chore: update to Go 1.24, improve oauth admin mapping tests

2025-09-14 06:51:15 +00:00 · 2025-02-27 22:32:11 +01:00
parent 66ccdc29e9
commit f7d7038829
6 changed files with 200 additions and 30 deletions
--- a/internal/app/auth/oauth_common_test.go
+++ b/internal/app/auth/oauth_common_test.go
@@ -9,7 +9,48 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func Test_parseOauthUserInfo(t *testing.T) {
+func Test_parseOauthUserInfo_no_admin(t *testing.T) {
+	userInfoStr := `
+{
+  "at_hash": "REDACTED",
+  "aud": "REDACTED",
+  "c_hash": "REDACTED",
+  "email": "test@mydomain.net",
+  "email_verified": true,
+  "exp": 1737404259,
+  "iat": 1737317859,
+  "iss": "https://dex.mydomain.net",
+  "name": "Test User",
+  "nonce": "REDACTED",
+  "sub": "REDACTED"
+}
+`
+
+	userInfo := map[string]interface{}{}
+	err := json.Unmarshal([]byte(userInfoStr), &userInfo)
+	require.NoError(t, err)
+
+	fieldMapping := getOauthFieldMapping(config.OauthFields{
+		BaseFields: config.BaseFields{
+			UserIdentifier: "email",
+			Email:          "email",
+			Firstname:      "name",
+			Lastname:       "family_name",
+		},
+		IsAdmin:    "is_admin",
+		UserGroups: "groups",
+	})
+	adminMapping := &config.OauthAdminMapping{}
+
+	info, err := parseOauthUserInfo(fieldMapping, adminMapping, userInfo)
+	assert.NoError(t, err)
+	assert.False(t, info.IsAdmin)
+	assert.Equal(t, info.Firstname, "Test User")
+	assert.Equal(t, info.Lastname, "")
+	assert.Equal(t, info.Email, "test@mydomain.net")
+}
+
+func Test_parseOauthUserInfo_admin_group(t *testing.T) {
 	userInfoStr := `
 {
  "at_hash": "REDACTED",
@@ -55,3 +96,87 @@ func Test_parseOauthUserInfo(t *testing.T) {
 	assert.Equal(t, info.Lastname, "")
 	assert.Equal(t, info.Email, "test@mydomain.net")
 }
+
+func Test_parseOauthUserInfo_admin_value(t *testing.T) {
+	userInfoStr := `
+{
+  "at_hash": "REDACTED",
+  "aud": "REDACTED",
+  "c_hash": "REDACTED",
+  "email": "test@mydomain.net",
+  "email_verified": true,
+  "exp": 1737404259,
+  "is_admin": "true",
+  "iat": 1737317859,
+  "iss": "https://dex.mydomain.net",
+  "name": "Test User",
+  "nonce": "REDACTED",
+  "sub": "REDACTED"
+}
+`
+
+	userInfo := map[string]interface{}{}
+	err := json.Unmarshal([]byte(userInfoStr), &userInfo)
+	require.NoError(t, err)
+
+	fieldMapping := getOauthFieldMapping(config.OauthFields{
+		BaseFields: config.BaseFields{
+			UserIdentifier: "email",
+			Email:          "email",
+			Firstname:      "name",
+			Lastname:       "family_name",
+		},
+		IsAdmin: "is_admin",
+	})
+	adminMapping := &config.OauthAdminMapping{} // test with default regex
+
+	info, err := parseOauthUserInfo(fieldMapping, adminMapping, userInfo)
+	assert.NoError(t, err)
+	assert.True(t, info.IsAdmin)
+	assert.Equal(t, info.Firstname, "Test User")
+	assert.Equal(t, info.Lastname, "")
+	assert.Equal(t, info.Email, "test@mydomain.net")
+}
+
+func Test_parseOauthUserInfo_admin_value_custom(t *testing.T) {
+	userInfoStr := `
+{
+  "at_hash": "REDACTED",
+  "aud": "REDACTED",
+  "c_hash": "REDACTED",
+  "email": "test@mydomain.net",
+  "email_verified": true,
+  "exp": 1737404259,
+  "is_admin": 1,
+  "iat": 1737317859,
+  "iss": "https://dex.mydomain.net",
+  "name": "Test User",
+  "nonce": "REDACTED",
+  "sub": "REDACTED"
+}
+`
+
+	userInfo := map[string]interface{}{}
+	err := json.Unmarshal([]byte(userInfoStr), &userInfo)
+	require.NoError(t, err)
+
+	fieldMapping := getOauthFieldMapping(config.OauthFields{
+		BaseFields: config.BaseFields{
+			UserIdentifier: "email",
+			Email:          "email",
+			Firstname:      "name",
+			Lastname:       "family_name",
+		},
+		IsAdmin: "is_admin",
+	})
+	adminMapping := &config.OauthAdminMapping{
+		AdminValueRegex: "^1$",
+	}
+
+	info, err := parseOauthUserInfo(fieldMapping, adminMapping, userInfo)
+	assert.NoError(t, err)
+	assert.True(t, info.IsAdmin)
+	assert.Equal(t, info.Firstname, "Test User")
+	assert.Equal(t, info.Lastname, "")
+	assert.Equal(t, info.Email, "test@mydomain.net")
+}