Improve unit test to check that RP rule is working

2021-09-01 17:28:37 +02:00 · 2021-09-01 17:28:37 +02:00 · 128ab23246
commit 128ab23246
parent 7dabb0b896
1 changed files with 21 additions and 3 deletions
--- a/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
+++ b/lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
@ -105,7 +105,24 @@ ok( $res = $op->_get( $url, query => $query, accept => 'text/html' ),
 count(1);
 expectOK($res);

-# Try to authenticate to OP
+# Try to authenticate to OP with unallowed user
+my $failquery = "user=rtyler&password=rtyler&$query";
+ok(
+    $res = $op->_post(
+        $url,
+        IO::String->new($failquery),
+        accept => 'text/html',
+        length => length($failquery),
+    ),
+    "Post authentication,        endpoint $url"
+);
+count(1);
+my $idpId = expectCookie($res);
+
+# Should be denied by rule
+expectPortalError( $res, 84 );
+
+# Try to authenticate to OP with allowed user
 $query = "user=french&password=french&$query";
 ok(
    $res = $op->_post(
@ -117,7 +134,7 @@ ok(
    "Post authentication,        endpoint $url"
 );
 count(1);
-my $idpId = expectCookie($res);
+$idpId = expectCookie($res);
 my ( $host, $tmp );
 ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' );

@ -334,7 +351,8 @@ sub op {
                        oidcRPMetaDataOptionsUserIDAttr        => "",
                        oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
                        oidcRPMetaDataOptionsPostLogoutRedirectUris =>
-                          "http://auth.rp.com/?logout=1"
+                          "http://auth.rp.com/?logout=1",
+                        oidcRPMetaDataOptionsRule => '$uid eq "french"',
                    }
                },
                oidcOPMetaDataOptions           => {},