mirror of
https://github.com/we-promise/sure.git
synced 2026-04-17 19:14:11 +00:00
768e85ce08
* Add OpenID Connect login support * Add docs for OIDC config with Google Auth * Use Google styles for log in - Add support for linking existing account - Force users to sign-in with passoword first, when linking existing accounts - Add support to create new user when using OIDC - Add identities to user to prevent account take-ver - Make tests mocking instead of being integration tests - Manage session handling correctly - use OmniAuth.config.mock_auth instead of passing auth data via request env * Conditionally render Oauth button - Set a config item `configuration.x.auth.oidc_enabled` - Hide button if disabled --------- Signed-off-by: Juan José Mata <juanjo.mata@gmail.com> Signed-off-by: soky srm <sokysrm@gmail.com> Co-authored-by: sokie <sokysrm@gmail.com>
82 lines
2.2 KiB
Ruby
82 lines
2.2 KiB
Ruby
require "test_helper"
|
|
|
|
class OidcIdentityTest < ActiveSupport::TestCase
|
|
setup do
|
|
@user = users(:family_admin)
|
|
@oidc_identity = oidc_identities(:bob_google)
|
|
end
|
|
|
|
test "belongs to user" do
|
|
assert_equal @user, @oidc_identity.user
|
|
end
|
|
|
|
test "validates presence of provider" do
|
|
@oidc_identity.provider = nil
|
|
assert_not @oidc_identity.valid?
|
|
assert_includes @oidc_identity.errors[:provider], "can't be blank"
|
|
end
|
|
|
|
test "validates presence of uid" do
|
|
@oidc_identity.uid = nil
|
|
assert_not @oidc_identity.valid?
|
|
assert_includes @oidc_identity.errors[:uid], "can't be blank"
|
|
end
|
|
|
|
test "validates presence of user_id" do
|
|
@oidc_identity.user_id = nil
|
|
assert_not @oidc_identity.valid?
|
|
assert_includes @oidc_identity.errors[:user_id], "can't be blank"
|
|
end
|
|
|
|
test "validates uniqueness of uid scoped to provider" do
|
|
duplicate = OidcIdentity.new(
|
|
user: users(:family_member),
|
|
provider: @oidc_identity.provider,
|
|
uid: @oidc_identity.uid
|
|
)
|
|
|
|
assert_not duplicate.valid?
|
|
assert_includes duplicate.errors[:uid], "has already been taken"
|
|
end
|
|
|
|
test "allows same uid for different providers" do
|
|
different_provider = OidcIdentity.new(
|
|
user: users(:family_member),
|
|
provider: "different_provider",
|
|
uid: @oidc_identity.uid
|
|
)
|
|
|
|
assert different_provider.valid?
|
|
end
|
|
|
|
test "records authentication timestamp" do
|
|
old_timestamp = @oidc_identity.last_authenticated_at
|
|
travel_to 1.hour.from_now do
|
|
@oidc_identity.record_authentication!
|
|
assert @oidc_identity.last_authenticated_at > old_timestamp
|
|
end
|
|
end
|
|
|
|
test "creates from omniauth hash" do
|
|
auth = OmniAuth::AuthHash.new({
|
|
provider: "google_oauth2",
|
|
uid: "google-123456",
|
|
info: {
|
|
email: "test@example.com",
|
|
name: "Test User",
|
|
first_name: "Test",
|
|
last_name: "User"
|
|
}
|
|
})
|
|
|
|
identity = OidcIdentity.create_from_omniauth(auth, @user)
|
|
|
|
assert identity.persisted?
|
|
assert_equal "google_oauth2", identity.provider
|
|
assert_equal "google-123456", identity.uid
|
|
assert_equal "test@example.com", identity.info["email"]
|
|
assert_equal "Test User", identity.info["name"]
|
|
assert_equal @user, identity.user
|
|
end
|
|
end
|