Configure fakeportal with tls

Author: MarcialRosales

selenium/bin/components/fakeportal

@@ -15,7 +15,10 @@ ensure_fakeportal() {
 }
 
 init_fakeportal() {
-  FAKEPORTAL_URL=${FAKEPORTAL_URL:-http://fakeportal:3000}
+  FAKEPORTAL_URL=${FAKEPORTAL_URL:-https://fakeportal:3000}
+  FAKEPORTAL_CONFIG_PATH=${FAKEPORTAL_CONFIG_PATH:-oauth/fakeportal}
+  FAKEPORTAL_CONFIG_DIR=$(realpath ${TEST_DIR}/${FAKEPORTAL_CONFIG_PATH})
+
   FAKEPORTAL_DIR=${SCRIPT}/../../fakeportal
   CLIENT_ID="${CLIENT_ID:-rabbit_idp_user}"
   CLIENT_SECRET="${CLIENT_SECRET:-rabbit_idp_user}"
@@ -32,6 +35,9 @@ init_fakeportal() {
   print "> CLIENT_ID: ${CLIENT_ID}"
   print "> CLIENT_SECRET: ${CLIENT_SECRET}"
   print "> RABBITMQ_URL: ${RABBITMQ_URL}"
+
+  generate-ca-server-client-kpi fakeportal $FAKEPORTAL_CONFIG_DIR
+
 }
 start_fakeportal() {
   begin "Starting fakeportal ..."
@@ -40,6 +46,10 @@ start_fakeportal() {
   kill_container_if_exist fakeportal
   mocha_test_tag=($(md5sum $SELENIUM_ROOT_FOLDER/package.json))
 
+  MOUNT_FAKEPORTAL_CONF_DIR=$CONF_DIR/fakeportal
+  mkdir -p $MOUNT_FAKEPORTAL_CONF_DIR
+  cp ${FAKEPORTAL_CONFIG_DIR}/*.pem $MOUNT_FAKEPORTAL_CONF_DIR
+
   docker run \
     --detach \
     --name fakeportal \
@@ -53,6 +63,7 @@ start_fakeportal() {
     --env CLIENT_SECRET="${CLIENT_SECRET}" \
     --env NODE_EXTRA_CA_CERTS=/etc/uaa/ca_uaa_certificate.pem \
     -v ${TEST_CONFIG_PATH}/uaa:/etc/uaa \
+    -v ${MOUNT_FAKEPORTAL_CONF_DIR}:/etc/fakeportal \
     -v ${FAKEPORTAL_DIR}:/code/fakeportal \
     mocha-test:${mocha_test_tag} run fakeportal
 

selenium/bin/suite_template

@@ -227,7 +227,7 @@ wait_for_url_local() {
   url=$1
   max_retry=10
   counter=0
-  until (curl -L -f -v $url >/dev/null 2>&1)
+  until (curl -k -L -f -v $url >/dev/null 2>&1)
   do
     print "Waiting for $url to start (local)"
     sleep 5

selenium/fakeportal/app.js

@@ -1,5 +1,7 @@
 const express = require("express");
 const app = express();
+const fs = require('fs');
+const https = require('https');
 var path = require('path');
 const XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest
 
@@ -15,19 +17,36 @@ app.set('views', path.join(__dirname, 'views'));
 app.set('view engine', 'html');
 
 app.get('/', function(req, res){
-  let id =  default_if_blank(req.query.client_id, client_id);
-  let secret =  default_if_blank(req.query.client_secret, client_secret);
-  res.render('rabbitmq', {
-    proxied_url: proxied_rabbitmq_url,
-    url: rabbitmq_url.replace(/\/?$/, '/') + "login",
-    name: rabbitmq_url + " for " + id,
-    access_token: access_token(id, secret)
-  });
-});
+  let id =  default_if_blank(req.query.client_id, client_id)
+  let secret =  default_if_blank(req.query.client_secret, client_secret)
+  if (id == 'undefined' || secret == 'undefined') {
+    res.render('unauthenticated')
+  }else {
+    res.render('rabbitmq', {
+      proxied_url: proxied_rabbitmq_url,
+      url: rabbitmq_url.replace(/\/?$/, '/') + "login",
+      name: rabbitmq_url + " for " + id,
+      access_token: access_token(id, secret)
+    })
+  }
+})
+
 app.get('/favicon.ico', (req, res) => res.status(204));
 
+app.get('/logout', function(req, res) {
+  res.redirect( uaa_url + '/logout.do?redirect=' + req.protocol + '://' + req.get('host') + "/");
+})
+
+https
+  .createServer(
+    {
+      cert: fs.readFileSync('/etc/fakeportal/server_fakeportal_certificate.pem'),
+      key: fs.readFileSync('/etc/fakeportal/server_fakeportal_key.pem')
+    },
+    app
+  )
+  .listen(port)
 
-app.listen(port);
 console.log('Express started on port ' + port);
 
 function default_if_blank(value, defaultValue) {

selenium/fakeportal/views/unauthenticated.html

@@ -0,0 +1,18 @@
+<h1> FakePortal </h1>
+
+<p>This is a portal used to test <b>Identity-Provider-based authentication</b>.
+This means users comes to RabbitMQ with a token already obtained without involving RabbitMQ
+management ui.
+</p>
+
+<p>This is the state of the Portal when the user is not authenticated yet.</p>
+<p>To get the fakeportal fully authenticated, pass two request parameters:
+  <ul>
+    <li>client_id</li>
+    <li>client_secret</li>
+  </ul> 
+ These credentitals are used to get an access token from UAA and send it to 
+RabbitMQ. 
+</p>
+
+

selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa.sh

@@ -4,7 +4,8 @@ SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 TEST_CASES_PATH=/oauth/with-idp-initiated
 TEST_CONFIG_PATH=/oauth
-PROFILES="uaa idp-initiated uaa-oauth-provider fakeportal-mgt-oauth-provider"
+PROFILES="uaa uaa-oauth-provider idp-initiated fakeportal-mgt-oauth-provider"
 
 source $SCRIPT/../../bin/suite_template $@
 runWith uaa fakeportal
+#runWith fakeportal

selenium/test/oauth/env.docker.fakeportal

@@ -1,3 +1,3 @@
-export FAKEPORTAL_URL=http://fakeportal:3000
+export FAKEPORTAL_URL=https://fakeportal:3000
 export RABBITMQ_HOST_FOR_FAKEPORTAL=${RABBITMQ_HOST}
 export UAA_URL_FOR_FAKEPORTAL=https://uaa:8443

selenium/test/oauth/env.local.fakeportal

@@ -1,3 +1,3 @@
-export FAKEPORTAL_URL=http://localhost:3000
+export FAKEPORTAL_URL=https://fakeportal:3000
 export RABBITMQ_HOST_FOR_FAKEPORTAL=localhost:15672
 export UAA_URL_FOR_FAKEPORTAL=https://uaa:8443

selenium/test/oauth/fakeportal/openssl.cnf.in

@@ -0,0 +1,3 @@
+[ client_alt_names ]
+email.1 = rabbit_client@localhost
+URI.1 = rabbit_client_id_uri

selenium/test/oauth/rabbitmq.idp-initiated.conf

@@ -1 +1,3 @@
 management.oauth_initiated_logon_type = idp_initiated
+
+auth_oauth2.end_session_endpoint = ${FAKEPORTAL_URL}/logout

selenium/test/oauth/rabbitmq.uaa-mgt-oauth-provider.conf

@@ -1,2 +1,4 @@
 # uaa requires a secret in order to renew tokens
 management.oauth_provider_url = ${UAA_URL}
+# uaa requires a secret in order to renew tokens
+management.oauth_client_secret = ${OAUTH_CLIENT_SECRET}

selenium/test/oauth/rabbitmq.uaa-oauth-provider.conf

@@ -1,5 +1,3 @@
-# uaa requires a secret in order to renew tokens
-management.oauth_client_secret = ${OAUTH_CLIENT_SECRET}
 
 # configure static signing keys and the oauth provider used by the plugin
 auth_oauth2.default_key = ${OAUTH_SIGNING_KEY_ID}

selenium/test/oauth/with-idp-initiated-via-proxy/happy-login.js

@@ -8,9 +8,7 @@ const OverviewPage = require('../../pageobjects/OverviewPage')
 describe('A user with a JWT token', function () {
   let overview
   let captureScreen
-  let token
-  let fakePortal
-
+  
   before(async function () {
     driver = buildDriver()
     overview = new OverviewPage(driver)

selenium/test/oauth/with-idp-initiated-via-proxy/logout.js

@@ -0,0 +1,36 @@
+const { By, Key, until, Builder } = require('selenium-webdriver')
+require('chromedriver')
+const assert = require('assert')
+const { buildDriver, goToHome, captureScreensFor, teardown, idpLoginPage } = require('../../utils')
+
+const SSOHomePage = require('../../pageobjects/SSOHomePage')
+const OverviewPage = require('../../pageobjects/OverviewPage')
+
+describe('When a logged in user', function () {
+  let overview
+  let homePage
+  let captureScreen
+  let idpLogin
+
+  before(async function () {
+    driver = buildDriver()
+    overview = new OverviewPage(driver)
+    captureScreen = captureScreensFor(driver, __filename)
+    await goToHome(driver);
+    await overview.isLoaded()
+    assert.equal(await overview.getUser(), 'User rabbit_idp_user')    
+  })
+
+  it('logs out', async function () {
+    await homePage.clickToLogin()
+    await idpLogin.login('rabbit_admin', 'rabbit_admin')
+    await overview.isLoaded()
+    await overview.logout()
+    await homePage.isLoaded()
+
+  })
+
+  after(async function () {
+    await teardown(driver, this, captureScreen)
+  })
+})

selenium/test/oauth/with-idp-initiated/happy-login.js

@@ -1,15 +1,14 @@
 const { By, Key, until, Builder } = require('selenium-webdriver')
 require('chromedriver')
 const assert = require('assert')
-const { buildDriver, goToLogin, goTo, tokenFor, captureScreensFor, teardown } = require('../../utils')
+const { buildDriver, captureScreensFor, teardown } = require('../../utils')
 
 const OverviewPage = require('../../pageobjects/OverviewPage')
 const FakePortalPage = require('../../pageobjects/FakePortalPage')
 
 describe('A user with a JWT token', function () {
   let overview
   let captureScreen
-  let token
   let fakePortal
 
   before(async function () {

selenium/test/pageobjects/FakePortalPage.js

@@ -3,15 +3,15 @@ const { By, Key, until, Builder } = require('selenium-webdriver')
 const BasePage = require('./BasePage')
 
 const FORM = By.css('form#login_form')
-const FAKE_PORTAL_URL = process.env.FAKE_PORTAL_URL || 'http://localhost:3000'
+const FAKEPORTAL_URL = process.env.FAKEPORTAL_URL || 'https://localhost:3000'
 
 module.exports = class FakePortalPage extends BasePage {
   async isLoaded () {
     return this.waitForDisplayed(FORM)
   }
 
   async goToHome(client_id = undefined, client_secret = undefined) {
-    const url = new URL(FAKE_PORTAL_URL);
+    const url = new URL(FAKEPORTAL_URL);
     if (typeof client_id !== 'undefined') url.searchParams.append("client_id", client_id);
     if (typeof client_secret !== 'undefined') url.searchParams.append("client_secret", client_secret);
     return this.driver.get(url.href);