QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-05-09 05:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): surface exact OIDC issuer mismatches (#1666)

Browse Source 
* fix(auth): surface exact OIDC issuer mismatches

* fix(auth): align issuer mismatch hint with tests

---------

Co-authored-by: SureBot <sure-bot@we-promise.com>
This commit is contained in:
Sure Admin (bot)
2026-05-05 00:47:45 +02:00
committed by GitHub
parent a108e6501e
commit 0954200ad4
3 changed files with 61 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
test/models/sso_provider_tester_test.rb Normal file
View File

@@ -0,0 +1,34 @@
require "test_helper"
class SsoProviderTesterTest < ActiveSupport::TestCase
test "oidc discovery requires exact issuer match" do
provider = SsoProvider.new(
strategy: "openid_connect",
name: "pocket_id",
label: "Pocket ID",
issuer: "https://pocketid.example.com/",
client_id: "client-id",
client_secret: "secret"
)
response = stub(status: 200, success?: true, body: {
issuer: "https://pocketid.example.com",
authorization_endpoint: "https://pocketid.example.com/authorize",
token_endpoint: "https://pocketid.example.com/api/oidc/token"
}.to_json)
client = stub
client.stubs(:get).returns(response)
tester = SsoProviderTester.new(provider)
tester.stubs(:faraday_client).returns(client)
result = tester.test!
assert_not result.success?
assert_includes result.message, "Issuer mismatch"
assert_includes result.message, "trailing slash mismatch"
assert_equal "https://pocketid.example.com/", result.details[:expected]
assert_equal "https://pocketid.example.com", result.details[:actual]
end
end