OPENEUROPA-1501: Implement configuration UI for Authentication.

behat.yml.dist

@@ -5,7 +5,9 @@ default:
         - %paths.base%/tests/features
       contexts:
         - Drupal\DrupalExtension\Context\MinkContext
+        - Drupal\DrupalExtension\Context\ConfigContext
         - Drupal\DrupalExtension\Context\DrupalContext
+        - Drupal\DrupalExtension\Context\MessageContext
         - Drupal\Tests\oe_authentication\Behat\AuthenticationContext
   extensions:
     Behat\MinkExtension:
@@ -20,5 +22,7 @@ default:
       api_driver: "drupal"
       drupal:
         drupal_root: "${drupal.root}"
+      selectors:
+        message_selector: ".messages"
   formatters:
     progress: ~

composer.json

@@ -21,9 +21,10 @@
         "nikic/php-parser": "~3.0",
         "openeuropa/code-review": "~1.0.0-alpha4",
         "openeuropa/drupal-core-require-dev": "^8.6",
-        "openeuropa/task-runner": "~1.0-beta3",
+        "openeuropa/task-runner": "~1.0-beta4",
         "symfony/browser-kit": "~3.0||~4.0",
-        "phpunit/phpunit": "~6.0"
+        "phpunit/phpunit": "~6.0",
+        "symfony/dom-crawler": "~3.4"
     },
     "scripts": {
         "post-install-cmd": "./vendor/bin/run drupal:site-setup",

oe_authentication.links.menu.yml

@@ -0,0 +1,5 @@
+oe_authentication.settings:
+  title: Authentication settings
+  description: 'Configure Authentication settings.'
+  route_name: oe_authentication.settings
+  parent: system.admin_config_system

oe_authentication.permissions.yml

@@ -0,0 +1,3 @@
+administer authentication configuration:
+  title: 'Administer Authentication configuration'
+  restrict access: false

oe_authentication.routing.yml

@@ -0,0 +1,7 @@
+oe_authentication.settings:
+  path: '/admin/config/system/oe_authentication'
+  defaults:
+    _form: 'Drupal\oe_authentication\Form\AuthenticationSettingsForm'
+    _title: 'Authentication settings'
+  requirements:
+    _permission: 'administer authentication configuration'

runner.yml.dist

@@ -16,6 +16,7 @@ drupal:
     - "./vendor/bin/drush en config_devel -y"
     # Enable the modules.
     - "./vendor/bin/drush en oe_authentication -y"
+    - "./vendor/bin/drush pmu big_pipe -y"
     - "./vendor/bin/drush cr"
   settings:
     settings:

src/Form/AuthenticationSettingsForm.php

@@ -0,0 +1,80 @@
+<?php
+
+declare(strict_types = 1);
+
+namespace Drupal\oe_authentication\Form;
+
+use Drupal\Core\Form\ConfigFormBase;
+use Drupal\Core\Form\FormStateInterface;
+
+/**
+ * Settings form for module.
+ */
+class AuthenticationSettingsForm extends ConfigFormBase {
+
+  /**
+   * Name of the config being edited.
+   */
+  const CONFIGNAME = 'oe_authentication.settings';
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'oe_authentication_settings';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    $form['protocol'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Application authentication protocol'),
+      '#default_value' => $this->config(static::CONFIGNAME)->get('protocol'),
+    ];
+    $form['register_path'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Application register path'),
+      '#default_value' => $this->config(static::CONFIGNAME)->get('register_path'),
+    ];
+    $form['validation_path'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Application validation path'),
+      '#default_value' => $this->config(static::CONFIGNAME)->get('validation_path'),
+    ];
+    $form['assurance_level'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Application assurance levels'),
+      '#default_value' => $this->config(static::CONFIGNAME)->get('assurance_level'),
+    ];
+    $form['ticket_types'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Application available ticket types'),
+      '#default_value' => $this->config(static::CONFIGNAME)->get('ticket_types'),
+    ];
+    return parent::buildForm($form, $form_state);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    $this->config(static::CONFIGNAME)
+      ->set('protocol', $form_state->getValue('protocol'))
+      ->set('register_path', $form_state->getValue('register_path'))
+      ->set('validation_path', $form_state->getValue('validation_path'))
+      ->set('assurance_level', $form_state->getValue('assurance_level'))
+      ->set('ticket_types', $form_state->getValue('ticket_types'))
+      ->save();
+    parent::submitForm($form, $form_state);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function getEditableConfigNames() {
+    return ['oe_authentication.settings'];
+  }
+
+}

tests/Behat/AuthenticationContext.php

@@ -4,26 +4,55 @@
 
 namespace Drupal\Tests\oe_authentication\Behat;
 
-use Drupal\DrupalExtension\Context\ConfigContext;
+use Behat\Behat\Hook\Scope\BeforeScenarioScope;
+use Drupal\DrupalExtension\Context\RawDrupalContext;
 
 /**
  * Defines step definitions specifically for testing the CAS options.
- *
- * We are extending ConfigContext to override the setConfig() method until
- * issue https://github.com/jhedstrom/drupalextension/issues/498 is fixed.
- *
- * @todo Extend DrupalRawContext and gather the config context when the above
- * issue is fixed.
  */
-class AuthenticationContext extends ConfigContext {
+class AuthenticationContext extends RawDrupalContext {
+
+
+  /**
+   * The config context.
+   *
+   * @var \Drupal\DrupalExtension\Context\ConfigContext
+   */
+  protected $configContext;
+
+  /**
+   * Gathers some other contexts.
+   *
+   * @param \Behat\Behat\Hook\Scope\BeforeScenarioScope $scope
+   *   The before scenario scope.
+   *
+   * @BeforeScenario
+   */
+  public function gatherContexts(BeforeScenarioScope $scope) {
+    $environment = $scope->getEnvironment();
+    $this->configContext = $environment->getContext('Drupal\DrupalExtension\Context\ConfigContext');
+  }
 
   /**
    * Configures the CAS module to use Drupal login.
    *
-   * @Given the site is configured to use Drupal login
+   * @BeforeScenario @DrupalLogin
    */
   public function setConfigDrupalLogin(): void {
-    $this->setConfig('cas.settings', 'forced_login.enabled', FALSE);
+    $this->configContext->setConfig('cas.settings', 'forced_login.enabled', FALSE);
+  }
+
+  /**
+   * Configures the CAS module to use CAS login.
+   *
+   * Revert the CAS login setting. The ConfigContext does revert
+   * this value, however it is cached and therefore it isn't available for
+   * other scenarios following this tag.
+   *
+   * @AfterScenario @DrupalLogin
+   */
+  public function setConfigCasLogin(): void {
+    $this->configContext->setConfig('cas.settings', 'forced_login.enabled', TRUE);
   }
 
   /**
@@ -32,7 +61,7 @@ public function setConfigDrupalLogin(): void {
    * @Given the site is configured to initialize this client as a proxy
    */
   public function setConfigProxyInitialize(): void {
-    $this->setConfig('cas.settings', 'proxy.initialize', TRUE);
+    $this->configContext->setConfig('cas.settings', 'proxy.initialize', TRUE);
   }
 
   /**
@@ -60,4 +89,18 @@ public function blockUser(string $username): void {
     }
   }
 
+  /**
+   * Backup configs that need to be reverted in AfterScenario by ConfigContext.
+   *
+   * @BeforeScenario @BackupAuthConfigs
+   */
+  public function backupCasConfigs(): void {
+    $name = 'oe_authentication.settings';
+
+    $configs = $this->getDriver()->getCore()->configGet($name);
+    foreach ($configs as $key => $value) {
+      $this->configContext->setConfig($name, $key, $value);
+    }
+  }
+
 }

tests/features/configure_authentication.feature

@@ -0,0 +1,31 @@
+@api
+Feature: Authentication
+  As the site manager
+  I need to be able to configure the settings
+
+  Background:
+    Given I am logged in as a user with the "administer authentication configuration" permission
+
+  @DrupalLogin @BackupAuthConfigs
+  Scenario: Configure Authentication settings
+    Given I am on "admin/config/system/oe_authentication"
+    Then I should see "Authentication settings"
+    # Check for the default config is there.
+    And the "Application authentication protocol" field should contain "eulogin"
+    And the "Application register path" field should contain "eim/external/register.cgi"
+    And the "Application validation path" field should contain "TicketValidationService"
+    And the "Application assurance levels" field should contain "TOP"
+    And the "Application available ticket types" field should contain "SERVICE,PROXY"
+    # Change the configuration values.
+    When I fill in "Application authentication protocol" with "something"
+    And I fill in "Application register path" with "test/something"
+    And I fill in "Application validation path" with "validation/path"
+    And I fill in "Application assurance levels" with "assurance"
+    And I fill in "Application available ticket types" with "ticket.test"
+    And I press "Save configuration"
+    Then I should see the message "The configuration options have been saved."
+    And the "Application authentication protocol" field should contain "something"
+    And the "Application register path" field should contain "test/something"
+    And the "Application validation path" field should contain "validation/path"
+    And the "Application assurance levels" field should contain "assurance"
+    And the "Application available ticket types" field should contain "ticket.test"

tests/features/drupal-login.feature

@@ -3,10 +3,9 @@ Feature: Login through Drupal
   If configured properly
   I can access the CMS backend through Drupal
 
+  @DrupalLogin
   Scenario: If configured properly I can access the CMS backend through Drupal
-    Given the site is configured to use Drupal login
-
-    When I am logged in as a user with the "authenticated" role
+    Given I am logged in as a user with the "authenticated" role
     Then I should see the link "Log out"
 
     When I click "Log out"

tests/features/ecas-login.feature

@@ -1,4 +1,4 @@
-@javascript
+@api @javascript
 Feature: Login through OE Authentication
   In order to be able to access the CMS backend
   As user of the system
@@ -36,14 +36,17 @@ Feature: Login through OE Authentication
     And I should see the link "Log in"
 
   Scenario: A blocked user should not be able to log in
-    Given the user "chucknorris" is blocked
+    Given users:
+      | name      |
+      | lsalander |
+    And the user "lsalander" is blocked
     When I am on the homepage
     Then I should see the link "Log in"
     And I should not see the link "Log out"
 
     # When I try to log in again I will be denied access.
     When I click "Log in"
-    And I fill in "Username or e-mail address" with "texasranger@chuck_norris.com.eu"
-    And I fill in "Password" with "Qwerty098"
+    And I fill in "Username or e-mail address" with "Lisbeth.SALANDER@ext.ec.europa.eu"
+    And I fill in "Password" with "dragon_tattoo"
     And I press the "Login!" button
     Then I should see "There was a problem logging in, please contact a site administrator."