test(integration): reorganize Hurl integration tests

lib/http_server/src/templates/pages/register.html

@@ -9,8 +9,9 @@
 {% endif %}
 {% if success %}
 <div class="alert alert-success">
-    If all the information you submitted are valid and unique, you're account
-    has been created and we've sent you a confirmation email.
+    If all the information you submitted are valid and unique,
+    you're account has been created and
+    we've sent you a confirmation email.
 </div>
 {% endif %}
 <form id="register-form" method="post">

tests/hurl_integration/run_all_scenarios.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/sh
+
+set -eou pipefail
+
+project_root="$(dirname $(cargo locate-project | jq -r .root))"
+scenarios_dir="$project_root/tests/hurl_integration/scenarios"
+
+ls -1 $scenarios_dir | while read line
+do
+   $project_root/tests/hurl_integration/run_scenario.sh $line
+done
+

tests/hurl_integration/run_scenario.sh

@@ -4,7 +4,7 @@ set -eou pipefail
 
 scenario_name="$1"
 project_root="$(dirname $(cargo locate-project | jq -r .root))"
-scenario_dir="$project_root/tests/hurl_integration/$1"
+scenario_dir="$project_root/tests/hurl_integration/scenarios/$scenario_name"
 scenario_tmp_dir_path="$project_root/tmp/tests/$scenario_name"
 database_path="$project_root/tmp/tests/$scenario_name/minauthator.db"
 

tests/hurl_integration/scenarios/authorizations_management/config.toml

@@ -0,0 +1,32 @@
+signing_key = "tmp/secrets/signing.key"
+
+[instance]
+base_uri = "http://localhost:8086"
+name = "Example org"
+logo_uri = "https://example.org/logo.png"
+
+[[applications]]
+slug = "demo_app"
+name = "Demo app"
+description = "A super application where you can do everything you want."
+client_id = "00000001-0000-0000-0000-000000000001"
+client_secret = "dummy_client_secret"
+login_uri = "https://localhost:9876"
+allowed_redirect_uris = [
+    "http://localhost:9090/callback",
+    "http://localhost:9876/callback"
+]
+visibility = "Internal"
+authorize_flow = "Implicit"
+
+[[roles]]
+slug = "basic"
+name = "Basic"
+description = "Basic user"
+default = true
+
+[[roles]]
+slug = "admin"
+name = "Administrator"
+description = "Full power on organization instance"
+

tests/hurl_integration/scenarios/authorizations_management/init_db.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/bash
+
+password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
+echo $password_hash
+SQL=$(cat <<EOF
+    INSERT INTO users
+        (id, handle, email, roles, status, password_hash, created_at)
+    VALUES
+        ('$(uuid)', 'root', 'root@example.org', '[]', 'Active', '$password_hash', '2024-11-30T00:00:00Z');
+EOF)
+echo $SQL | sqlite3 $DB_PATH

tests/hurl_integration/scenarios/authorizations_management/main.hurl

@@ -0,0 +1,52 @@
+# Login into account
+POST {{ base_url }}/login
+[FormParams]
+login: root
+password: root
+HTTP 303
+[Captures]
+user_jwt: cookie "minauthator_jwt"
+[Asserts]
+cookie "minauthator_jwt" exists
+cookie "minauthator_jwt[Value]" contains "eyJ0"
+cookie "minauthator_jwt[SameSite]" == "Lax"
+
+# Assert that we have currently no authorizations
+GET {{ base_url }}/me/authorizations
+HTTP 200
+[Asserts]
+xpath "string(///h1)" == "Your authorizations"
+xpath "string(///i)" == "You didn't authorized or accessed any applications for now."
+
+# OAuth2 implicit flow (pre-granted app)
+GET {{ base_url }}/authorize
+[QueryStringParams]
+client_id: 00000001-0000-0000-0000-000000000001
+response_type: code
+redirect_uri: http://localhost:9090/callback
+state: Afk4kf6pbZkms78jM
+scope: user_read_basic
+HTTP 302
+[Captures]
+authorization_code: header "Location" regex "\\?code=(.*)&"
+
+# OAuth2 get access token
+POST {{ base_url }}/api/token
+[BasicAuth]
+00000001-0000-0000-0000-000000000001: dummy_client_secret
+[FormParams]
+code: {{ authorization_code }}
+scope: user_read_basic
+redirect_uri: http://localhost:9090/callback
+grant_type: authorization_code
+HTTP 200
+[Captures]
+access_token: jsonpath "$.access_token"
+
+# Asserts that the new authorization is listed
+GET {{ base_url }}/me/authorizations
+HTTP 200
+[Asserts]
+xpath "string(///h1)" == "Your authorizations"
+xpath "string(///main/ul/li)" contains "UserReadBasic"
+

tests/hurl_integration/scenarios/oidc_core/main.hurl

@@ -7,6 +7,7 @@ jsonpath "$.issuer" exists
 jsonpath "$.jwks_uri" exists
 jsonpath "$.id_token_signing_alg_values_supported[0]" == "RS256"
 
+# Assert that the server is publishing its public keys
 GET {{ base_url }}/.well-known/jwks
 HTTP 200
 Content-Type: application/json
@@ -36,7 +37,7 @@ HTTP 302
 [Captures]
 authorization_code: header "Location" regex "\\?code=(.*)&"
 
-# OIDC Token exchange (from the standpoint of the OIDC client)
+# Asserts that the OIDC Token exchange is working normally (from the standpoint of the OIDC client)
 POST {{ base_url }}/api/token
 [BasicAuth]
 00000001-0000-0000-0000-000000000001: dummy_client_secret
@@ -53,6 +54,16 @@ jsonpath "$.id_token" exists
 jsonpath "$.id_token" matches "eyJ[[:alpha:]0-9].[[:alpha:]0-9].[[:alpha:]0-9]"
 [Captures]
 id_token: jsonpath "$.id_token"
+access_token: jsonpath "$.access_token"
+
+# Asserts that the OIDC client can fetch the userinfo.
+GET {{ base_url }}/api/user
+Authorization: JWT {{ access_token }}
+HTTP 200
+Content-Type: application/json
+[Asserts]
+jsonpath "$.handle" == "john.doe"
+jsonpath "$.email" == "john.doe@example.org"
 
 # TODO: assert id_token JWT claims fields
 # TODO: contribute to hurl to add JWT extraction and assertion

tests/hurl_integration/scenarios/registration/config.toml

@@ -0,0 +1,10 @@
+signing_key = "tmp/secrets/signing.key"
+
+applications = []
+
+roles = []
+
+[instance]
+base_uri = "http://localhost:8086"
+name = "Example org"
+logo_uri = "https://example.org/logo.png"

tests/hurl_integration/scenarios/registration/main.hurl

@@ -0,0 +1,17 @@
+# Asserts that registration is working
+POST {{ base_url }}/register
+[FormParams]
+email: john.doe@example.org
+handle: john.doe
+password: mysupersecretpassword
+HTTP 200
+[Asserts]
+xpath "string(///div[@class='alert alert-success'])" contains "account has been created"
+
+# Asserts that login is possible with new user
+POST {{ base_url }}/login
+[FormParams]
+login: john.doe
+password:  mysupersecretpassword
+HTTP 303
+

tests/hurl_integration/scenarios/user_details/main.hurl

@@ -3,6 +3,7 @@ HTTP 200
 [Asserts]
 jsonpath "$.software" == "Minauthator"
 
+# Login into account
 POST {{ base_url }}/login
 [FormParams]
 login: root
@@ -15,12 +16,14 @@ cookie "minauthator_jwt" exists
 cookie "minauthator_jwt[Value]" contains "eyJ0"
 cookie "minauthator_jwt[SameSite]" == "Lax"
 
+# Get current details
 GET {{ base_url }}/me
 HTTP 200
 Content-Type: text/html; charset=utf-8
 [Asserts]
 xpath "string(///h1)" == "Welcome root!"
 
+# Change the profile picture
 POST {{ base_url }}/me/details-form
 [MultipartFormData]
 handle: root
@@ -30,6 +33,7 @@ website: https://johndoe.net
 avatar: file,john_doe_profile_pic.jpg; image/jpeg
 HTTP 200
 
+# Assert that we have currently no authorizations
 GET {{ base_url }}/me/authorizations
 HTTP 200
 [Asserts]
@@ -76,12 +80,6 @@ Content-Type: application/json
 jsonpath "$.handle" == "root"
 jsonpath "$.email" == "root@johndoe.net"
 
-GET {{ base_url }}/me/authorizations
-HTTP 200
-[Asserts]
-xpath "string(///h1)" == "Your authorizations"
-xpath "string(///main/ul/li)" contains "UserReadBasic"
-
 GET {{ base_url }}/logout
 HTTP 303
 [Asserts]