Merge branch 'main' into feat/299_plz
This commit is contained in:
commit
bfc078d5aa
45 changed files with 2187 additions and 425 deletions
|
|
@ -1,21 +1,22 @@
|
|||
defmodule Mv.OidcRoleSyncConfigTest do
|
||||
@moduledoc """
|
||||
Tests for OIDC role sync configuration (OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM).
|
||||
Reads via Mv.Config (ENV first, then Settings).
|
||||
"""
|
||||
use ExUnit.Case, async: false
|
||||
use Mv.DataCase, async: false
|
||||
|
||||
alias Mv.OidcRoleSyncConfig
|
||||
|
||||
describe "oidc_admin_group_name/0" do
|
||||
test "returns nil when OIDC_ADMIN_GROUP_NAME is not configured" do
|
||||
restore = put_config(admin_group_name: nil)
|
||||
restore = clear_env("OIDC_ADMIN_GROUP_NAME")
|
||||
on_exit(restore)
|
||||
|
||||
assert OidcRoleSyncConfig.oidc_admin_group_name() == nil
|
||||
end
|
||||
|
||||
test "returns configured admin group name when set" do
|
||||
restore = put_config(admin_group_name: "mila-admin")
|
||||
test "returns configured admin group name when set via ENV" do
|
||||
restore = set_env("OIDC_ADMIN_GROUP_NAME", "mila-admin")
|
||||
on_exit(restore)
|
||||
|
||||
assert OidcRoleSyncConfig.oidc_admin_group_name() == "mila-admin"
|
||||
|
|
@ -24,26 +25,35 @@ defmodule Mv.OidcRoleSyncConfigTest do
|
|||
|
||||
describe "oidc_groups_claim/0" do
|
||||
test "returns default \"groups\" when OIDC_GROUPS_CLAIM is not configured" do
|
||||
restore = put_config(groups_claim: nil)
|
||||
restore = clear_env("OIDC_GROUPS_CLAIM")
|
||||
on_exit(restore)
|
||||
|
||||
assert OidcRoleSyncConfig.oidc_groups_claim() == "groups"
|
||||
end
|
||||
|
||||
test "returns configured claim name when OIDC_GROUPS_CLAIM is set" do
|
||||
restore = put_config(groups_claim: "ak_groups")
|
||||
test "returns configured claim name when OIDC_GROUPS_CLAIM is set via ENV" do
|
||||
restore = set_env("OIDC_GROUPS_CLAIM", "ak_groups")
|
||||
on_exit(restore)
|
||||
|
||||
assert OidcRoleSyncConfig.oidc_groups_claim() == "ak_groups"
|
||||
end
|
||||
end
|
||||
|
||||
defp put_config(opts) do
|
||||
current = Application.get_env(:mv, :oidc_role_sync, [])
|
||||
Application.put_env(:mv, :oidc_role_sync, Keyword.merge(current, opts))
|
||||
defp set_env(key, value) do
|
||||
previous = System.get_env(key)
|
||||
System.put_env(key, value)
|
||||
|
||||
fn ->
|
||||
Application.put_env(:mv, :oidc_role_sync, current)
|
||||
if previous, do: System.put_env(key, previous), else: System.delete_env(key)
|
||||
end
|
||||
end
|
||||
|
||||
defp clear_env(key) do
|
||||
previous = System.get_env(key)
|
||||
System.delete_env(key)
|
||||
|
||||
fn ->
|
||||
if previous, do: System.put_env(key, previous)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -12,14 +12,14 @@ defmodule Mv.OidcRoleSyncTest do
|
|||
|
||||
setup do
|
||||
ensure_roles_exist()
|
||||
restore_config = put_oidc_config(admin_group_name: "mila-admin", groups_claim: "groups")
|
||||
restore_config = put_oidc_env(admin_group_name: "mila-admin", groups_claim: "groups")
|
||||
on_exit(restore_config)
|
||||
:ok
|
||||
end
|
||||
|
||||
describe "apply_admin_role_from_user_info/2" do
|
||||
test "when OIDC_ADMIN_GROUP_NAME not configured: does not change user (Mitglied stays)" do
|
||||
restore = put_oidc_config(admin_group_name: nil, groups_claim: "groups")
|
||||
restore = put_oidc_env(admin_group_name: nil, groups_claim: "groups")
|
||||
on_exit(restore)
|
||||
|
||||
email = "sync-no-config-#{System.unique_integer([:positive])}@test.example.com"
|
||||
|
|
@ -58,7 +58,7 @@ defmodule Mv.OidcRoleSyncTest do
|
|||
end
|
||||
|
||||
test "when OIDC_GROUPS_CLAIM is different: reads groups from that claim" do
|
||||
restore = put_oidc_config(admin_group_name: "mila-admin", groups_claim: "ak_groups")
|
||||
restore = put_oidc_env(admin_group_name: "mila-admin", groups_claim: "ak_groups")
|
||||
on_exit(restore)
|
||||
|
||||
email = "sync-claim-#{System.unique_integer([:positive])}@test.example.com"
|
||||
|
|
@ -131,13 +131,30 @@ defmodule Mv.OidcRoleSyncTest do
|
|||
end
|
||||
end
|
||||
|
||||
defp put_oidc_config(opts) do
|
||||
current = Application.get_env(:mv, :oidc_role_sync, [])
|
||||
merged = Keyword.merge(current, opts)
|
||||
Application.put_env(:mv, :oidc_role_sync, merged)
|
||||
defp put_oidc_env(opts) do
|
||||
prev_admin = System.get_env("OIDC_ADMIN_GROUP_NAME")
|
||||
prev_claim = System.get_env("OIDC_GROUPS_CLAIM")
|
||||
|
||||
if opts[:admin_group_name] != nil do
|
||||
System.put_env("OIDC_ADMIN_GROUP_NAME", to_string(opts[:admin_group_name]))
|
||||
else
|
||||
System.delete_env("OIDC_ADMIN_GROUP_NAME")
|
||||
end
|
||||
|
||||
if opts[:groups_claim] != nil do
|
||||
System.put_env("OIDC_GROUPS_CLAIM", to_string(opts[:groups_claim]))
|
||||
else
|
||||
System.delete_env("OIDC_GROUPS_CLAIM")
|
||||
end
|
||||
|
||||
fn ->
|
||||
Application.put_env(:mv, :oidc_role_sync, current)
|
||||
if prev_admin,
|
||||
do: System.put_env("OIDC_ADMIN_GROUP_NAME", prev_admin),
|
||||
else: System.delete_env("OIDC_ADMIN_GROUP_NAME")
|
||||
|
||||
if prev_claim,
|
||||
do: System.put_env("OIDC_GROUPS_CLAIM", prev_claim),
|
||||
else: System.delete_env("OIDC_GROUPS_CLAIM")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue