Merge pull request #347 from silinternational/develop

Release 6.7.6 - Add test for logging in when WebAuthn API is unusable

README.md

@@ -64,7 +64,9 @@ The API is described by [api.raml](api.raml), and an auto-generated [api.html](a
 
 ## Running tests interactively locally
 1. Run `make testcli` to build and start needed containers and drop you in a shell
-2. Run desired tests, example: `./vendor/bin/behat features/authentication.feature`
+2. Run desired tests. Examples:
+   * `./vendor/bin/behat features/authentication.feature`
+   * `./vendor/bin/behat features/authentication.feature:298`
 
 ## Google Analytics Calls
 Calls are made to Google Analytics regarding users' mfas and whether a password has been pwned.

actions-services.yml

@@ -16,7 +16,12 @@ services:
             - u2fsim
         working_dir: /data
         environment:
+            API_KEY_TABLE: ApiKey
             APP_ENV: test
+            AWS_ENDPOINT: dynamo:8000
+            AWS_DEFAULT_REGION: us-east-1
+            AWS_ACCESS_KEY_ID: abc123
+            AWS_SECRET_ACCESS_KEY: abc123
             EMAIL_SERVICE_accessToken: fake-abc-123
             EMAIL_SERVICE_assertValidIp: "false"
             EMAIL_SERVICE_baseUrl: http://email

application/behat.yml

@@ -2,49 +2,52 @@ default:
     suites:
         common_features:
             paths:
-                - "%paths.base%/features/authentication.feature"
-                - "%paths.base%/features/password.feature"
-                - "%paths.base%/features/user.feature"
-                - "%paths.base%/features/user-unit-tests.feature"
-                - "%paths.base%/features/user-search.feature"
+                - "features/password.feature"
+                - "features/user.feature"
+                - "features/user-unit-tests.feature"
+                - "features/user-search.feature"
             contexts: [ FeatureContext, Sil\SilIdBroker\Behat\Context\UnitTestsContext ]
         analytics_features:
             paths:
-                - "%paths.base%/features/analytics.feature"
+                - "features/analytics.feature"
             contexts: [ FeatureContext, Sil\SilIdBroker\Behat\Context\AnalyticsContext ]
+        authentication_features:
+            paths:
+                - "features/authentication.feature"
+            contexts: [ Sil\SilIdBroker\Behat\Context\AuthenticationContext ]
         email_features:
             paths:
-                - "%paths.base%/features/email.feature"
+                - "features/email.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\EmailContext ]
         hibp_unit_tests_features:
             paths:
-                - "%paths.base%/features/hibp-unit-tests.feature"
+                - "features/hibp-unit-tests.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\HibpUnitTestsContext ]
         invite_features:
             paths:
-                - "%paths.base%/features/invite.feature"
+                - "features/invite.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\UnitTestsContext ]
         method_features:
             paths:
-                - "%paths.base%/features/method.feature"
+                - "features/method.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\MethodContext ]
         mfa_features:
             paths:
-                - "%paths.base%/features/mfa.feature"
+                - "features/mfa.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\MfaContext ]
         mfa_rate_limit_features:
             paths:
-                - "%paths.base%/features/mfa-rate-limit.feature"
+                - "features/mfa-rate-limit.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\MfaRateLimitContext ]
         mfa_unit_tests_features:
             paths:
-                - "%paths.base%/features/mfa-unit-tests.feature"
+                - "features/mfa-unit-tests.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\MfaUnitTestsContext ]
         mysql_date_time_features:
             paths:
-                - "%paths.base%/features/mysql-date-time.feature"
+                - "features/mysql-date-time.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\MySqlDateTimeContext ]
         sheets_unit_tests_features:
             paths:
-                - "%paths.base%/features/sheets-unit-tests.feature"
+                - "features/sheets-unit-tests.feature"
             contexts: [ Sil\SilIdBroker\Behat\Context\SheetsUnitTestsContext ]

application/composer.json

@@ -29,6 +29,7 @@
     "notamedia/yii2-sentry": "^1.7"
   },
   "require-dev": {
+    "aws/aws-sdk-php": "~3.288.1",
     "behat/behat": "^3.3",
     "roave/security-advisories": "dev-master",
     "webmozart/assert": "^1.2",

application/features/authentication.feature

@@ -294,3 +294,19 @@ Feature: Authentication
     Then the response status code should be 200
     And The user's current password should be marked as pwned
     And The user's password is expired
+
+  Scenario Outline: Successfully authenticating even if the WebAuthn MFA API is unusable
+    Given "shep_clark" has a valid WebAuthn MFA method
+      And I provide the following valid data:
+        | property  | value        |
+        | username  | shep_clark   |
+        | password  | govols!!!    |
+      And we have the <rightOrWrongPassword> for the WebAuthn MFA API
+    When I request "/authentication" be created
+    Then the response status code should be 200
+      And the response body should <containPublicKeyOrNot>
+
+    Examples:
+      | rightOrWrongPassword | containPublicKeyOrNot   |
+      | wrong password       | not contain "publicKey" |
+      | right password       | contain "publicKey"     |