Initial QSfera import
This commit is contained in:
+107
@@ -0,0 +1,107 @@
|
||||
# E2E NTLM Tests
|
||||
|
||||
This directory contains end-to-end tests for the go-ntlmssp library that test against real NTLM servers.
|
||||
|
||||
## Running E2E Tests Locally
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Windows machine with IIS capabilities
|
||||
- Go 1.20 or later
|
||||
- Administrator privileges (for IIS setup)
|
||||
|
||||
### Setup
|
||||
|
||||
1. **Enable IIS with Windows Authentication:**
|
||||
```powershell
|
||||
# Run as Administrator
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole -All
|
||||
Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication -All
|
||||
```
|
||||
|
||||
2. **Create test site:**
|
||||
```powershell
|
||||
Import-Module WebAdministration
|
||||
New-Website -Name "ntlmtest" -Port 8080 -PhysicalPath "C:\inetpub\wwwroot"
|
||||
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/anonymousAuthentication" -Name enabled -Value false -PSPath "IIS:\Sites\ntlmtest"
|
||||
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/windowsAuthentication" -Name enabled -Value true -PSPath "IIS:\Sites\ntlmtest"
|
||||
```
|
||||
|
||||
3. **Set environment variables:**
|
||||
```powershell
|
||||
$env:NTLM_TEST_URL = "http://localhost:8080/"
|
||||
$env:NTLM_TEST_USER = "your_username"
|
||||
$env:NTLM_TEST_PASSWORD = "your_password"
|
||||
$env:NTLM_TEST_DOMAIN = "your_domain" # Optional
|
||||
```
|
||||
|
||||
> **Note**: The setup script automatically generates a random secure password if none is provided. For security, avoid hardcoded passwords in scripts or CI environments.
|
||||
|
||||
4. **Run tests:**
|
||||
```bash
|
||||
go test -v -tags=e2e ./e2e -run TestNTLM_E2E
|
||||
```
|
||||
|
||||
## GitHub Actions
|
||||
|
||||
The E2E tests run automatically in GitHub Actions on Windows runners. The workflow:
|
||||
|
||||
1. Sets up a clean Windows Server environment
|
||||
2. Generates a random secure password for the test user
|
||||
3. Creates a test user account with the random password
|
||||
4. Configures IIS with Windows Authentication
|
||||
5. Runs the E2E tests against the real NTLM server
|
||||
5. Cleans up resources
|
||||
|
||||
## Test Coverage
|
||||
|
||||
The E2E tests cover:
|
||||
|
||||
- ✅ Basic NTLM authentication flow
|
||||
- ✅ UPN format usernames (`user@domain.com`)
|
||||
- ✅ SAM format usernames (`DOMAIN\user`)
|
||||
- ✅ Authentication failure scenarios
|
||||
- ✅ Server accessibility checks
|
||||
- ✅ Context cancellation handling
|
||||
- ✅ Direct ProcessChallenge function testing
|
||||
|
||||
## Environment Variables
|
||||
|
||||
| Variable | Description | Default |
|
||||
|----------|-------------|---------|
|
||||
| `NTLM_TEST_URL` | URL of NTLM-enabled server | `http://localhost:8080/` |
|
||||
| `NTLM_TEST_USER` | Username for authentication | `$USERNAME` (Windows) |
|
||||
| `NTLM_TEST_PASSWORD` | Password for authentication | Required |
|
||||
| `NTLM_TEST_DOMAIN` | Domain for authentication | `$USERDOMAIN` (Windows) |
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Common Issues
|
||||
|
||||
1. **"No username available"** - Set `NTLM_TEST_USER` environment variable
|
||||
2. **"No password available"** - Set `NTLM_TEST_PASSWORD` environment variable
|
||||
3. **Connection refused** - Ensure IIS is running and accessible on the specified port
|
||||
4. **401 Unauthorized** - Check that Windows Authentication is enabled and working
|
||||
|
||||
### IIS Debugging
|
||||
|
||||
Check IIS status:
|
||||
```powershell
|
||||
Get-Website
|
||||
Get-WebApplication
|
||||
Get-WebConfigurationProperty -Filter "/system.webServer/security/authentication/windowsAuthentication" -Name enabled -PSPath "IIS:\Sites\Default Web Site"
|
||||
```
|
||||
|
||||
View IIS logs:
|
||||
```powershell
|
||||
Get-Content "C:\inetpub\logs\LogFiles\W3SVC1\*.log" | Select-Object -Last 50
|
||||
```
|
||||
|
||||
## Security Note
|
||||
|
||||
These tests use real authentication credentials. In CI/CD:
|
||||
- Test credentials are generated dynamically per job
|
||||
- Credentials are cleaned up after each test run
|
||||
- No persistent credentials are stored
|
||||
|
||||
For local development, use test accounts or ensure credentials are not committed to version control.
|
||||
Reference in New Issue
Block a user