2023-04-19 04:27:10 +00:00
|
|
|
package oidc_test
|
2022-04-01 11:18:58 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2023-04-19 04:27:10 +00:00
|
|
|
|
|
|
|
"github.com/authelia/authelia/v4/internal/oidc"
|
2022-04-01 11:18:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type testAMRWant struct {
|
|
|
|
FactorKnowledge, FactorPossession, MultiFactorAuthentication bool
|
|
|
|
ChannelBrowser, ChannelService, MultiChannelAuthentication bool
|
|
|
|
|
|
|
|
RFC8176 []string
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthenticationMethodsReferences(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
2023-04-19 04:27:10 +00:00
|
|
|
is oidc.AuthenticationMethodsReferences
|
2022-04-01 11:18:58 +00:00
|
|
|
want testAMRWant
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Username and Password",
|
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{UsernameAndPassword: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: true,
|
|
|
|
FactorPossession: false,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"pwd"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "TOTP",
|
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{TOTP: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"otp"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2023-04-14 16:04:42 +00:00
|
|
|
desc: "WebAuthn",
|
2022-04-01 11:18:58 +00:00
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{WebAuthn: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"hwk"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2023-04-14 16:04:42 +00:00
|
|
|
desc: "WebAuthn User Presence",
|
2022-04-01 11:18:58 +00:00
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{WebAuthnUserPresence: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: false,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: false,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"user"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2023-04-14 16:04:42 +00:00
|
|
|
desc: "WebAuthn User Verified",
|
2022-04-01 11:18:58 +00:00
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{WebAuthnUserVerified: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: false,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: false,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"pin"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2023-04-14 16:04:42 +00:00
|
|
|
desc: "WebAuthn with User Presence and Verified",
|
2022-04-01 11:18:58 +00:00
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{WebAuthn: true, WebAuthnUserVerified: true, WebAuthnUserPresence: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: false,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"hwk", "user", "pin"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Duo",
|
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{Duo: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: false,
|
|
|
|
ChannelService: true,
|
|
|
|
MultiChannelAuthentication: false,
|
|
|
|
RFC8176: []string{"sms"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2023-04-14 16:04:42 +00:00
|
|
|
desc: "Duo WebAuthn TOTP",
|
2022-04-01 11:18:58 +00:00
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{Duo: true, WebAuthn: true, TOTP: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: true,
|
|
|
|
MultiChannelAuthentication: true,
|
|
|
|
RFC8176: []string{"sms", "hwk", "otp", "mca"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Duo TOTP",
|
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{Duo: true, TOTP: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: false,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: false,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: true,
|
|
|
|
MultiChannelAuthentication: true,
|
|
|
|
RFC8176: []string{"sms", "otp", "mca"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Username and Password with Duo",
|
|
|
|
|
2023-04-19 04:27:10 +00:00
|
|
|
is: oidc.AuthenticationMethodsReferences{Duo: true, UsernameAndPassword: true},
|
2022-04-01 11:18:58 +00:00
|
|
|
want: testAMRWant{
|
|
|
|
FactorKnowledge: true,
|
|
|
|
FactorPossession: true,
|
|
|
|
MultiFactorAuthentication: true,
|
|
|
|
ChannelBrowser: true,
|
|
|
|
ChannelService: true,
|
|
|
|
MultiChannelAuthentication: true,
|
|
|
|
RFC8176: []string{"pwd", "sms", "mfa", "mca"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.desc, func(t *testing.T) {
|
|
|
|
assert.Equal(t, tc.want.FactorKnowledge, tc.is.FactorKnowledge())
|
|
|
|
assert.Equal(t, tc.want.FactorPossession, tc.is.FactorPossession())
|
|
|
|
assert.Equal(t, tc.want.MultiFactorAuthentication, tc.is.MultiFactorAuthentication())
|
|
|
|
assert.Equal(t, tc.want.ChannelBrowser, tc.is.ChannelBrowser())
|
|
|
|
assert.Equal(t, tc.want.ChannelService, tc.is.ChannelService())
|
|
|
|
assert.Equal(t, tc.want.MultiChannelAuthentication, tc.is.MultiChannelAuthentication())
|
|
|
|
|
|
|
|
isRFC8176 := tc.is.MarshalRFC8176()
|
|
|
|
|
|
|
|
for _, amr := range tc.want.RFC8176 {
|
|
|
|
t.Run(fmt.Sprintf("has all wanted/%s", amr), func(t *testing.T) {
|
|
|
|
assert.Contains(t, isRFC8176, amr)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, amr := range isRFC8176 {
|
|
|
|
t.Run(fmt.Sprintf("only has wanted/%s", amr), func(t *testing.T) {
|
|
|
|
assert.Contains(t, tc.want.RFC8176, amr)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|