Rename OIDC strategy from :rauthy to :oidc, update callback path
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
This commit is contained in:
parent
c637b6b84f
commit
339d37937a
GPG key ID:
1020A035E5DD0824
25 changed files with 134 additions and 135 deletions
|
|
@ -24,11 +24,11 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
"preferred_username" => "existing@example.com"
|
||||
}
|
||||
|
||||
# Test sign_in_with_rauthy action directly
|
||||
# Test sign_in_with_oidc action directly
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.read_sign_in_with_rauthy(
|
||||
Mv.Accounts.read_sign_in_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -48,17 +48,17 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
assert found_user.oidc_id == "existing_oidc_123"
|
||||
end
|
||||
|
||||
test "new OIDC user gets created via register_with_rauthy" do
|
||||
test "new OIDC user gets created via register_with_oidc" do
|
||||
# Simulate OIDC callback for completely new user
|
||||
user_info = %{
|
||||
"sub" => "brand_new_oidc_456",
|
||||
"preferred_username" => "newuser@example.com"
|
||||
}
|
||||
|
||||
# Test register_with_rauthy action
|
||||
# Test register_with_oidc action
|
||||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
case Mv.Accounts.create_register_with_rauthy(
|
||||
case Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -78,7 +78,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
|
||||
describe "OIDC sign-in security tests" do
|
||||
@tag :test_proposal
|
||||
test "sign_in_with_rauthy does NOT match user with only email (no oidc_id)" do
|
||||
test "sign_in_with_oidc does NOT match user with only email (no oidc_id)" do
|
||||
# SECURITY TEST: Ensure password-only users cannot be accessed via OIDC
|
||||
# Create a password-only user (no oidc_id)
|
||||
_password_user =
|
||||
|
|
@ -98,7 +98,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.read_sign_in_with_rauthy(
|
||||
Mv.Accounts.read_sign_in_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -123,7 +123,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
end
|
||||
|
||||
@tag :test_proposal
|
||||
test "sign_in_with_rauthy only matches when oidc_id matches" do
|
||||
test "sign_in_with_oidc only matches when oidc_id matches" do
|
||||
# Create user with specific OIDC ID
|
||||
user =
|
||||
create_test_user(%{
|
||||
|
|
@ -140,7 +140,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.read_sign_in_with_rauthy(
|
||||
Mv.Accounts.read_sign_in_with_oidc(
|
||||
%{
|
||||
user_info: correct_user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -164,7 +164,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
}
|
||||
|
||||
result =
|
||||
Mv.Accounts.read_sign_in_with_rauthy(
|
||||
Mv.Accounts.read_sign_in_with_oidc(
|
||||
%{
|
||||
user_info: wrong_user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -189,7 +189,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
end
|
||||
|
||||
@tag :test_proposal
|
||||
test "sign_in_with_rauthy does not match user with empty string oidc_id" do
|
||||
test "sign_in_with_oidc does not match user with empty string oidc_id" do
|
||||
# Edge case: empty string should be treated like nil
|
||||
_user =
|
||||
create_test_user(%{
|
||||
|
|
@ -205,7 +205,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.read_sign_in_with_rauthy(
|
||||
Mv.Accounts.read_sign_in_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -248,7 +248,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.create_register_with_rauthy(
|
||||
Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -284,7 +284,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.create_register_with_rauthy(
|
||||
Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -308,7 +308,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
result =
|
||||
Mv.Accounts.create_register_with_rauthy(
|
||||
Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -338,7 +338,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
{:ok, user} =
|
||||
Mv.Accounts.create_register_with_rauthy(
|
||||
Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
@ -360,7 +360,7 @@ defmodule MvWeb.OidcIntegrationTest do
|
|||
system_actor = Mv.Helpers.SystemActor.get_system_actor()
|
||||
|
||||
{:ok, user} =
|
||||
Mv.Accounts.create_register_with_rauthy(
|
||||
Mv.Accounts.create_register_with_oidc(
|
||||
%{
|
||||
user_info: user_info,
|
||||
oauth_tokens: %{}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue