From 9806d8e1874a07ea161230c95255e3e943b4125d Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Sat, 11 Sep 2021 01:07:39 +0200
Subject: [PATCH] Add CI tests for Bullseye and fix remaining compatability
 issues

---
 .gitlab-ci.yml       | 69 +++++++++++++++++++++++++++++++++++++++++---
 tests/test_oauth2.py |  2 +-
 uffd/mfa/views.py    |  1 +
 3 files changed, 67 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 429c0b42..34bb4219 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,7 +44,8 @@ db_migrations_updated:
   - FLASK_APP=uffd flask db upgrade
   - FLASK_APP=uffd flask db migrate 2>&1 | grep -q 'No changes in schema detected'
 
-linter:
+linter:buster:
+  image: registry.git.cccv.de/uffd/docker-images/buster
   stage: test
   script:
   - pip3 install pylint-gitlab pylint-flask-sqlalchemy # this force-updates jinja2 and some other packages!
@@ -58,7 +59,24 @@ linter:
     reports:
       codequality: codeclimate.json
 
-unittests:
+
+linter:bullseye:
+  image: registry.git.cccv.de/uffd/docker-images/bullseye
+  stage: test
+  script:
+  - pip3 install pylint-gitlab pylint-flask-sqlalchemy # this force-updates jinja2 and some other packages!
+  - python3 -m pylint --exit-zero --rcfile .pylintrc --output-format=pylint_gitlab.GitlabCodeClimateReporter uffd > codeclimate.json
+  - python3 -m pylint --exit-zero --rcfile .pylintrc --output-format=pylint_gitlab.GitlabPagesHtmlReporter uffd > pylint.html
+  - python3 -m pylint --rcfile .pylintrc --output-format=text uffd
+  artifacts:
+    when: always
+    paths:
+    - pylint.html
+    reports:
+      codequality: codeclimate.json
+
+unittests:buster:
+  image: registry.git.cccv.de/uffd/docker-images/buster
   stage: test
   script:
   - service slapd start
@@ -77,6 +95,26 @@ unittests:
       junit: report.xml
   coverage: '/^TOTAL.*\s+(\d+\%)$/'
 
+unittests:bullseye:
+  image: registry.git.cccv.de/uffd/docker-images/bullseye
+  stage: test
+  script:
+  - service slapd start
+  - UNITTEST_OPENLDAP=1 python3-coverage run --include 'uffd/*.py' -m pytest --junitxml=report.xml || true
+  #- python3-coverage report -m
+  - python3-coverage html
+  #- python3-coverage xml
+  artifacts:
+    when: always
+    paths:
+    - htmlcov/index.html
+    - htmlcov
+    expose_as: 'Coverage Report'
+    reports:
+      #cobertura: coverage.xml
+      junit: report.xml
+  #coverage: '/^TOTAL.*\s+(\d+\%)$/'
+
 html5validator:
   stage: test
   script:
@@ -103,14 +141,37 @@ trans_de:
   variables:
     TRANSLATION_LANGUAGE: de
 
-test:package:pip:
+test:package:pip:buster:
+  image: registry.git.cccv.de/uffd/docker-images/buster
+  stage: test
+  script:
+  - pip3 install dist/*.tar.gz
+  dependencies:
+  - build:pip
+
+test:package:pip:bullseye:
+  image: registry.git.cccv.de/uffd/docker-images/bullseye
   stage: test
   script:
   - pip3 install dist/*.tar.gz
   dependencies:
   - build:pip
 
-test:package:apt:
+test:package:apt:buster:
+  image: registry.git.cccv.de/uffd/docker-images/buster
+  stage: test
+  script:
+  - apt -y install ./build/*.deb
+  - service uwsgi start uffd || ( service uwsgi status uffd ; sleep 15; cat /var/log/uwsgi/app/uffd.log; )
+  - echo "server { listen 127.0.0.1:5000 default_server;  include /etc/uffd/nginx.include.conf; }" > /etc/nginx/sites-enabled/uffd.ini
+  - service nginx start || ( service nginx status; nginx -t; exit 1; )
+  - uffd-admin routes
+  - curl -Lv 127.0.0.1:5000
+  dependencies:
+  - build:apt
+
+test:package:apt:bullseye:
+  image: registry.git.cccv.de/uffd/docker-images/bullseye
   stage: test
   script:
   - apt -y install ./build/*.deb
diff --git a/tests/test_oauth2.py b/tests/test_oauth2.py
index a41e3182..a4fb8295 100644
--- a/tests/test_oauth2.py
+++ b/tests/test_oauth2.py
@@ -169,7 +169,7 @@ class TestViews(UffdTestCase):
 	def test_token_invalid_code(self):
 		r = self.client.post(path=url_for('oauth2.token'),
 			data={'grant_type': 'authorization_code', 'code': 'abcdef', 'redirect_uri': 'http://localhost:5009/callback', 'client_id': 'test', 'client_secret': 'testsecret'}, follow_redirects=True)
-		self.assertEqual(r.status_code, 401)
+		self.assertIn(r.status_code, [400, 401]) # oauthlib behaviour changed between v2.1.0 and v3.1.0
 		self.assertEqual(r.content_type, 'application/json')
 
 	def test_token_invalid_client(self):
diff --git a/uffd/mfa/views.py b/uffd/mfa/views.py
index 699d7ce9..4c820460 100644
--- a/uffd/mfa/views.py
+++ b/uffd/mfa/views.py
@@ -111,6 +111,7 @@ try:
 		from fido2.server import Fido2Server, RelyingParty as PublicKeyCredentialRpEntity
 		from fido2.ctap2 import AttestationObject, AuthenticatorData
 		from fido2 import cbor
+		# pylint: disable=no-member
 		cbor.encode = cbor.dumps
 		cbor.decode = lambda arg: cbor.loads(arg)[0]
 	elif fido2.__version__.startswith('0.9.'):
-- 
GitLab