coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test: add comprehensive integration test suite for IAM platform

Browse Source 
Add 162 integration tests covering authentication flows, TOTP MFA,
SSH key/certificate management, organization workflows, multi-org
access, self-service features, admin operations, authorization,
security edge cases, department/principal management, CA management,
policy compliance, WebAuthn passkeys, and ZeroTier network access.

Includes:
- Reusable API client library with session management
- Test fixtures for users, organizations, memberships, and CAs
- Helper functions for SSH key generation and verification
- Documentation for running and writing tests

Also update test configuration to disable conflicting maas plugins
and configure WebAuthn/session settings for localhost testing.
This commit is contained in:
Cory Hawkvelt
2026-04-23 15:41:37 +09:30
parent eb2fc6c8b3
commit 015c622016
36 changed files with 5446 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/integration/fixtures/ssh_keys.py
+38
View File
@@ -0,0 +1,38 @@
"""Test SSH key pairs and helpers for integration tests."""
import uuid
# Pre-generated Ed25519 test key pair (DO NOT USE IN PRODUCTION)
TEST_PRIVATE_KEY = """-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBqPZ1wQtlMltpE8T0hxmP0Y9DRfjVw0LJpHip7sLTTOQAAAJgPGqh4Dxqo
eAAAAAtzc2gtZWQyNTUxOQAAACBqPZ1wQtlMltpE8T0hxmP0Y9DRfjVw0LJpHip7sLTTOQ
AAAEAz0wM1oU6nLdD1pPsgxE9gqPB1Gs2fI3oO+tWSef0Ckmo9nXBC2UyW2kTxPSHGY/Rj
0NF+NXDQsmkeKnswtNM5AAAAFHRlc3R1c2VyQGV4YW1wbGUuY29tAAAACXN0dWJ0ZXN0AAAAHHN0dWItdGVzdC1rZXktZm9yLWludGVncmF0aW9uLXRlc3Rz
-----END OPENSSH PRIVATE KEY-----"""
TEST_PUBLIC_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGo9nXBC2UyW2kTxPSHGY/Rj0NF+NXDQsmkeKnswtNM5 testuser@example.com"
# Invalid key material for negative tests
INVALID_PUBLIC_KEY = "not-a-valid-ssh-key-format"
# Generate a unique public key per call to avoid fingerprint collisions
# across tests that share the same database.
# Ed25519 public keys are 68 chars prefix + 32 bytes base64 + comment.
# We use a deterministic but unique-looking valid prefix.
VALID_ED25519_PREFIX = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI"
def generate_unique_public_key() -> str:
"""Return a unique-looking but structurally valid Ed25519 public key.
The key is NOT cryptographically valid, but passes format checks
that look for the ssh-ed25519 prefix and structure.
"""
unique = uuid.uuid4().hex[:32] # 32 hex chars = 16 bytes
padding = "A" * (43 - 32) # pad to typical base64 length
return f"{VALID_ED25519_PREFIX}{unique}{padding} test-{uuid.uuid4().hex[:6]}@example.com"
# Backwards-compatible aliases
TEST_PUBLIC_KEY_2 = generate_unique_public_key()
TEST_PUBLIC_KEY_OTHER = generate_unique_public_key()