add tests with gh actions

[djay]

@davisagli @thyarles got any idea how to setup 2 plone sites in a zope test layer? Or some other bright idea to simulate saml2 auth exchange?

[wesleybl]

@djay I don't see GitHub Actions in this PR. Can you enable it in the repository settings?

[djay]

@wesleybl so basically my plan plan originally was to use two plone sites and test against each other. One as IdP and one as a SP. but getting that to work with plone.app.test worked out too hard. So instead I figured just test it as a SP as thats the most common case and test it against mock-idp which seems pretty simple. One thing to overcome is that dm.saml2 requires the publishing of a metadata file and mock-idp doesn't do this so a metafile will need to be generated manually and published somehow (maybe even a file link would work. if not a simple http server). After that I think it should not so hard. No need to keep tests in doctest format. only reason I did that is it makes it a bit easier to test testbrowser output. Anyway. thanks for giving it a go and if it proves too hard I'm sure I will find time eventually.

[wesleybl]

So instead I figured just test it as a SP as thats the most common case and test it against mock-idp which seems pretty simple.

@djay mock-idp doesn't work with Python 2:

https://github.com/collective/collective.saml2/actions/runs/9509927169/job/26213629926#step:9:776

Actually, for now I'm more interested in Python 2

[djay]

@wesleybl good point. But it's not an easy thing to test. Maybe there is another IDP code that is easy to set up that does support python 2. Or just run the test only in python 3 and hope it still works in 2. Support will have to be dropped for 2 at some point anyway.

[wesleybl]

@djay I configured Plone 6.0 with Python 3.8 to authenticate with

https://mocksaml.com/

but an error occurred. The server went down, without a traceback. I debugged it and saw that the error is on line 308 of the file dm/saml2/signature.py .The line in question is:

addIDs(doc_tree.getroot(), ['ID'])

So it looks like it doesn't work entirely well with Python 3

[wesleybl]

In Plone 5.2 with Python2, and configured with

https://mocksaml.com

I get the error:

AttributeError: 'NoneType' object has no attribute 'startswith'
2024-06-14 16:31:04,856 ERROR   [Zope.SiteErrorLog:252][waitress-1] 1718393464.860.0667113140391 http://localhost:8080/Plone/acl_users/saml2sp/authenticate
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 176, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 385, in publish_module
  Module ZPublisher.WSGIPublisher, line 288, in publish
  Module ZPublisher.mapply, line 85, in mapply
  Module ZPublisher.WSGIPublisher, line 63, in call_object
  Module dm.zope.saml2.spsso.spsso, line 102, in authenticate
  Module dm.zope.saml2.role, line 148, in deliver
  Module pyxb.binding.basis, line 560, in toxml
  Module pyxb.binding.basis, line 533, in toDOM
  Module dm.saml2.signature, line 311, in finalize
  Module dm.saml2.signature, line 154, in sign
  Module dm.zope.saml2.authority, line 423, in sign
  Module dm.zope.saml2.authority, line 317, in _get_signature_context
  Module dm.zope.saml2.authority, line 323, in _add_sign_keys
  Module dm.zope.saml2.authority, line 440, in _make_absolute
  Module posixpath, line 54, in isabs
AttributeError: 'NoneType' object has no attribute 'startswith'

[djay]

@wesleybl nice idea using that service. Can you raise a seperate bug report?

[djay]

@wesleybl looks like it might be related to creating of a local certificate. This might be missing from the test setup

[wesleybl]

@wesleybl looks like it might be related to creating of a local certificate. This might be missing from the test setup

@djay It appears that https://mocksaml.com/ needs the authentication request to be signed. But I don't know if dm.zope.saml2 supports this.

I haven't tried the test yet. I was trying on the local website.