feat: comprehensive test suite + SAML auth fixes + mock SAML IdP

Tests (198 unit + 70 e2e = 268 total): - Add test_api_deps.py: Bearer token auth, get_current_api_user, require_admin - Add test_wireguard_extended.py: ensure_interface, set_private_key, set_listen_port - Add test_firewall_extended.py: _nft/_nft_batch errors, jump rules, policies - Add test_mfa_login.py: MFA redirect, TOTP verify, invalid code, cancel - Add test_magic_link_page.py: page render, submit, empty email, back to login - Add test_admin_devices.py: list, filter, create, edit, delete, config dialog - Add test_admin_rules.py: list, create, edit, delete (all DB-verified) - Add test_admin_settings.py: defaults, security, OIDC/SAML providers - Add test_saml_login.py: button visible, redirect, metadata, full login flow Bug fixes: - Fix SAML callback to use /auth/complete bridge (same fix as OIDC) - Fix missing get_settings import in admin settings page - Add SAML provider buttons to login page - Make SAML strict mode configurable per-provider Infrastructure: - Add mock SimpleSAMLphp IdP to compose.yml with SP config - Add mock-saml service to CI workflows (release + dev)
2026-03-31 16:52:29 -05:00 · 2026-03-31 16:52:29 -05:00 · 06b5a3dc12
commit 06b5a3dc12
parent 25cff5e4d9
18 changed files with 1768 additions and 47 deletions
--- a/.forgejo/workflows/dev.yml
+++ b/.forgejo/workflows/dev.yml
@ -34,11 +34,18 @@ jobs:
        env:
          SERVER_PORT: "9000"
          JSON_CONFIG: '{"interactiveLogin":true,"httpServer":"NettyWrapper","tokenCallbacks":[{"issuerId":"test-idp","tokenExpiry":3600,"requestMappings":[{"requestParam":"scope","match":"*","claims":{"sub":"$${claim:sub}","email":"$${claim:sub}@test.local","name":"Test User"}}]}]}'
+      mock-saml:
+        image: kenchan0130/simplesamlphp
+        env:
+          SIMPLESAMLPHP_SP_ENTITY_ID: http://localhost:13003/auth/saml/test-saml/metadata
+          SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: http://localhost:13003/auth/saml/test-saml/callback
+          SIMPLESAMLPHP_IDP_BASE_URL: http://mock-saml:8080/simplesaml/
    env:
      CI: "true"
      WG_DATABASE_URL: postgresql+asyncpg://wiregui:wiregui@postgres/wiregui
      WG_REDIS_URL: redis://valkey:6379/0
      MOCK_OIDC_HOST: mock-oidc
+      MOCK_SAML_HOST: mock-saml
    steps:
      - name: Install system dependencies and checkout
        run: |
--- a/.forgejo/workflows/release.yml
+++ b/.forgejo/workflows/release.yml
@ -35,11 +35,18 @@ jobs:
        env:
          SERVER_PORT: "9000"
          JSON_CONFIG: '{"interactiveLogin":true,"httpServer":"NettyWrapper","tokenCallbacks":[{"issuerId":"test-idp","tokenExpiry":3600,"requestMappings":[{"requestParam":"scope","match":"*","claims":{"sub":"$${claim:sub}","email":"$${claim:sub}@test.local","name":"Test User"}}]}]}'
+      mock-saml:
+        image: kenchan0130/simplesamlphp
+        env:
+          SIMPLESAMLPHP_SP_ENTITY_ID: http://localhost:13003/auth/saml/test-saml/metadata
+          SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: http://localhost:13003/auth/saml/test-saml/callback
+          SIMPLESAMLPHP_IDP_BASE_URL: http://mock-saml:8080/simplesaml/
    env:
      CI: "true"
      WG_DATABASE_URL: postgresql+asyncpg://wiregui:wiregui@postgres/wiregui
      WG_REDIS_URL: redis://valkey:6379/0
      MOCK_OIDC_HOST: mock-oidc
+      MOCK_SAML_HOST: mock-saml
    steps:
      - name: Install system dependencies and checkout
        run: |