgk3HpjkU68wp2pao=
+github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.4 h1:IUH1kIKDSGXFomkLegLyF9cN2Swq0tWwlgPZgCxNOBk=
+github.com/eliona-smart-building-assistant/go-eliona-api-client/v2 v2.5.4/go.mod h1:cyKWAhCHbCrKrpbX8BJjWrxQ9mWgk3HpjkU68wp2pao=
 github.com/eliona-smart-building-assistant/go-utils v1.0.38 h1:XhvMXnX+rtGObxmf0+h4b6NW91hPzMmbk7TptafcOMM=
 github.com/eliona-smart-building-assistant/go-utils v1.0.38/go.mod h1:rmn9OFVA5ADax/tKPYR54e9P7Yi47VHF4RepCZxg4es=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -1066,7 +1064,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=