Closed (fixed)
Project:
simpleSAMLphp Authentication
Version:
8.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
7 Sep 2017 at 02:09 UTC
Updated:
15 Dec 2019 at 16:54 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
kerasai commentedPosting a patch with tests to verify bug.
Comment #4
kerasai commentedAdded group annotation to test.
Comment #6
kerasai commentedUpdated patch to include config schema to allow functional tests to install without errors in UI.
Comment #8
kerasai commentedAnother update to config schema.
Comment #10
kerasai commentedAnother update to the test so set a simpleSAMLphp config file.
Comment #12
kerasai commentedAdjustment to writing the config file.
Comment #13
kerasai commentedComment #14
kerasai commentedComment #16
kerasai commentedOne last adjustment to the test coverage.
Comment #17
kerasai commentedMissed the upload, here goes.
Comment #19
kerasai commentedAttached patch with updates to permission used in
simplesamlphp_auth.routing.yml.Comment #21
kerasai commentedThis is ready for a maintainer to review.
The patch in #17 is just test coverage which demonstrates this issue. See the failure for
AdminUiPageTestin the test results to see that the user with the applicable permission is served a 403 access denied response when accessing the administrative configuration page.The patch in #19 includes the functional fix. The access permissions in
simplesamlphp_auth.routing.ymlare updated appropriately and the user is now able to access the pages.Note regarding the test coverage: The test method writes a config file (if needed) into the simpleSAMLphp library. This is not ideal, but alternative is a fairly large change to allow the config file path to be specified. This could cause issues if the process running the test does not have access to write this file, but it works locally for me as well as in the drupal-ci environment. Also, the test cleans up the config file if it wrote it.
Comment #22
idebr commented@kerasai Thanks for working on this issue. I have reused your code to fix the simpletest to create a patch for #2898517: Fix Tests for 8.x-3.x-dev branch
Comment #23
snufkin commentedWould it make sense to break the patch up? I think introducing permission control is a no brainer fix, and thanks for highlighting the issue. I also see the point in the remaining changes, but it serves a different purpose and raises continuity questions (e.g. will existing sites break as a result, do we need to think about a migration path).
Comment #24
kerasai commentedRecalling this from (shaky) memory, it's been a while since I wrote this...
The primary change is the fix to permissions, to allow users to navigate to admin pages.
The secondary fix is only to get the tests to run. Specifically, config schema added to a few previously un-schema'd config values. The tests bomb during the module install without that change, as I believe the test bot is using a more-strict error tolerance than us normal folk. Assuming the additional schema is correct, these changes should have no affect on currently working environments and should fix environments where the installation is broken.
Comment #25
dakku commentedlooks good to me, unless anyone has objections, we can merge this?
Comment #26
idebr commentedI would suggest fixing the existing tests first at #2898517: Fix Tests for 8.x-3.x-dev branch and then reroll this patch. Then we can check if the added test coverage correctly checks if the configuration page is available when the user has the 'administer simplesamlphp authentication' permission.
Comment #27
dakku commentedHi Ide,
I can look to committing ticket #2898517. Would you be willing to re-roll this patch?
Comment #28
idebr commentedYes sure, I can do that :)
Comment #29
dakku commentedPerfect, thanks Idq, tests are now committed. Lets see if we can re-roll this patch please!
Comment #30
idebr commentedI rerolled the patch to remove the parts that were committed in #2898517: Fix Tests for 8.x-3.x-dev branch
Locally the test fails with the error:
Perhaps kerasai can have another look at the test, now that the existing tests are working again?
Comment #31
idebr commentedComment #32
berdirLooks like this is still an issue. The module now has a working test that uses a test module to fake the auth manager, should make it much easier to add checks for accessing those settings pages in that existing test.
Comment #33
idebr commented#32 Moved the test to the existing
\Drupal\Tests\simplesamlphp_auth\Functional\SimplesamlphpAuthTestComment #34
idebr commentedSwitched the base theme to classy, since the existing test relies on its html markup.
Comment #35
berdirThanks, looks good and as a bonus, gets rid of the last remaining deprecation message when running tests, great.