2026-04-07 16:28:48 +02:00
4 changed files with 51 additions and 13 deletions
--- a/mix.lock
+++ b/mix.lock
@ -11,7 +11,7 @@
  "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.3.2", "d50091e3c9492d73e17fc1e1619a9b09d6a5ef99160eb4d736926fd475a16ca3", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "471be5151874ae7931911057d1467d908955f93554f7a6cd1b7d804cac8cef53"},
  "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
  "bypass": {:hex, :bypass, "2.1.0", "909782781bf8e20ee86a9cabde36b259d44af8b9f38756173e8f5e2e1fabb9b1", [:mix], [{:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "d9b5df8fa5b7a6efa08384e9bbecfe4ce61c77d28a4282f79e02f1ef78d96b80"},
-  "castore": {:hex, :castore, "1.0.18", "5e43ef0ec7d31195dfa5a65a86e6131db999d074179d2ba5a8de11fe14570f55", [], [], "hexpm", "f393e4fe6317829b158fb74d86eb681f737d2fe326aa61ccf6293c4104957e34"},
+  "castore": {:hex, :castore, "1.0.18", "5e43ef0ec7d31195dfa5a65a86e6131db999d074179d2ba5a8de11fe14570f55", [:mix], [], "hexpm", "f393e4fe6317829b158fb74d86eb681f737d2fe326aa61ccf6293c4104957e34"},
  "cc_precompiler": {:hex, :cc_precompiler, "0.1.11", "8c844d0b9fb98a3edea067f94f616b3f6b29b959b6b3bf25fee94ffe34364768", [:mix], [{:elixir_make, "~> 0.7", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "3427232caf0835f94680e5bcf082408a70b48ad68a5f5c0b02a3bea9f3a075b9"},
  "cinder": {:hex, :cinder, "0.12.1", "02ae4988e025fb32c37e4e7f2e491586b952918c0dd99d856da13271cd680e16", [:mix], [{:ash, "~> 3.0", [hex: :ash, repo: "hexpm", optional: false]}, {:ash_phoenix, "~> 2.3", [hex: :ash_phoenix, repo: "hexpm", optional: false]}, {:gettext, "~> 1.0.0", [hex: :gettext, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 1.0", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:spark, "~> 2.0", [hex: :spark, repo: "hexpm", optional: false]}], "hexpm", "a48b5677c1f57619d9d7564fb2bd7928f93750a2e8c0b1b145852a30ecf2aa20"},
  "circular_buffer": {:hex, :circular_buffer, "1.0.0", "25c004da0cba7bd8bc1bdabded4f9a902d095e20600fd15faf1f2ffbaea18a07", [:mix], [], "hexpm", "c829ec31c13c7bafd1f546677263dff5bfb006e929f25635878ac3cfba8749e5"},
--- a/test/membership/join_request_submit_email_test.exs
+++ b/test/membership/join_request_submit_email_test.exs
@ -6,12 +6,14 @@ defmodule Mv.Membership.JoinRequestSubmitEmailTest do
  (to the request email, with confirm link). Uses Swoosh.Adapters.Test; no integration.
  Sender is wired in implementation; test fails until then (TDD).
  """
-  use Mv.DataCase, async: true
+  use Mv.DataCase, async: false

  import Swoosh.TestAssertions

  alias Mv.Membership

+  setup :set_swoosh_global
+
  @valid_submit_attrs %{
    email: "join#{System.unique_integer([:positive])}@example.com"
  }
--- a/test/mv/mailer_test.exs
+++ b/test/mv/mailer_test.exs
@ -5,12 +5,14 @@ defmodule Mv.MailerTest do
  Uses Swoosh.Adapters.Test (configured in test.exs); no real SMTP. Asserts
  success/error contract and that one test email is sent on success.
  """
-  use Mv.DataCase, async: true
+  use Mv.DataCase, async: false

  import Swoosh.TestAssertions

  alias Mv.Mailer

+  setup :set_swoosh_global
+
  describe "send_test_email/1" do
    test "returns {:ok, email} and sends one email with expected subject/body when successful" do
      to_email = "test-#{System.unique_integer([:positive])}@example.com"
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@ -286,16 +286,33 @@ defmodule MvWeb.AuthControllerTest do
  describe "when OIDC-only is enabled" do
    setup %{conn: authenticated_conn} do
      {:ok, settings} = Membership.get_settings()
-      original_oidc_only = Map.get(settings, :oidc_only, false)
-      {:ok, _} = Membership.update_settings(settings, %{oidc_only: true})
+
+      prev = %{
+        oidc_only: settings.oidc_only,
+        oidc_client_id: settings.oidc_client_id,
+        oidc_base_url: settings.oidc_base_url,
+        oidc_redirect_uri: settings.oidc_redirect_uri,
+        oidc_client_secret: settings.oidc_client_secret
+      }
+
+      # OIDC must be cleared so GET /sign-in is not redirected by OidcOnlySignInRedirect
+      # (seeds may leave a full OIDC config). Rejection is enforced in AuthController.success/4.
+      {:ok, _} =
+        Membership.update_settings(settings, %{
+          oidc_only: true,
+          oidc_client_id: nil,
+          oidc_base_url: nil,
+          oidc_redirect_uri: nil,
+          oidc_client_secret: nil
+        })

      conn = build_unauthenticated_conn(authenticated_conn)
-      {:ok, conn: conn, original_oidc_only: original_oidc_only}
+      {:ok, conn: conn, original_sign_in_settings: prev}
    end

    test "password sign-in is rejected and redirects to sign-in with error", %{
      conn: conn,
-      original_oidc_only: original
+      original_sign_in_settings: prev
    } do
      try do
        _user =
@ -326,7 +343,7 @@ defmodule MvWeb.AuthControllerTest do
        end
      after
        {:ok, s} = Membership.get_settings()
-        Membership.update_settings(s, %{oidc_only: original})
+        Membership.update_settings(s, prev)
      end
    end
  end
@ -341,7 +358,8 @@ defmodule MvWeb.AuthControllerTest do
        oidc_only: settings.oidc_only,
        oidc_client_id: settings.oidc_client_id,
        oidc_base_url: settings.oidc_base_url,
-        oidc_redirect_uri: settings.oidc_redirect_uri
+        oidc_redirect_uri: settings.oidc_redirect_uri,
+        oidc_client_secret: settings.oidc_client_secret
      }

      {:ok, _} =
@ -372,7 +390,8 @@ defmodule MvWeb.AuthControllerTest do
        oidc_only: settings.oidc_only,
        oidc_client_id: settings.oidc_client_id,
        oidc_base_url: settings.oidc_base_url,
-        oidc_redirect_uri: settings.oidc_redirect_uri
+        oidc_redirect_uri: settings.oidc_redirect_uri,
+        oidc_client_secret: settings.oidc_client_secret
      }

      {:ok, _} =
@ -398,8 +417,23 @@ defmodule MvWeb.AuthControllerTest do

    test "returns 200 when OIDC-only but OIDC not configured", %{conn: authenticated_conn} do
      {:ok, settings} = Membership.get_settings()
-      original_oidc_only = Map.get(settings, :oidc_only, false)
-      {:ok, _} = Membership.update_settings(settings, %{oidc_only: true})
+
+      prev = %{
+        oidc_only: settings.oidc_only,
+        oidc_client_id: settings.oidc_client_id,
+        oidc_base_url: settings.oidc_base_url,
+        oidc_redirect_uri: settings.oidc_redirect_uri,
+        oidc_client_secret: settings.oidc_client_secret
+      }
+
+      {:ok, _} =
+        Membership.update_settings(settings, %{
+          oidc_only: true,
+          oidc_client_id: nil,
+          oidc_base_url: nil,
+          oidc_redirect_uri: nil,
+          oidc_client_secret: nil
+        })

      try do
        conn = build_unauthenticated_conn(authenticated_conn)
@ -407,7 +441,7 @@ defmodule MvWeb.AuthControllerTest do
        assert conn.status == 200
      after
        {:ok, s} = Membership.get_settings()
-        Membership.update_settings(s, %{oidc_only: original_oidc_only})
+        Membership.update_settings(s, prev)
      end
    end