dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unit tests for #2280

This commit is contained in:
Maxime Besson 2020-08-15 14:41:26 +02:00
parent 5e78464d7f
commit b85072251a
5 changed files with 33 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lemonldap-ng-portal/t/30-SAML-Macros.t
View File

@ -14,7 +14,7 @@ BEGIN {
my $debug = 'error';
my ( $issuer, $res );
my $maintests = 6;
my $maintests = 7;
SKIP: {
eval "use Lasso";
@ -67,6 +67,9 @@ SKIP: {
{
is( $value->textContent, 'Accents', 'Check Attribute' );
}
foreach my $value ( $xpc->findnodes('//saml:NameID') ) {
is( $value->textContent, 'customfrench', 'Check NameID from macro' );
}
clean_sessions();
}
@ -84,7 +87,8 @@ sub issuer {
issuerDBSAMLActivation => 1,
samlSPMetaDataMacros => {
'sp.com' => {
extracted_sn => '(split(/\s/, $cn))[1]'
extracted_sn => '(split(/\s/, $cn))[1]',
customnameid => '"custom".$uid',
}
},
samlSPMetaDataOptions => {
@ -95,6 +99,7 @@ sub issuer {
samlSPMetaDataOptionsSignSLOMessage => 1,
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
samlSPMetaDataOptionsNameIDSessionKey => 'customnameid',
}
},
samlSPMetaDataExportedAttributes => {

6
lemonldap-ng-portal/t/32-CAS-Macros.t
View File

@ -74,7 +74,9 @@ expectOK($res);
count(1);
ok( $res->[2]->[0] =~ m#<cas:sn>Accents</cas:sn>#, "Found macro attribute" );
count(1);
ok( $res->[2]->[0] =~ m#<cas:user>customfrench</cas:user>#,
"Found cas:user macro value" );
count(2);
clean_sessions();
done_testing( count() );
@ -92,6 +94,7 @@ sub issuer {
casAppMetaDataOptions => {
sp => {
casAppMetaDataOptionsService => 'http://auth.sp.com/',
casAppMetaDataOptionsUserAttribute => 'customname',
},
},
casAppMetaDataExportedVars => {
@ -105,6 +108,7 @@ sub issuer {
casAppMetaDataMacros => {
sp => {
extracted_sn => '(split(/\s/, $cn))[1]',
customname => '"custom".$uid',
}
},
casAccessControlPolicy => 'error',

4
lemonldap-ng-portal/t/32-OIDC-Macro.t
View File

@ -88,6 +88,7 @@ ok(
my $userinfo = JSON::from_json( $res->[2]->[0] );
is( $userinfo->{family_name}, 'Accents', 'Correct macro value' );
is( $userinfo->{sub}, 'customfrench', 'Sub macro correctly evaluated' );
clean_sessions();
done_testing();
@ -123,6 +124,7 @@ sub op {
oidcRPMetaDataMacros => {
rp => {
extract_sn => '(split(/\s/, $cn))[1]',
custom_sub => '"custom".$uid',
}
},
oidcRPMetaDataOptions => {
@ -133,7 +135,7 @@ sub op {
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsBypassConsent => 1,
oidcRPMetaDataOptionsClientSecret => "rpsecret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsUserIDAttr => "custom_sub",
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
}
},

33
lemonldap-ng-portal/t/32-OIDC-Offline-Session.t
View File

@ -41,7 +41,12 @@ my $op = LLNG::Manager::Test->new( {
oidcServiceAllowImplicitFlow => 1,
oidcServiceAllowDynamicRegistration => 1,
oidcServiceAllowAuthorizationCodeFlow => 1,
oidcRPMetaDataOptions => {
oidcRPMetaDataMacros => {
rp => {
custom_sub => '"custom".$uid',
}
},
oidcRPMetaDataOptions => {
rp => {
oidcRPMetaDataOptionsDisplayName => "RP",
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
@ -49,7 +54,7 @@ my $op = LLNG::Manager::Test->new( {
oidcRPMetaDataOptionsAllowOffline => 1,
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
oidcRPMetaDataOptionsClientSecret => "rpsecret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsUserIDAttr => "custom_sub",
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
oidcRPMetaDataOptionsBypassConsent => 1,
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
@ -119,12 +124,11 @@ my $id_token = $json->{id_token};
ok( $access_token, "Got access token" );
ok( $refresh_token, "Got refresh token" );
ok( $id_token, "Got ID token" );
count(3);
my $id_token_payload = id_token_payload($id_token);
is( $id_token_payload->{name}, 'Frédéric Accents',
'Found claim in ID token' );
count(1);
is( $id_token_payload->{sub}, 'customfrench', 'Found sub in ID token' );
# Get userinfo
$res = $op->_post(
@ -140,7 +144,7 @@ $res = $op->_post(
$json = expectJSON($res);
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
count(1);
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
$op->logout($idpId);
@ -160,7 +164,6 @@ ok(
),
"Refresh access token (after logout)"
);
count(1);
expectOK($res);
$json = expectJSON($res);
@ -170,12 +173,11 @@ $id_token = $json->{id_token};
ok( $access_token, "Got refreshed Access token" );
ok( $id_token, "Got refreshed ID token" );
ok( !defined $refresh_token2, "Refresh token not present" );
count(3);
$id_token_payload = id_token_payload($id_token);
is( $id_token_payload->{name}, 'Frédéric Accents',
'Found claim in ID token' );
count(1);
is( $id_token_payload->{sub}, 'customfrench', 'Found sub in ID token' );
## Get userinfo again
ok(
@ -191,11 +193,10 @@ ok(
"Post new access token"
);
expectOK($res);
count(1);
$json = expectJSON($res);
ok( $json->{name} eq "Frédéric Accents", "Correct user info" );
count(1);
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
# Make sure offline session is still valid long after natural session expiration time
@ -215,7 +216,6 @@ ok(
),
"Refresh access token (in the future)"
);
count(1);
expectOK($res);
$json = expectJSON($res);
@ -225,7 +225,6 @@ $id_token = $json->{id_token};
ok( $access_token, "Got refreshed Access token" );
ok( $id_token, "Got refreshed ID token" );
ok( !defined $refresh_token2, "Refresh token not present" );
count(3);
$id_token_payload = id_token_payload($id_token);
is( $id_token_payload->{name}, 'Frédéric Accents',
@ -240,7 +239,6 @@ ok( (
);
ok( ( grep { $_ eq "urn:extra2" } @{ $id_token_payload->{aud} } ),
'Check for additional audiences' );
count(4);
## Get userinfo again
ok(
@ -256,11 +254,10 @@ ok(
"Post new access token"
);
expectOK($res);
count(1);
$json = expectJSON($res);
ok( $json->{name} eq "Frédéric Accents", "Correct user info" );
count(1);
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
## Test introspection of refreshed token #2171
my $req = 'client_id=rpid&client_secret=rpsecret&token=' . $access_token;
@ -273,18 +270,16 @@ ok(
),
"Post new access token"
);
count(1);
$json = expectJSON($res);
is( $json->{active}, 1, 'Token is active' );
is( $json->{client_id}, 'rpid', 'Introspection contains client_id' );
is( $json->{sub}, 'french', 'Introspection contains sub' );
is( $json->{sub}, 'customfrench', 'Introspection contains sub' );
# #2168
ok( ( grep { $_ eq "!weird:scope.name~" } ( split /\s+/, $json->{scope} ) ),
"Scope contains weird scope name" );
count(4);
clean_sessions();
done_testing( count() );
done_testing();

5
lemonldap-ng-portal/t/32-OIDC-Refresh-Token.t
View File

@ -119,6 +119,7 @@ ok( $refresh_token, "Got refresh token" );
ok( $id_token, "Got ID token" );
my $id_token_payload = id_token_payload($id_token);
is( $id_token_payload->{sub}, 'french', 'Found sub in ID token' );
is( $id_token_payload->{name}, 'Frédéric Accents',
'Found claim in ID token' );
ok( ( grep { $_ eq "rpid" } @{ $id_token_payload->{aud} } ),
@ -145,6 +146,7 @@ $res = $op->_post(
$json = expectJSON($res);
ok( $json->{'sub'} eq "french", 'Got User Info' );
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
# Skip ahead in time
@ -189,6 +191,7 @@ ok( $id_token, "Got refreshed ID token" );
ok( !defined $json->{refresh_token}, "Refresh token not present" );
$id_token_payload = id_token_payload($id_token);
is( $id_token_payload->{sub}, 'french', 'Found sub in ID token' );
is( $id_token_payload->{name}, 'Frédéric Accents',
'Found claim in ID token' );
@ -205,6 +208,7 @@ $res = $op->_post(
$json = expectJSON($res);
ok( $json->{'sub'} eq "french", 'Got User Info' );
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
# Check failure conditions
@ -247,4 +251,3 @@ is( $res->[0], 401,
clean_sessions();
done_testing();