ci(tests/private-packages): Add SAML, auth controller and workflow (#…

…4140)

.github/workflows/api-tests-with-private-packages.yml

@@ -10,9 +10,6 @@ defaults:
   run:
     working-directory: api
 
-env:
-  FLAGSMITH_RBAC_REVISION: v0.7.0
-
 jobs:
   test:
     if: ${{ github.event.label.name == 'api' }}
@@ -40,26 +37,19 @@ jobs:
           python-version: '3.12'
           cache: 'poetry'
 
-      - name: Install Dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: make install-packages
-
-      - name: Checkout rbac package
-        uses: actions/checkout@v4
-        with:
-          repository: flagsmith/flagsmith-rbac
-          token: ${{ secrets.GH_PRIVATE_ACCESS_TOKEN }}
-          ref: ${{ env.FLAGSMITH_RBAC_REVISION }}
-          path: ./flagsmith-rbac
-
-      - name: Integrate RBAC module
-        run: mv $GITHUB_WORKSPACE/flagsmith-rbac/rbac .
-        shell: bash
+      - name: Install SAML Dependencies
+        run: sudo apt-get install -y xmlsec1
 
-      - name: integrate rbac tests
-        run: ln -s $GITHUB_WORKSPACE/flagsmith-rbac/tests tests/rbac_tests
+      - name: Install packages and Tests
+        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
         shell: bash
-        working-directory: api
+        run: |
+          echo "https://${{ secrets.GH_PRIVATE_ACCESS_TOKEN }}:@github.com" > ${HOME}/.git-credentials
+          git config --global credential.helper store
+          make install-packages opts="--with saml,auth-controller,workflows"
+          make install-private-modules
+          make integrate-private-tests
+          rm -rf ${HOME}/.git-credentials
 
       - name: Run Tests
         env:

api/Makefile

@@ -114,3 +114,13 @@ generate-ld-client-types:
 		--use-standard-collections \
 		--wrap-string-literal \
 		--special-field-name-prefix=
+
+.PHONY: integrate-private-tests
+integrate-private-tests:
+	$(eval WORKFLOW_REVISION := $(shell grep -A 1 "\[tool.poetry.group.workflows.dependencies\]" pyproject.toml | awk -F '"' '{printf $$4}'))
+	$(eval AUTH_CONTROLLER_REVISION := $(shell grep -A 1 "\[tool.poetry.group.auth-controller.dependencies\]" pyproject.toml | awk -F '"' '{printf $$4}'))
+	git clone https://github.com/flagsmith/flagsmith-saml --depth 1 --branch ${SAML_REVISION} && mv ./flagsmith-saml/tests tests/saml_tests
+	git clone https://github.com/flagsmith/flagsmith-rbac --depth 1 --branch ${RBAC_REVISION} && mv ./flagsmith-rbac/tests tests/rbac_tests
+	git clone https://github.com/flagsmith/flagsmith-workflows --depth 1 --branch ${WORKFLOW_REVISION} && mv ./flagsmith-workflows/tests tests/workflow_tests
+	git clone https://github.com/flagsmith/flagsmith-auth-controller --depth 1 --branch ${AUTH_CONTROLLER_REVISION} && mv ./flagsmith-auth-controller/tests tests/auth_controller_tests
+	rm -rf ./flagsmith-saml ./flagsmith-rbac ./flagsmith-workflows ./flagsmith-auth-controller

api/pyproject.toml

@@ -126,7 +126,7 @@ flagsmith-auth-controller = { git = "https://github.com/flagsmith/flagsmith-auth
 optional = true
 
 [tool.poetry.group.saml.dependencies]
-pysaml2 = "^7.0.0"
+pysaml2 = "^7.4.2"
 
 [tool.poetry.group.ldap]
 optional = true

api/tests/integration/custom_auth/end_to_end/test_custom_auth_integration.py

@@ -6,6 +6,7 @@
 from django.conf import settings
 from django.core import mail
 from django.urls import reverse
+from pytest_mock import MockerFixture
 from rest_framework import status
 from rest_framework.test import APIClient, override_settings
 
@@ -288,12 +289,14 @@ def test_throttle_login_workflows(
     api_client: APIClient,
     db: None,
     reset_cache: None,
+    mocker: MockerFixture,
 ) -> None:
     # verify that a throttle rate exists already then set it
     # to something easier to reliably test
     assert settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["login"]
-    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["login"] = "1/sec"
-
+    mocker.patch(
+        "rest_framework.throttling.ScopedRateThrottle.get_rate", return_value="1/minute"
+    )
     email = "test@example.com"
     password = FFAdminUser.objects.make_random_password()
     register_data = {
@@ -323,11 +326,19 @@ def test_throttle_login_workflows(
     assert login_response.status_code == status.HTTP_429_TOO_MANY_REQUESTS
 
 
-def test_throttle_signup(api_client, settings, user_password, db, reset_cache):
+def test_throttle_signup(
+    api_client: APIClient,
+    user_password: str,
+    db: None,
+    reset_cache: None,
+    mocker: MockerFixture,
+) -> None:
     # verify that a throttle rate exists already then set it
     # to something easier to reliably test
     assert settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["signup"]
-    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["signup"] = "1/min"
+    mocker.patch(
+        "rest_framework.throttling.ScopedRateThrottle.get_rate", return_value="1/minute"
+    )
     # Next, let's hit signup for the first time
     register_data = {
         "email": "user_1_email@mail.com",
@@ -351,9 +362,13 @@ def test_throttle_signup(api_client, settings, user_password, db, reset_cache):
     assert response.status_code == status.HTTP_429_TOO_MANY_REQUESTS
 
 
-def test_get_user_is_not_throttled(admin_client, settings, reset_cache):
+def test_get_user_is_not_throttled(
+    admin_client: APIClient, reset_cache: None, mocker: MockerFixture
+):
     # Given
-    settings.REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"]["signup"] = "1/min"
+    mocker.patch(
+        "rest_framework.throttling.ScopedRateThrottle.get_rate", return_value="1/minute"
+    )
     url = reverse("api-v1:custom_auth:ffadminuser-me")
     # When
     for _ in range(2):

api/tests/unit/custom_auth/oauth/test_unit_oauth_serializers.py

@@ -23,7 +23,7 @@ def test_create_oauth_login_serializer(
     sign_up_type = "NO_INVITE"
     data = {"access_token": access_token, "sign_up_type": sign_up_type}
     rf = RequestFactory()
-    request = rf.post("placeholer-login-url")
+    request = rf.post("/api/v1/auth/oauth/google/")
     email = "testytester@example.com"
     first_name = "testy"
     last_name = "tester"

api/tests/unit/custom_auth/test_unit_custom_auth_serializer.py

@@ -12,19 +12,30 @@
 }
 
 
-def test_CustomUserCreateSerializer_converts_email_to_lower_case(db):
+def test_CustomUserCreateSerializer_converts_email_to_lower_case(
+    db: None, rf: RequestFactory
+) -> None:
     # Given
-    serializer = CustomUserCreateSerializer(data=user_dict)
+    request = rf.post("/api/v1/auth/users/")
+    serializer = CustomUserCreateSerializer(
+        data=user_dict, context={"request": request}
+    )
     # When
     serializer.is_valid(raise_exception=True)
     # Then
     assert serializer.validated_data["email"] == "testuser@mail.com"
 
 
-def test_CustomUserCreateSerializer_does_case_insensitive_lookup_with_email(db):
+def test_CustomUserCreateSerializer_does_case_insensitive_lookup_with_email(
+    db: None, rf: RequestFactory
+) -> None:
     # Given
+    request = rf.post("/api/v1/auth/users/")
     FFAdminUser.objects.create(email="testuser@mail.com")
-    serializer = CustomUserCreateSerializer(data=user_dict)
+
+    serializer = CustomUserCreateSerializer(
+        data=user_dict, context={"request": request}
+    )
 
     # When
     assert serializer.is_valid() is False
@@ -72,7 +83,7 @@ def test_CustomUserCreateSerializer_allows_registration_if_sign_up_type_is_invit
     }
 
     serializer = CustomUserCreateSerializer(
-        data=data, context={"request": rf.post("/v1/auth/users/")}
+        data=data, context={"request": rf.post("/api/v1/auth/users/")}
     )
     assert serializer.is_valid()