Tests: accept single user or list from read_sign_in_with_rauthy (get? true)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Handle {:ok, user}, {:ok, nil} in addition to {:ok, [user]}, {:ok, []}.
This commit is contained in:
parent
58a5b086ad
commit
d573a22769
4 changed files with 80 additions and 8 deletions
|
|
@ -83,6 +83,25 @@ defmodule Mv.OidcRoleSyncTest do
|
|||
{:ok, after_user} = get_user(user1.id)
|
||||
assert after_user.role_id == mitglied_role_id()
|
||||
end
|
||||
|
||||
test "when user_info has no groups, groups are read from access_token JWT (e.g. Rauthy)" do
|
||||
email = "sync-from-token-#{System.unique_integer([:positive])}@test.example.com"
|
||||
{:ok, user} = create_user_with_mitglied(email)
|
||||
user_info = %{"sub" => "oidc-123"}
|
||||
|
||||
# Minimal JWT: header.payload.signature with "groups" in payload (Rauthy puts groups in access_token)
|
||||
payload = Jason.encode!(%{"groups" => ["mila-admin"], "sub" => "oidc-123"})
|
||||
payload_b64 = Base.url_encode64(payload, padding: false)
|
||||
header_b64 = Base.url_encode64("{\"alg\":\"HS256\",\"typ\":\"JWT\"}", padding: false)
|
||||
sig_b64 = Base.url_encode64("sig", padding: false)
|
||||
access_token = "#{header_b64}.#{payload_b64}.#{sig_b64}"
|
||||
oauth_tokens = %{"access_token" => access_token}
|
||||
|
||||
assert :ok = OidcRoleSync.apply_admin_role_from_user_info(user, user_info, oauth_tokens)
|
||||
|
||||
{:ok, after_user} = get_user(user.id)
|
||||
assert after_user.role_id == admin_role_id()
|
||||
end
|
||||
end
|
||||
|
||||
# B3: Role sync after registration is implemented via after_action in register_with_rauthy.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue