From 6080932292652d7a183dbbe37cca231f121d7817 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Tue, 3 Dec 2019 14:12:17 -0600
Subject: [PATCH] [NOTASK] postgres test

---
 .../admin/ui/security/model/User.java         |   2 +
 testbed/postgres/conf/application.yml         | 138 ++++++++++++++++++
 testbed/postgres/conf/keystore.p12            | Bin 0 -> 2591 bytes
 testbed/postgres/conf/users.csv               |   2 +
 testbed/postgres/docker-compose.yml           |  39 +++++
 5 files changed, 181 insertions(+)
 create mode 100644 testbed/postgres/conf/application.yml
 create mode 100644 testbed/postgres/conf/keystore.p12
 create mode 100644 testbed/postgres/conf/users.csv
 create mode 100644 testbed/postgres/docker-compose.yml

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
index 1a36ffdcc..c30c4ceff 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
@@ -16,6 +16,7 @@
 import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
+import javax.persistence.Table;
 import javax.persistence.Transient;
 import java.util.HashSet;
 import java.util.Set;
@@ -31,6 +32,7 @@
 @Setter
 @EqualsAndHashCode(callSuper = true, exclude = "roles")
 @ToString(exclude = "roles")
+@Table(name = "USERS")
 public class User extends AbstractAuditable {
 
     @Column(nullable = false, unique = true)
diff --git a/testbed/postgres/conf/application.yml b/testbed/postgres/conf/application.yml
new file mode 100644
index 000000000..2173107e1
--- /dev/null
+++ b/testbed/postgres/conf/application.yml
@@ -0,0 +1,138 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: postgres
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://db:5432/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.PostgreSQLDialect
+server:
+  port: 8443
+  ssl:
+    key-store: "/conf/keystore.p12"
+    key-store-password: "changeit"
+    keyStoreType: "PKCS12"
+    keyAlias: "tomcat"
+shibui:
+  user-bootstrap-resource: file:/conf/users.csv
+  roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      defaultValue: null
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
+logging:
+  level:
+    org.pac4j: "TRACE"
+    org.opensaml: "INFO"
diff --git a/testbed/postgres/conf/keystore.p12 b/testbed/postgres/conf/keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..57f9c162a6953c21e77cf24451d52a9d3fa5cd54
GIT binary patch
literal 2591
zcmY+EXEYlM8^<FeYQ<Jtq&6k?9u10;8fk0mZSC5k=Cz{steO=yV%2ujS}mo--t-cb
z7By>+#;9KJd*1inb3Z)iIp_EPKhMV>97D|oBqN7osHVVFVlnzLKj_FP$qF%41Q3R*
z^9r}YF%+)<iYTl=7>Wm1*z9WVf@%JDMN3TvEX07$;TX^lxG0$V|M==T7l`GEyXPdw
zXm@Syfq*ghPdN9rC^82iIiSk~gaP$MoHrr;heS_|UuGmN=cS{B0tJIUb0I?8*yTo7
z<;eF;9*tyN_u(*2@@PrdCWF2Dy0D}1o_X_!#ZZ`{?D%G$xW!6I082tT@kNaVWLI$y
zQ?{iJZ+N@ft<!DwXOo37BQC$JY68VNQ1j}<c36#RG)TcZCTq&rd%YBp(#_1Sid*!-
zr0h63XPrMz>fv2ER`h<1Ps33b3x`zD#Xa^Yls;WQ*yFh6Z4hzUNZY5VhP!2ryOY5V
zKGpR+arsS!Krgf}A<6#C2})#Ie`zQ4&PMp_lE|YAC+E}<e)pTOhm)NTxZ)pdH|xfm
zeoEzL{ixD&U+Cn9T!kznO3zCwPd{+1#@2x058S}rY-tDclHZi2XlI^MaUzEk+9|ek
zG(~jKN_oA3*>i=UDu!=&HTo~B0gi(9cejrUwu@8hK)<X#Kd-Qt<R+)NSDzj7-7$|i
zWDH`%C{eQQeKVIL%|>P4Ppc|?PGVI38Hao~@kTe57RrfAV`uiHpU&|;rw>h&9Ew=!
zLMynJ&c~u{@IoN*@p6@(O;6g*)m@_r4f!y92e%+LL89f0jf2D#yd<5tn%y@)<=-63
z6_0Wk384``Yo}vPAw_V9)L#x);zJ`87Rrq4-DfRRQ`^s@Lrj#H(Pe=Mp7Po8fC#js
zcSJ_PtVs<RjiBk#+4sLRZ+E?jG3QzKA-hloGzV$ZX;$ZDqtiN?T>Y!pJk}CFP;k7O
zc_`Dqty6pqp_B4@A5ys8D~azqv>9f*uX6D_`SXt6#4yP$g|~+Vfroy_?Yb-~gYqI0
z5mLA&`cD56Gh6EF>7>Bz6Bov(Oh|U|)q=+_KUMmMQaoWc_bHRFt>yS2`2<lf<41G(
zj!zSmv)Uzv^4dk>PdR_MWAzBqHlq;FHp;4?3i-pX#W148gm~V-UUZ|n*JjzAkUSFq
zttV7Z>+Y5zw~xD0q0bHr6tPBYk<@ZRYqSC5C5LJiSzj9x*Jfz5<(#IUL<xFXIvz|`
zvf~?&^n$mO%VG9&&t@oQD=KOl)jvNICzq+cT{Bjq1kC-3lbJV5i|qKdpdKgQkuq<&
zCT}ShyTgFdA0M!drQ)rjpwZo13UV3OAeEt>a0K099m|`{ksz@rub0J!&%HoKuFUrr
zWXg;<+Bqmkm+RPThvHeaFl2lIUw}{=`<fZ?88;{wyRZt2ZhF7Scg5I~MEybif)ZBt
zCySnA_7n_)`0((0UA{ImVp}3Ly{=`7#cA+o=*XuxZ|UlqktT?pA54^GByBqv@1hpH
zB%bfDbti>hIFH<mTa;;??OTknkz6AOoCBv8t6p6i!a~mqA;xK6=tBVyKUXM@|K!hP
z8~kYJGmxPQHTEt@O~JdEjAw?!=)MOg`c1d{nm**j>2F^riQ@cgPRe##VOlhq{C!$y
zVj2oh;|;i+c{#2fJ1b-;B#$QNMnLR@eci$$qQ-ms7bc++#f`<^nCMftG;_6g7RkDG
zS)Avgii(ZQLOp!MllH-jXVki-(HWhVnKy&7Tl@B)y!#8xCT>ULqi)rNN;h#Q7CxqR
zte=q-)bmc(SCU!-g{|J;c?pUaD+SJP9LH%`RA><;$y;@hzcxf~7(I>Z(q(f{zf_Xe
zf^+??N-7p<2rn(b58wsx0N4W_0sP?n|Aeg4EFh+Pt{#q1X?a;iWkm%Ac?CFJ`bwTg
zf0ro1S3Xt0Ldrlgz}1rZCn5WnVZr|~tkqHEp57>;w2?YVbCA+_xIaH;_`imYz>t%=
zKLnhg96NO9Of%ipR@Ct?o8CRsk7X;lAXwe>=H7+*|55nm<e(X>S)}2Ts|&f1Nl>z1
zPp%bXaadZ_SSnSH-ijLuA8bkgxt3k0e=KaXxvasg01EAO&U?ELSmNRS@Vih`O`n~!
zm(iL%2^WSEvkM+EsF_lT1D_e@M-l3VUhD?z3@NL5yD$To`Q|y$2lZz@8<To_b)!}v
zWDwEVbG2-_W5^@8mWVV%o!a`K$w(rp)-<x33Y%B%5wo!SY~r3;0y&+9NW-=zqBW!K
zYrnjMpQ*Q&`&j-Dub8zto5_#8rH#cblSCbpv_G{m_bFG{jkiiWI6WCih;;-~4#>Gr
zH4a-TtEoQ|2cur+F-BXgKL4tkHyAja?^>!LPV8%yz$IX7t45YvZQo#J^&uiR-_S?`
zVVZok0mHxl`d(kE5k+c?f|#$W$oE!N?wV_-Lx@?LcLHxvUivKu_Ty)u3Fn#qSoD1Z
z)q5K^gp<}bKZ1pR>6t{YF4aubO9b>EsG|8Ic|MxD@?c@p>&n6>r)Kdcl7DnwQx*!?
zqN|mP_On)F72tRv9Ka}`BR`D!)Z6uX6A@!OR6q&@dJtSP&2tHt*YNx*)eyv6=1@=1
z0Ny4nsx!gKdBZ)?43Q@1JQD0EntJm%-;=l00}SIaB7KE>E%tK`$J1|Vk{ZzCy#=0(
zrOIhoXp~QXrmT;gp5{^Jz8Ls+TQIjTzYevT&yv94>ouv1?~>VU#n%gf$6Xt~E(ERD
zK;m4byGfL*a9YtUngDy?_Brb@jq?t0C5>?`p)fW$*MQBkF|Ww#RnhSC@RkIWjKknZ
zBLec1=wR==k~K5LiB(-Ox;}hz-_=vlV^IAz9_d%ru;Faw<e*4yFKIcYp9+KB%k+=u
zD>b=wBT7=<aU#foL99UwdTUpJue}-I7^t6ff2g(d#(Nvj(mZ5CZRV%*A-C~Y22QE@
zD5EE}=aFw_l!(!j^3uqfO0j&~Bb-^*-U~}&x2#`?(adGe60f1;^&z>0Z)%sJL=ETE
z1K}_i-IeO_F;spY)>~=*tiy^f*X(CwGuxLIb|s@IL$=*RKp0_k{sq}UzfGV^$P=R#
z0ouf)<V{Mg&G~|@M4!Y$_Uk>?@zmvOBRng}=n%+lMZ$8fk6z%zIgz@9-Z^#c&dEhz
zjy_f~4KC~7h);(y-@3i8#%7D{ip3I?%)J>p*up#<AICXLnkkVu1cjEF7o4$8FOj#j
z_P8Cyl?BWuS7n2(_f44od=!C`%59L7g3FoyWOPqb7`3GDug>)iL;26E8bS&fw=+*E
z&@<&p2yJD<nX;sNycPugP^IBV__PX$6<h<(52pfCh(pMMoD={Mizqj1&gr0)1WeH1
os7W#8vay?45X3T2DWiJ)C7~?+xM(KkJkky=d#(p0CyOck3ta-aKmY&$

literal 0
HcmV?d00001

diff --git a/testbed/postgres/conf/users.csv b/testbed/postgres/conf/users.csv
new file mode 100644
index 000000000..db290662e
--- /dev/null
+++ b/testbed/postgres/conf/users.csv
@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+jj,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org
\ No newline at end of file
diff --git a/testbed/postgres/docker-compose.yml b/testbed/postgres/docker-compose.yml
new file mode 100644
index 000000000..593ceb1fc
--- /dev/null
+++ b/testbed/postgres/docker-compose.yml
@@ -0,0 +1,39 @@
+version: "3.7"
+
+services:
+  db:
+    image: postgres
+    container_name: db
+    environment:
+      POSTGRES_USER: shibui
+      POSTGRES_PASSWORD: shibui
+      POSTGRES_DB: shibui
+    networks:
+      - front
+    ports:
+      - 3306:3306
+  shibui:
+    image: unicon/shibui
+    ports:
+      - 8080:8080
+      - 5005:5005
+      - 8443:8443
+    volumes:
+      - ./conf:/conf
+      - ./conf/application.yml:/application.yml
+    networks:
+      - front
+    depends_on:
+      - db
+  mailhog:
+    image: mailhog/mailhog:latest
+    ports:
+      - 1025:1025
+      - 8025:8025
+    container_name: mailhog
+    networks:
+      - front
+
+networks:
+  front:
+    driver: bridge
\ No newline at end of file