Unit tests for #2280
This commit is contained in:
parent
5e78464d7f
commit
b85072251a
|
@ -14,7 +14,7 @@ BEGIN {
|
|||
|
||||
my $debug = 'error';
|
||||
my ( $issuer, $res );
|
||||
my $maintests = 6;
|
||||
my $maintests = 7;
|
||||
|
||||
SKIP: {
|
||||
eval "use Lasso";
|
||||
|
@ -67,6 +67,9 @@ SKIP: {
|
|||
{
|
||||
is( $value->textContent, 'Accents', 'Check Attribute' );
|
||||
}
|
||||
foreach my $value ( $xpc->findnodes('//saml:NameID') ) {
|
||||
is( $value->textContent, 'customfrench', 'Check NameID from macro' );
|
||||
}
|
||||
clean_sessions();
|
||||
}
|
||||
|
||||
|
@ -84,7 +87,8 @@ sub issuer {
|
|||
issuerDBSAMLActivation => 1,
|
||||
samlSPMetaDataMacros => {
|
||||
'sp.com' => {
|
||||
extracted_sn => '(split(/\s/, $cn))[1]'
|
||||
extracted_sn => '(split(/\s/, $cn))[1]',
|
||||
customnameid => '"custom".$uid',
|
||||
}
|
||||
},
|
||||
samlSPMetaDataOptions => {
|
||||
|
@ -95,6 +99,7 @@ sub issuer {
|
|||
samlSPMetaDataOptionsSignSLOMessage => 1,
|
||||
samlSPMetaDataOptionsCheckSSOMessageSignature => 1,
|
||||
samlSPMetaDataOptionsCheckSLOMessageSignature => 1,
|
||||
samlSPMetaDataOptionsNameIDSessionKey => 'customnameid',
|
||||
}
|
||||
},
|
||||
samlSPMetaDataExportedAttributes => {
|
||||
|
|
|
@ -74,7 +74,9 @@ expectOK($res);
|
|||
count(1);
|
||||
|
||||
ok( $res->[2]->[0] =~ m#<cas:sn>Accents</cas:sn>#, "Found macro attribute" );
|
||||
count(1);
|
||||
ok( $res->[2]->[0] =~ m#<cas:user>customfrench</cas:user>#,
|
||||
"Found cas:user macro value" );
|
||||
count(2);
|
||||
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
||||
|
@ -92,6 +94,7 @@ sub issuer {
|
|||
casAppMetaDataOptions => {
|
||||
sp => {
|
||||
casAppMetaDataOptionsService => 'http://auth.sp.com/',
|
||||
casAppMetaDataOptionsUserAttribute => 'customname',
|
||||
},
|
||||
},
|
||||
casAppMetaDataExportedVars => {
|
||||
|
@ -105,6 +108,7 @@ sub issuer {
|
|||
casAppMetaDataMacros => {
|
||||
sp => {
|
||||
extracted_sn => '(split(/\s/, $cn))[1]',
|
||||
customname => '"custom".$uid',
|
||||
}
|
||||
},
|
||||
casAccessControlPolicy => 'error',
|
||||
|
|
|
@ -88,6 +88,7 @@ ok(
|
|||
|
||||
my $userinfo = JSON::from_json( $res->[2]->[0] );
|
||||
is( $userinfo->{family_name}, 'Accents', 'Correct macro value' );
|
||||
is( $userinfo->{sub}, 'customfrench', 'Sub macro correctly evaluated' );
|
||||
|
||||
clean_sessions();
|
||||
done_testing();
|
||||
|
@ -123,6 +124,7 @@ sub op {
|
|||
oidcRPMetaDataMacros => {
|
||||
rp => {
|
||||
extract_sn => '(split(/\s/, $cn))[1]',
|
||||
custom_sub => '"custom".$uid',
|
||||
}
|
||||
},
|
||||
oidcRPMetaDataOptions => {
|
||||
|
@ -133,7 +135,7 @@ sub op {
|
|||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "custom_sub",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
}
|
||||
},
|
||||
|
|
|
@ -41,7 +41,12 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcServiceAllowImplicitFlow => 1,
|
||||
oidcServiceAllowDynamicRegistration => 1,
|
||||
oidcServiceAllowAuthorizationCodeFlow => 1,
|
||||
oidcRPMetaDataOptions => {
|
||||
oidcRPMetaDataMacros => {
|
||||
rp => {
|
||||
custom_sub => '"custom".$uid',
|
||||
}
|
||||
},
|
||||
oidcRPMetaDataOptions => {
|
||||
rp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
|
@ -49,7 +54,7 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcRPMetaDataOptionsAllowOffline => 1,
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "custom_sub",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
|
@ -119,12 +124,11 @@ my $id_token = $json->{id_token};
|
|||
ok( $access_token, "Got access token" );
|
||||
ok( $refresh_token, "Got refresh token" );
|
||||
ok( $id_token, "Got ID token" );
|
||||
count(3);
|
||||
|
||||
my $id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
count(1);
|
||||
is( $id_token_payload->{sub}, 'customfrench', 'Found sub in ID token' );
|
||||
|
||||
# Get userinfo
|
||||
$res = $op->_post(
|
||||
|
@ -140,7 +144,7 @@ $res = $op->_post(
|
|||
$json = expectJSON($res);
|
||||
|
||||
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
|
||||
count(1);
|
||||
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
|
||||
|
||||
$op->logout($idpId);
|
||||
|
||||
|
@ -160,7 +164,6 @@ ok(
|
|||
),
|
||||
"Refresh access token (after logout)"
|
||||
);
|
||||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
$json = expectJSON($res);
|
||||
|
@ -170,12 +173,11 @@ $id_token = $json->{id_token};
|
|||
ok( $access_token, "Got refreshed Access token" );
|
||||
ok( $id_token, "Got refreshed ID token" );
|
||||
ok( !defined $refresh_token2, "Refresh token not present" );
|
||||
count(3);
|
||||
|
||||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
count(1);
|
||||
is( $id_token_payload->{sub}, 'customfrench', 'Found sub in ID token' );
|
||||
|
||||
## Get userinfo again
|
||||
ok(
|
||||
|
@ -191,11 +193,10 @@ ok(
|
|||
"Post new access token"
|
||||
);
|
||||
expectOK($res);
|
||||
count(1);
|
||||
$json = expectJSON($res);
|
||||
|
||||
ok( $json->{name} eq "Frédéric Accents", "Correct user info" );
|
||||
count(1);
|
||||
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
|
||||
|
||||
# Make sure offline session is still valid long after natural session expiration time
|
||||
|
||||
|
@ -215,7 +216,6 @@ ok(
|
|||
),
|
||||
"Refresh access token (in the future)"
|
||||
);
|
||||
count(1);
|
||||
expectOK($res);
|
||||
|
||||
$json = expectJSON($res);
|
||||
|
@ -225,7 +225,6 @@ $id_token = $json->{id_token};
|
|||
ok( $access_token, "Got refreshed Access token" );
|
||||
ok( $id_token, "Got refreshed ID token" );
|
||||
ok( !defined $refresh_token2, "Refresh token not present" );
|
||||
count(3);
|
||||
|
||||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
|
@ -240,7 +239,6 @@ ok( (
|
|||
);
|
||||
ok( ( grep { $_ eq "urn:extra2" } @{ $id_token_payload->{aud} } ),
|
||||
'Check for additional audiences' );
|
||||
count(4);
|
||||
|
||||
## Get userinfo again
|
||||
ok(
|
||||
|
@ -256,11 +254,10 @@ ok(
|
|||
"Post new access token"
|
||||
);
|
||||
expectOK($res);
|
||||
count(1);
|
||||
$json = expectJSON($res);
|
||||
|
||||
ok( $json->{name} eq "Frédéric Accents", "Correct user info" );
|
||||
count(1);
|
||||
ok( $json->{'sub'} eq "customfrench", 'Got User Info' );
|
||||
|
||||
## Test introspection of refreshed token #2171
|
||||
my $req = 'client_id=rpid&client_secret=rpsecret&token=' . $access_token;
|
||||
|
@ -273,18 +270,16 @@ ok(
|
|||
),
|
||||
"Post new access token"
|
||||
);
|
||||
count(1);
|
||||
$json = expectJSON($res);
|
||||
|
||||
is( $json->{active}, 1, 'Token is active' );
|
||||
is( $json->{client_id}, 'rpid', 'Introspection contains client_id' );
|
||||
is( $json->{sub}, 'french', 'Introspection contains sub' );
|
||||
is( $json->{sub}, 'customfrench', 'Introspection contains sub' );
|
||||
|
||||
# #2168
|
||||
ok( ( grep { $_ eq "!weird:scope.name~" } ( split /\s+/, $json->{scope} ) ),
|
||||
"Scope contains weird scope name" );
|
||||
count(4);
|
||||
|
||||
clean_sessions();
|
||||
done_testing( count() );
|
||||
done_testing();
|
||||
|
||||
|
|
|
@ -119,6 +119,7 @@ ok( $refresh_token, "Got refresh token" );
|
|||
ok( $id_token, "Got ID token" );
|
||||
|
||||
my $id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{sub}, 'french', 'Found sub in ID token' );
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
ok( ( grep { $_ eq "rpid" } @{ $id_token_payload->{aud} } ),
|
||||
|
@ -145,6 +146,7 @@ $res = $op->_post(
|
|||
|
||||
$json = expectJSON($res);
|
||||
|
||||
ok( $json->{'sub'} eq "french", 'Got User Info' );
|
||||
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
|
||||
|
||||
# Skip ahead in time
|
||||
|
@ -189,6 +191,7 @@ ok( $id_token, "Got refreshed ID token" );
|
|||
ok( !defined $json->{refresh_token}, "Refresh token not present" );
|
||||
|
||||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{sub}, 'french', 'Found sub in ID token' );
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
|
||||
|
@ -205,6 +208,7 @@ $res = $op->_post(
|
|||
|
||||
$json = expectJSON($res);
|
||||
|
||||
ok( $json->{'sub'} eq "french", 'Got User Info' );
|
||||
ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' );
|
||||
|
||||
# Check failure conditions
|
||||
|
@ -247,4 +251,3 @@ is( $res->[0], 401,
|
|||
|
||||
clean_sessions();
|
||||
done_testing();
|
||||
|
||||
|
|
Loading…
Reference in New Issue