local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Fix missing actor parameters and restore AshAuthentication bypass tests
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Moritz 2026-01-24 08:38:33 +01:00
parent 15a7c615d6
commit 71c13d0ac0
Signed by: moritz
GPG key ID: 1020A035E5DD0824
5 changed files with 50 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

45
test/mv/accounts/user_policies_test.exs
View file

@ -343,29 +343,24 @@ defmodule Mv.Accounts.UserPoliciesTest do
end
describe "AshAuthentication bypass" do
test "register_with_password works with system actor" do
# Registration should work (AshAuthentication bypass in production)
# Note: When directly calling Ash actions in tests, the AshAuthentication bypass
# may not be active, so we use system_actor to test the functionality
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{:ok, user} =
test "register_with_password works without actor via AshAuthentication bypass" do
# Test that AshAuthentication bypass allows registration without actor
# This tests the actual bypass mechanism, not admin permissions
changeset =
Accounts.User
|> Ash.Changeset.for_create(:register_with_password, %{
email: "register#{System.unique_integer([:positive])}@example.com",
password: "testpassword123"
})
|> Ash.create(actor: system_actor)
|> Ash.Changeset.set_context(%{private: %{ash_authentication?: true}})
{:ok, user} = Ash.create(changeset)
assert user.email
end
test "register_with_rauthy works with OIDC user_info" do
# OIDC registration should work (AshAuthentication bypass in production)
# Note: When directly calling Ash actions in tests, the AshAuthentication bypass
# may not be active, so we use system_actor to test the functionality
system_actor = Mv.Helpers.SystemActor.get_system_actor()
test "register_with_rauthy works without actor via AshAuthentication bypass" do
# Test that AshAuthentication bypass allows OIDC registration without actor
user_info = %{
"sub" => "oidc_sub_#{System.unique_integer([:positive])}",
"email" => "oidc#{System.unique_integer([:positive])}@example.com"
@ -373,20 +368,24 @@ defmodule Mv.Accounts.UserPoliciesTest do
oauth_tokens = %{access_token: "token", refresh_token: "refresh"}
{:ok, user} =
changeset =
Accounts.User
|> Ash.Changeset.for_create(:register_with_rauthy, %{
user_info: user_info,
oauth_tokens: oauth_tokens
})
|> Ash.create(actor: system_actor)
|> Ash.Changeset.set_context(%{private: %{ash_authentication?: true}})
{:ok, user} = Ash.create(changeset)
assert user.email
assert user.oidc_id == user_info["sub"]
end
test "sign_in_with_rauthy works with OIDC user_info" do
# First create a user with OIDC ID
test "sign_in_with_rauthy works without actor via AshAuthentication bypass" do
# First create a user with OIDC ID (using system_actor for setup)
system_actor = Mv.Helpers.SystemActor.get_system_actor()
user_info_create = %{
"sub" => "oidc_sub_#{System.unique_integer([:positive])}",
"email" => "oidc#{System.unique_integer([:positive])}@example.com"
@ -394,8 +393,6 @@ defmodule Mv.Accounts.UserPoliciesTest do
oauth_tokens = %{access_token: "token", refresh_token: "refresh"}
system_actor = Mv.Helpers.SystemActor.get_system_actor()
{:ok, user} =
Accounts.User
|> Ash.Changeset.for_create(:register_with_rauthy, %{
@ -404,14 +401,16 @@ defmodule Mv.Accounts.UserPoliciesTest do
})
|> Ash.create(actor: system_actor)
# Now test sign_in_with_rauthy (should work via AshAuthentication bypass)
{:ok, signed_in_user} =
# Now test sign_in_with_rauthy without actor (should work via AshAuthentication bypass)
query =
Accounts.User
|> Ash.Query.for_read(:sign_in_with_rauthy, %{
user_info: user_info_create,
oauth_tokens: oauth_tokens
})
|> Ash.read_one(actor: system_actor)
|> Ash.Query.set_context(%{private: %{ash_authentication?: true}})
{:ok, signed_in_user} = Ash.read_one(query)
assert signed_in_user.id == user.id
end