From cd003353188d5f17fb509dfb6bc16c4cab5ee3a0 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 19 Dec 2023 08:50:34 +0100
Subject: [PATCH] Hotfix the WebTests

The app_env override prevented the webtest from running in test env, as
the default is now always set to PROD. I fixed this by overriding the
parametesr.yaml for test.

Not the best solution, but works for now.

When @quartje's work is landing, and we start running the tests in a
dedicated test container, this work should be reverted partially.

Additionally I fixed an issue where the app-secret was set to the
app_env.
---
 .github/workflows/test-acceptance.yml         |  5 +++-
 config/openconext/parameters.yaml.test.dist   | 24 +++++++++++++++++++
 config/packages/framework.yaml                |  2 +-
 .../WebTests/DefaultControllerTest.php        |  2 +-
 4 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 config/openconext/parameters.yaml.test.dist

diff --git a/.github/workflows/test-acceptance.yml b/.github/workflows/test-acceptance.yml
index 2431a3f1..811d83a7 100644
--- a/.github/workflows/test-acceptance.yml
+++ b/.github/workflows/test-acceptance.yml
@@ -1,4 +1,4 @@
-name: Run acceptance tests (Behat)
+name: Run acceptance tests (WebTests & Behat)
 on: [pull_request]
 
 jobs:
@@ -19,6 +19,9 @@ jobs:
       - name: Copy certificate material
         run: mkdir /config && cp -r ./ci/config/* /config/
 
+      - name: Grab the right parameters.yaml
+        run: cp ./config/openconext/parameters.yaml.test.dist ./config/openconext/parameters.yaml
+
       - name: Composer install
         run: composer install
 
diff --git a/config/openconext/parameters.yaml.test.dist b/config/openconext/parameters.yaml.test.dist
new file mode 100644
index 00000000..0f9fb6d1
--- /dev/null
+++ b/config/openconext/parameters.yaml.test.dist
@@ -0,0 +1,24 @@
+parameters:
+    app_env: test
+    app_debug: false
+    app_secret: secret@example.com
+
+    support_url:
+        en_GB: "https://support.example.org/faq-strong-authentication"
+        nl_NL: "https://support.example.org/faq-sterke-authenticatie"
+    support_email: support@support.nl
+    locales:
+        - nl_NL
+        - en_GB
+    default_locale: en_GB
+
+
+    saml_idp_publickey: '/config/azuremfa/azuremfa_idp.crt'
+    saml_idp_privatekey: '/config/azuremfa/azuremfa_idp.key'
+    saml_metadata_publickey: '/config/azuremfa/azuremfa_idp.crt'
+    saml_metadata_privatekey: '/config/axuremfa/azuremfa_idp.key'
+    saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/azuremfa/metadata'
+    saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt'
+    saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/azuremfa/consume-assertion'
+# Authentication issuers matching this regex will send ForceAuthn to the Azure MFA. The at sign is used as delimiter, be sure to escape the first sign as Symfony would see it as a reference to a service.
+    ra_issuer_entity_id_regex: '@@^https://(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/vetting-procedure/gssf/azuremfa/metadata$@'
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 221ae952..969388f9 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -3,7 +3,7 @@ framework:
     trusted_proxies: '192.0.0.1,10.0.0.0/8'
     trusted_headers: [ 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix' ]
 
-    secret: '%app_env%'
+    secret: '%app_secret%'
     csrf_protection: true
     http_method_override: true
     error_controller: Surfnet\AzureMfa\Infrastructure\Controller\ExceptionController::show
diff --git a/tests/Functional/WebTests/DefaultControllerTest.php b/tests/Functional/WebTests/DefaultControllerTest.php
index caf9c175..49dcde08 100644
--- a/tests/Functional/WebTests/DefaultControllerTest.php
+++ b/tests/Functional/WebTests/DefaultControllerTest.php
@@ -24,7 +24,7 @@ class DefaultControllerTest extends WebTestCase
     public function testIndex()
     {
         $client = static::createClient();
-        $crawler = $client->request('GET', '/');
+        $crawler = $client->request('GET', 'https://azuremfa.dev.openconext.local');
         $this->assertEquals(200, $client->getInternalResponse()->getStatusCode());
         $this->assertStringContainsString('Welcome to the Azure MFA', $crawler->filter('h2')->text());
     }