From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 23 Feb 2021 04:56:39 +0000 (-0800)
Subject: test multi-domain logins in F5 tests
X-Git-Tag: v8.20~325^2~5
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=8fa40ee4328c0733b29724aecf48414d290bc9f5;p=users%2Fdwmw2%2Fopenconnect.git

test multi-domain logins in F5 tests

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/tests/f5-auth-and-config b/tests/f5-auth-and-config
index c70eeb76..fb900cc5 100755
--- a/tests/f5-auth-and-config
+++ b/tests/f5-auth-and-config
@@ -41,6 +41,12 @@ echo -n "Authenticating with username/password... "
 
 echo ok
 
+echo -n "Authenticating with username/password/authgroup... "
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443/?domains=xyz,abc,def --authgroup=abc -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
+    fail $PID "Could not receive cookie from fake F5 server"
+
+echo ok
+
 echo -n "Authenticating with username/password, then proceeding to tunnel stage... "
 echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=f5 -q $ADDRESS:443 -u test $FINGERPRINT >/dev/null 2>&1
 test $? = 2 || # what OpenConnect returns when server rejects cookie upon tunnel connection, as the fake server does
diff --git a/tests/fake-f5-server.py b/tests/fake-f5-server.py
index 88a5eb69..b37b22a5 100755
--- a/tests/fake-f5-server.py
+++ b/tests/fake-f5-server.py
@@ -78,9 +78,11 @@ def check_form_against_session(*fields, use_query=False):
 ########################################
 
 # Respond to initial 'GET /' with a redirect to '/my.policy'
+# [Save list of domains/authgroups in the session for use later]
 @app.route('/')
 def root():
-    session.update(step='initial-GET')
+    domains = request.args.get('domains')
+    session.update(step='initial-GET', domains=domains and domains.split(','))
     # print(session)
     return redirect(url_for('get_policy'))
 
@@ -89,18 +91,29 @@ def root():
 @app.route('/my.policy')
 def get_policy():
     session.update(step='GET-login-form')
+    domains = session.get('domains')
+    sel = ''
+    if domains:
+        sel = '<select name="domain">%s</select>' % ''.join(
+            '<option value="%d">%s</option>' % nv for nv in enumerate(domains))
+
     return '''
 <html><body><form id="auth_form" method="post">
 <input type="text" name="username"/>
 <input type="password" name="password"/>
-</form></body></html>'''
+%s</form></body></html>''' % sel
 
 
 # Respond to 'POST /my.policy with a redirect response containing MRHSession and F5_ST
 # cookies (OpenConnect uses the combination of the two to detect successful authentication)
 @app.route('/my.policy', methods=['POST'])
 def post_policy():
-    session.update(step='POST-login', username=request.form.get('username'), credential=request.form.get('password'))
+    domains = session.get('domains')
+    if domains:
+        assert 0 <= int(request.form.get('domain',-1)) < len(domains)
+    session.update(step='POST-login', username=request.form.get('username'),
+                   credential=request.form.get('password'),
+                   domain=request.form.get('domain'))
     # print(session)
 
     resp = redirect(url_for('webtop'))