0

有人可以指导一下 TestCafe 如何对 IAP 安全服务/应用进行身份验证吗?我试图在这里阅读本指南,但对我来说似乎有点复杂。如果有人之前做过这件事,如果你能分享,那就太好了。先感谢您。

4

1 回答 1

1

我们通过使用google-auth-library并扩展了RequestHookTestcafe 来实现它。

  • 您需要拥有 Google IAP 凭据( 链接中的第 1 步和第 2 步)才能获取 JWT 令牌。
  • 获得 JWT 令牌后,将其添加为您对应用程序执行的每个请求的授权标头(通过扩展来实现RequestHook)。

辅助函数的代码大致如下:

import { RequestHook } from 'testcafe';

import { GoogleAuth } from 'google-auth-library';

export class GoogleIapJWTAuthorization extends RequestHook {

  constructor () {
    // No URL filtering applied to this hook
    // so it will be used for all requests.
    super();

    const auth = new GoogleAuth({
      credentials: serviceGoogleAccount
    });

    console.log('Google Authentication');

    console.log(`Loaded Service Account ${GoogleAccount.client_email}`);
    auth.getClient()
    .then(client => client.fetchIdToken(`${GoogleAccount.targetAudience}`))
    .then(token => {
        console.log(`Successfully authenticated with Identity Aware Proxy. Id Token: ${token}`);
        this._token = token;
        return token;
    })
    .catch(err => {
        console.log(`Identity Aware Proxy Authentication Failed. Id Token: ${token}`);
        console.log(JSON.stringify(err));
        process.exitCode = 1;
    });
}
  getGoogleJwtToken() {
    return this._token;
  }

  onRequest (e) {
    //Authorization header for authentication into Google Auth IAP
    e.requestOptions.headers['Authorization']= `Bearer ${this._token}`;
  }

  onResponse (e) {
      // This method must also be overridden,
      // but you can leave it blank.
  }
}
于 2020-11-09T22:09:15.283 回答