feat: improve oidc only mode

2026-03-16 17:14:54 +01:00 · 2026-03-16 17:14:54 +01:00 · 9b4f3b140c
commit 9b4f3b140c
parent a8d9fe6121
19 changed files with 330 additions and 43 deletions
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@ -318,7 +318,7 @@ defmodule MvWeb.AuthControllerTest do
        case result do
          {:error, {:redirect, %{to: to}}} ->
            refute to =~ "sign_in_with_token",
-              "Expected password sign-in to be rejected when OIDC-only, got redirect to: #{to}"
+                   "Expected password sign-in to be rejected when OIDC-only, got redirect to: #{to}"

          _ ->
            # LiveView re-rendered (e.g. with flash error) instead of redirecting to success
@ -336,6 +336,7 @@ defmodule MvWeb.AuthControllerTest do
      conn: authenticated_conn
    } do
      {:ok, settings} = Membership.get_settings()
+
      prev = %{
        oidc_only: settings.oidc_only,
        oidc_client_id: settings.oidc_client_id,
--- a/test/mv_web/plugs/check_page_permission_test.exs
+++ b/test/mv_web/plugs/check_page_permission_test.exs
@ -181,13 +181,14 @@ defmodule MvWeb.Plugs.CheckPagePermissionTest do
  end

  describe "unauthenticated user" do
-    test "nil current_user is denied and redirected to \"/sign-in\"" do
+    test "nil current_user is denied and redirected to \"/sign-in\" without access-denied flash" do
      conn = conn_without_user("/members") |> CheckPagePermission.call([])

      assert conn.halted
      assert redirected_to(conn) == "/sign-in"

-      assert Phoenix.Flash.get(conn.assigns[:flash] || %{}, :error) ==
+      # Unauthenticated users are redirected to sign-in only; no "no permission" message.
+      refute Phoenix.Flash.get(conn.assigns[:flash] || %{}, :error) ==
               "You don't have permission to access this page."
    end
  end