Skip to content

Remove OIDC form-action CSP assertions from account creation specs #11025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aduth merged 2 commits into from
Aug 2, 2024
Merged

Remove OIDC form-action CSP assertions from account creation specs #11025

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7f5a88f
Remove OIDC form-action CSP assertions from account creation specs
aduth Aug 2, 2024
70a3810
Remove PIV/CAC sign-up CSP assertions
aduth Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 3 additions & 88 deletions spec/support/shared_examples/account_creation.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,38 +1,9 @@
RSpec.shared_examples 'creating an account with the site in Spanish' do |sp|
it 'redirects to the SP with SP URIs in form-action CSP if enabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(true)
it 'redirects to the SP', email: true do
Capybara.current_session.driver.header('Accept-Language', 'es')
visit_idp_from_sp_with_ial1(sp)
register_user

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\' http://localhost:7654'))
end

click_agree_and_continue
if :sp == :saml
expect(current_url).to eq UriService.add_params(@saml_authn_request, locale: :es)
elsif sp == :oidc
redirect_uri = URI(oidc_redirect_url)

expect(redirect_uri.to_s).to start_with('http://localhost:7654/auth/result')
end
end

it 'redirects to the SP without SP URIs in form-action CSP if disabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(false)
Capybara.current_session.driver.header('Accept-Language', 'es')
visit_idp_from_sp_with_ial1(sp)
register_user

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\''))
end

click_agree_and_continue
if :sp == :saml
expect(current_url).to eq UriService.add_params(@saml_authn_request, locale: :es)
Expand All @@ -45,38 +16,10 @@
end

RSpec.shared_examples 'creating an account using authenticator app for 2FA' do |sp|
it 'redirects to the SP with SP URIs in form-action CSP if enabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(true)
visit_idp_from_sp_with_ial1(sp)
register_user_with_authenticator_app

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\' http://localhost:7654'))
end

click_agree_and_continue
expect(current_url).to eq complete_saml_url if sp == :saml

if sp == :oidc
redirect_uri = URI(oidc_redirect_url)

expect(redirect_uri.to_s).to start_with('http://localhost:7654/auth/result')
end
end

it 'redirects to the SP without SP URIs in form-action CSP if disabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(false)
it 'redirects to the SP', email: true do
visit_idp_from_sp_with_ial1(sp)
register_user_with_authenticator_app

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\''))
end

click_agree_and_continue
expect(current_url).to eq complete_saml_url if sp == :saml

Expand Down Expand Up @@ -114,38 +57,10 @@
end

RSpec.shared_examples 'creating an account using PIV/CAC for 2FA' do |sp|
it 'redirects to the SP with SP URIs in form-action CSP if enabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(true)
it 'redirects to the SP', email: true do
visit_idp_from_sp_with_ial1(sp)
register_user_with_piv_cac

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\' http://localhost:7654'))
end

click_agree_and_continue
expect(current_url).to eq complete_saml_url if sp == :saml

if sp == :oidc
redirect_uri = URI(oidc_redirect_url)

expect(redirect_uri.to_s).to start_with('http://localhost:7654/auth/result')
end
end

it 'redirects to the SP without SP URIs in form-action CSP if disabled', email: true do
allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled).
and_return(false)
visit_idp_from_sp_with_ial1(sp)
register_user_with_piv_cac

if sp == :oidc
expect(page.response_headers['Content-Security-Policy']).
to(include('form-action \'self\''))
end

click_agree_and_continue
expect(current_url).to eq complete_saml_url if sp == :saml

Expand Down