2021-05-04 22:06:05 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2022-01-18 09:32:06 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-04-01 11:18:58 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
2022-01-18 09:32:06 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/oidc"
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/session"
|
2021-05-04 22:06:05 +00:00
|
|
|
)
|
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
func TestShouldGrantAppropriateClaimsForScopeProfile(t *testing.T) {
|
|
|
|
|
consent := &model.OAuth2ConsentSession{
|
|
|
|
|
GrantedScopes: []string{oidc.ScopeProfile},
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
extraClaims := oidcGrantRequests(nil, consent, &oidcUserSessionJohn)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
assert.Len(t, extraClaims, 2)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimPreferredUsername)
|
|
|
|
|
assert.Equal(t, "john", extraClaims[oidc.ClaimPreferredUsername])
|
|
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
require.Contains(t, extraClaims, oidc.ClaimDisplayName)
|
|
|
|
|
assert.Equal(t, "John Smith", extraClaims[oidc.ClaimDisplayName])
|
|
|
|
|
}
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
func TestShouldGrantAppropriateClaimsForScopeGroups(t *testing.T) {
|
2022-04-07 05:33:53 +00:00
|
|
|
consent := &model.OAuth2ConsentSession{
|
|
|
|
|
GrantedScopes: []string{oidc.ScopeGroups},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extraClaims := oidcGrantRequests(nil, consent, &oidcUserSessionJohn)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
assert.Len(t, extraClaims, 1)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimGroups)
|
|
|
|
|
assert.Len(t, extraClaims[oidc.ClaimGroups], 2)
|
|
|
|
|
assert.Contains(t, extraClaims[oidc.ClaimGroups], "admin")
|
|
|
|
|
assert.Contains(t, extraClaims[oidc.ClaimGroups], "dev")
|
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
extraClaims = oidcGrantRequests(nil, consent, &oidcUserSessionFred)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
assert.Len(t, extraClaims, 1)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimGroups)
|
|
|
|
|
assert.Len(t, extraClaims[oidc.ClaimGroups], 1)
|
|
|
|
|
assert.Contains(t, extraClaims[oidc.ClaimGroups], "dev")
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
func TestShouldGrantAppropriateClaimsForScopeEmail(t *testing.T) {
|
2022-04-07 05:33:53 +00:00
|
|
|
consent := &model.OAuth2ConsentSession{
|
|
|
|
|
GrantedScopes: []string{oidc.ScopeEmail},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extraClaims := oidcGrantRequests(nil, consent, &oidcUserSessionJohn)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
assert.Len(t, extraClaims, 3)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimEmail)
|
|
|
|
|
assert.Equal(t, "j.smith@authelia.com", extraClaims[oidc.ClaimEmail])
|
|
|
|
|
|
2022-02-09 22:55:28 +00:00
|
|
|
require.Contains(t, extraClaims, oidc.ClaimEmailAlts)
|
|
|
|
|
assert.Len(t, extraClaims[oidc.ClaimEmailAlts], 1)
|
|
|
|
|
assert.Contains(t, extraClaims[oidc.ClaimEmailAlts], "admin@authelia.com")
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimEmailVerified)
|
|
|
|
|
assert.Equal(t, true, extraClaims[oidc.ClaimEmailVerified])
|
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
extraClaims = oidcGrantRequests(nil, consent, &oidcUserSessionFred)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
2022-03-01 03:07:39 +00:00
|
|
|
assert.Len(t, extraClaims, 2)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimEmail)
|
|
|
|
|
assert.Equal(t, "f.smith@authelia.com", extraClaims[oidc.ClaimEmail])
|
|
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimEmailVerified)
|
|
|
|
|
assert.Equal(t, true, extraClaims[oidc.ClaimEmailVerified])
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestShouldGrantAppropriateClaimsForScopeOpenIDAndProfile(t *testing.T) {
|
2022-04-07 05:33:53 +00:00
|
|
|
consent := &model.OAuth2ConsentSession{
|
|
|
|
|
GrantedScopes: []string{oidc.ScopeOpenID, oidc.ScopeProfile},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extraClaims := oidcGrantRequests(nil, consent, &oidcUserSessionJohn)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
assert.Len(t, extraClaims, 2)
|
|
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimPreferredUsername)
|
|
|
|
|
assert.Equal(t, "john", extraClaims[oidc.ClaimPreferredUsername])
|
|
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimDisplayName)
|
|
|
|
|
assert.Equal(t, "John Smith", extraClaims[oidc.ClaimDisplayName])
|
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
extraClaims = oidcGrantRequests(nil, consent, &oidcUserSessionFred)
|
2022-01-18 09:32:06 +00:00
|
|
|
|
|
|
|
|
assert.Len(t, extraClaims, 2)
|
|
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimPreferredUsername)
|
|
|
|
|
assert.Equal(t, "fred", extraClaims[oidc.ClaimPreferredUsername])
|
|
|
|
|
|
|
|
|
|
require.Contains(t, extraClaims, oidc.ClaimDisplayName)
|
|
|
|
|
assert.Equal(t, extraClaims[oidc.ClaimDisplayName], "Fred Smith")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
oidcUserSessionJohn = session.UserSession{
|
|
|
|
|
Username: "john",
|
|
|
|
|
Groups: []string{"admin", "dev"},
|
|
|
|
|
DisplayName: "John Smith",
|
|
|
|
|
Emails: []string{"j.smith@authelia.com", "admin@authelia.com"},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
oidcUserSessionFred = session.UserSession{
|
|
|
|
|
Username: "fred",
|
|
|
|
|
Groups: []string{"dev"},
|
|
|
|
|
DisplayName: "Fred Smith",
|
|
|
|
|
Emails: []string{"f.smith@authelia.com"},
|
|
|
|
|
}
|
|
|
|
|
)
|
