wiregui

provvedo/wiregui

Fork 0

Commit graph

Author	SHA1	Message	Date
Stefano Bertelli	260837d3aa	fix: clean up orphaned nftables chains on reconcile Some checks failed Dev / test (push) Failing after 1m15s Details Dev / docker (push) Has been skipped Details rebuild_all_rules now discovers existing user_ chains and removes any that are no longer in the DB. Reconcile always runs the firewall rebuild even with 0 devices, so stale forward rules and orphan chains are cleaned up when all devices are deleted.	2026-03-31 23:25:30 -05:00
Stefano Bertelli	06b5a3dc12	feat: comprehensive test suite + SAML auth fixes + mock SAML IdP Some checks failed Dev / test (push) Failing after 3m14s Details Dev / docker (push) Has been skipped Details Tests (198 unit + 70 e2e = 268 total): - Add test_api_deps.py: Bearer token auth, get_current_api_user, require_admin - Add test_wireguard_extended.py: ensure_interface, set_private_key, set_listen_port - Add test_firewall_extended.py: _nft/_nft_batch errors, jump rules, policies - Add test_mfa_login.py: MFA redirect, TOTP verify, invalid code, cancel - Add test_magic_link_page.py: page render, submit, empty email, back to login - Add test_admin_devices.py: list, filter, create, edit, delete, config dialog - Add test_admin_rules.py: list, create, edit, delete (all DB-verified) - Add test_admin_settings.py: defaults, security, OIDC/SAML providers - Add test_saml_login.py: button visible, redirect, metadata, full login flow Bug fixes: - Fix SAML callback to use /auth/complete bridge (same fix as OIDC) - Fix missing get_settings import in admin settings page - Add SAML provider buttons to login page - Make SAML strict mode configurable per-provider Infrastructure: - Add mock SimpleSAMLphp IdP to compose.yml with SP config - Add mock-saml service to CI workflows (release + dev)	2026-03-31 16:52:29 -05:00

Author

SHA1

Message

Date

Stefano Bertelli

260837d3aa

fix: clean up orphaned nftables chains on reconcile

Dev / test (push) Failing after 1m15s

Details

Dev / docker (push) Has been skipped

Details

rebuild_all_rules now discovers existing user_ chains and removes any
that are no longer in the DB. Reconcile always runs the firewall
rebuild even with 0 devices, so stale forward rules and orphan chains
are cleaned up when all devices are deleted.

2026-03-31 23:25:30 -05:00

Stefano Bertelli

06b5a3dc12

feat: comprehensive test suite + SAML auth fixes + mock SAML IdP

Dev / test (push) Failing after 3m14s

Details

Dev / docker (push) Has been skipped

Details

Tests (198 unit + 70 e2e = 268 total):
- Add test_api_deps.py: Bearer token auth, get_current_api_user, require_admin
- Add test_wireguard_extended.py: ensure_interface, set_private_key, set_listen_port
- Add test_firewall_extended.py: _nft/_nft_batch errors, jump rules, policies
- Add test_mfa_login.py: MFA redirect, TOTP verify, invalid code, cancel
- Add test_magic_link_page.py: page render, submit, empty email, back to login
- Add test_admin_devices.py: list, filter, create, edit, delete, config dialog
- Add test_admin_rules.py: list, create, edit, delete (all DB-verified)
- Add test_admin_settings.py: defaults, security, OIDC/SAML providers
- Add test_saml_login.py: button visible, redirect, metadata, full login flow

Bug fixes:
- Fix SAML callback to use /auth/complete bridge (same fix as OIDC)
- Fix missing get_settings import in admin settings page
- Add SAML provider buttons to login page
- Make SAML strict mode configurable per-provider

Infrastructure:
- Add mock SimpleSAMLphp IdP to compose.yml with SP config
- Add mock-saml service to CI workflows (release + dev)

2026-03-31 16:52:29 -05:00

2 commits