Rename OIDC strategy from :rauthy to :oidc, update callback path
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
This commit is contained in:
parent
c637b6b84f
commit
339d37937a
GPG key ID:
1020A035E5DD0824
25 changed files with 134 additions and 135 deletions
|
|
@ -283,7 +283,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
|
|||
assert user_with_role.role.name == "Mitglied"
|
||||
end
|
||||
|
||||
test "register_with_rauthy works without actor via AshAuthentication bypass" do
|
||||
test "register_with_oidc works without actor via AshAuthentication bypass" do
|
||||
# Test that AshAuthentication bypass allows OIDC registration without actor
|
||||
user_info = %{
|
||||
"sub" => "oidc_sub_#{System.unique_integer([:positive])}",
|
||||
|
|
@ -294,7 +294,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
|
|||
|
||||
changeset =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_rauthy, %{
|
||||
|> Ash.Changeset.for_create(:register_with_oidc, %{
|
||||
user_info: user_info,
|
||||
oauth_tokens: oauth_tokens
|
||||
})
|
||||
|
|
@ -306,7 +306,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
|
|||
assert user.oidc_id == user_info["sub"]
|
||||
end
|
||||
|
||||
test "sign_in_with_rauthy works without actor via AshAuthentication bypass" do
|
||||
test "sign_in_with_oidc works without actor via AshAuthentication bypass" do
|
||||
# First create a user with OIDC ID (using system_actor for setup)
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
|
|
@ -319,16 +319,16 @@ defmodule Mv.Accounts.UserPoliciesTest do
|
|||
|
||||
{:ok, user} =
|
||||
Accounts.User
|
||||
|> Ash.Changeset.for_create(:register_with_rauthy, %{
|
||||
|> Ash.Changeset.for_create(:register_with_oidc, %{
|
||||
user_info: user_info_create,
|
||||
oauth_tokens: oauth_tokens
|
||||
})
|
||||
|> Ash.create(actor: system_actor)
|
||||
|
||||
# Now test sign_in_with_rauthy without actor (should work via AshAuthentication bypass)
|
||||
# Now test sign_in_with_oidc without actor (should work via AshAuthentication bypass)
|
||||
query =
|
||||
Accounts.User
|
||||
|> Ash.Query.for_read(:sign_in_with_rauthy, %{
|
||||
|> Ash.Query.for_read(:sign_in_with_oidc, %{
|
||||
user_info: user_info_create,
|
||||
oauth_tokens: oauth_tokens
|
||||
})
|
||||
|
|
|
|||
|
|
@ -104,8 +104,8 @@ defmodule Mv.OidcRoleSyncTest do
|
|||
end
|
||||
end
|
||||
|
||||
# B3: Role sync after registration is implemented via after_action in register_with_rauthy.
|
||||
# Full integration tests (create_register_with_rauthy + assert role) are skipped: when the
|
||||
# B3: Role sync after registration is implemented via after_action in register_with_oidc.
|
||||
# Full integration tests (create_register_with_oidc + assert role) are skipped: when the
|
||||
# nested Ash.update! runs inside the create's after_action, authorization may evaluate in
|
||||
# the create context so set_role_from_oidc_sync bypass does not apply. Sync logic is covered
|
||||
# by the apply_admin_role_from_user_info tests above. B4 sign-in sync will also use that.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue