local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions

Merge branch 'main' into feat/299_plz
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/promote/production Build is failing
Details

Browse source
This commit is contained in:
carla 2026-02-24 15:38:50 +01:00
commit c8d7dd3e55
36 changed files with 250 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/mv/accounts/user_policies_test.exs
View file

@ -283,7 +283,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
assert user_with_role.role.name == "Mitglied"
end
test "register_with_rauthy works without actor via AshAuthentication bypass" do
test "register_with_oidc works without actor via AshAuthentication bypass" do
# Test that AshAuthentication bypass allows OIDC registration without actor
user_info = %{
"sub" => "oidc_sub_#{System.unique_integer([:positive])}",
@ -294,7 +294,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
changeset =
Accounts.User
|> Ash.Changeset.for_create(:register_with_rauthy, %{
|> Ash.Changeset.for_create(:register_with_oidc, %{
user_info: user_info,
oauth_tokens: oauth_tokens
})
@ -306,7 +306,7 @@ defmodule Mv.Accounts.UserPoliciesTest do
assert user.oidc_id == user_info["sub"]
end
test "sign_in_with_rauthy works without actor via AshAuthentication bypass" do
test "sign_in_with_oidc works without actor via AshAuthentication bypass" do
# First create a user with OIDC ID (using system_actor for setup)
system_actor = Mv.Helpers.SystemActor.get_system_actor()
@ -319,16 +319,16 @@ defmodule Mv.Accounts.UserPoliciesTest do
{:ok, user} =
Accounts.User
|> Ash.Changeset.for_create(:register_with_rauthy, %{
|> Ash.Changeset.for_create(:register_with_oidc, %{
user_info: user_info_create,
oauth_tokens: oauth_tokens
})
|> Ash.create(actor: system_actor)
# Now test sign_in_with_rauthy without actor (should work via AshAuthentication bypass)
# Now test sign_in_with_oidc without actor (should work via AshAuthentication bypass)
query =
Accounts.User
|> Ash.Query.for_read(:sign_in_with_rauthy, %{
|> Ash.Query.for_read(:sign_in_with_oidc, %{
user_info: user_info_create,
oauth_tokens: oauth_tokens
})

4
test/mv/oidc_role_sync_test.exs
View file

@ -104,8 +104,8 @@ defmodule Mv.OidcRoleSyncTest do
end
end
# B3: Role sync after registration is implemented via after_action in register_with_rauthy.
# Full integration tests (create_register_with_rauthy + assert role) are skipped: when the
# B3: Role sync after registration is implemented via after_action in register_with_oidc.
# Full integration tests (create_register_with_oidc + assert role) are skipped: when the
# nested Ash.update! runs inside the create's after_action, authorization may evaluate in
# the create context so set_role_from_oidc_sync bypass does not apply. Sync logic is covered
# by the apply_admin_role_from_user_info tests above. B4 sign-in sync will also use that.