Unit tests for #2622
This commit is contained in:
parent
fe4172a50a
commit
400fe0626a
|
@ -51,6 +51,21 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
oidcRPMetaDataOptionsRule => '$_scope =~ /\bread\b/',
|
||||
},
|
||||
scopelessrp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsClientID => "scopelessrp",
|
||||
oidcRPMetaDataOptionsAllowOffline => 1,
|
||||
oidcRPMetaDataOptionsAllowClientCredentialsGrant => 1,
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsRefreshToken => 1,
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
oidcRPMetaDataOptionsRule => '',
|
||||
},
|
||||
pubrp => {
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsAllowClientCredentialsGrant => 1,
|
||||
|
@ -103,6 +118,13 @@ my $badquery2 = buildForm( {
|
|||
}
|
||||
);
|
||||
|
||||
my $badquery3 = buildForm( {
|
||||
client_id => 'scopelessrp',
|
||||
client_secret => 'rpsecret',
|
||||
grant_type => 'client_credentials',
|
||||
}
|
||||
);
|
||||
|
||||
my $goodquery = buildForm( {
|
||||
client_id => 'rpid',
|
||||
client_secret => 'rpsecret',
|
||||
|
@ -129,6 +151,15 @@ $res = $op->_post(
|
|||
);
|
||||
expectBadRequest($res);
|
||||
|
||||
## Test empty scope
|
||||
$res = $op->_post(
|
||||
"/oauth2/token",
|
||||
IO::String->new($badquery3),
|
||||
accept => 'application/json',
|
||||
length => length($badquery3),
|
||||
);
|
||||
expectReject($res, 400, "invalid_scope");
|
||||
|
||||
## Test a confidential RP
|
||||
$res = $op->_post(
|
||||
"/oauth2/token",
|
||||
|
|
|
@ -37,6 +37,21 @@ my $op = LLNG::Manager::Test->new( {
|
|||
}
|
||||
},
|
||||
oidcRPMetaDataOptions => {
|
||||
scopelessrp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsClientID => "scopelessrp",
|
||||
oidcRPMetaDataOptionsAllowOffline => 1,
|
||||
oidcRPMetaDataOptionsAllowPasswordGrant => 1,
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 120,
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsRefreshToken => 1,
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
oidcRPMetaDataOptionsRule => '$uid eq "french"',
|
||||
},
|
||||
rp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
|
@ -92,6 +107,24 @@ $res = $op->_post(
|
|||
|
||||
expectReject( $res, 400, "invalid_grant" );
|
||||
|
||||
# Empty scope should fail
|
||||
my $query = buildForm( {
|
||||
client_id => 'scopelessrp',
|
||||
client_secret => 'rpsecret',
|
||||
grant_type => 'password',
|
||||
username => 'french',
|
||||
password => 'french',
|
||||
}
|
||||
);
|
||||
$res = $op->_post(
|
||||
"/oauth2/token",
|
||||
IO::String->new($query),
|
||||
accept => 'application/json',
|
||||
length => length($query),
|
||||
);
|
||||
|
||||
expectReject( $res, 400, "invalid_scope" );
|
||||
|
||||
$query = buildForm( {
|
||||
client_id => 'rpid',
|
||||
client_secret => 'rpsecret',
|
||||
|
|
|
@ -43,7 +43,7 @@ sub addScopeToRequest {
|
|||
|
||||
sub addHardcodedScope {
|
||||
my ( $self, $req, $scopeList, $rp ) = @_;
|
||||
push @{$scopeList}, "myscope";
|
||||
push @{$scopeList}, "myscope" if $rp ne "scopelessrp";
|
||||
|
||||
return PE_OK;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue