dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unit tests for OIDC auth hooks (#2730)

This commit is contained in:
Maxime Besson 2022-03-17 17:47:21 +01:00
parent 6ccdcec181
commit fefc81d5fa
2 changed files with 58 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
View File

@ -38,6 +38,11 @@ LWP::Protocol::PSGI->register(
}
if ( $req->method =~ /^post$/i ) {
my $s = $req->content;
if ( $req->uri eq '/token/oauth2' ) {
is( $req->param("my_param"),
"my value", "oidcGenerateTokenRequest called" );
count(1);
}
ok(
$res = $client->_post(
$url, IO::String->new($s),
@ -198,6 +203,10 @@ ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' );
count(2);
is( $res->{userinfo_hook}, "op/french", "oidcGotUserInfo called" );
is( $res->{id_token_hook}, "op/french", "oidcGotIDToken called" );
count(2);
my $id_token_decoded = id_token_payload( $res->{_oidc_id_token} );
is( $id_token_decoded->{acr}, 'customacr-1', "Correct custom ACR" );
count(1);
@ -289,6 +298,10 @@ count(1);
( $url, $query ) =
expectRedirection( $res, qr#^http://auth.op.com(/oauth2/authorize)\?(.*)$# );
like( $query, qr/my_param=my\+value/,
"oidcGenerateAuthenticationRequest called" );
count(1);
# Test if consent was saved
# -------------------------
@ -349,7 +362,7 @@ sub op {
oidcRPMetaDataOptionsBypassConsent => 0,
oidcRPMetaDataOptionsClientSecret => "rpsecret",
oidcRPMetaDataOptionsUserIDAttr => "",
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
oidcRPMetaDataOptionsPostLogoutRedirectUris =>
"http://auth.rp.com/?logout=1",
oidcRPMetaDataOptionsRule => '$uid eq "french"',
@ -410,7 +423,8 @@ sub rp {
},
oidcOPMetaDataJSON => {
op => $metadata,
}
},
customPlugins => 't::OidcHookPlugin',
}
}
);

51
lemonldap-ng-portal/t/OidcHookPlugin.pm
View File

@ -8,13 +8,17 @@ use Data::Dumper;
use Test::More;
use constant hook => {
oidcGenerateCode => 'modifyRedirectUri',
oidcGenerateIDToken => 'addClaimToIDToken',
oidcGenerateUserInfoResponse => 'addClaimToUserInfo',
oidcGotRequest => 'addScopeToRequest',
oidcResolveScope => 'addHardcodedScope',
oidcGenerateAccessToken => 'addClaimToAccessToken',
oidcGotClientCredentialsGrant => 'oidcGotClientCredentialsGrant',
oidcGenerateCode => 'modifyRedirectUri',
oidcGenerateIDToken => 'addClaimToIDToken',
oidcGenerateUserInfoResponse => 'addClaimToUserInfo',
oidcGotRequest => 'addScopeToRequest',
oidcResolveScope => 'addHardcodedScope',
oidcGenerateAccessToken => 'addClaimToAccessToken',
oidcGotClientCredentialsGrant => 'oidcGotClientCredentialsGrant',
oidcGenerateAuthenticationRequest => 'genAuthRequest',
oidcGenerateTokenRequest => 'genTokenRequest',
oidcGotUserInfo => 'modifyUserInfo',
oidcGotIDToken => 'modifyIDToken',
};
sub addClaimToIDToken {
@ -26,7 +30,7 @@ sub addClaimToIDToken {
sub addClaimToUserInfo {
my ( $self, $req, $userinfo, $rp, $session_data ) = @_;
$userinfo->{"userinfo_hook"} = 1;
$userinfo->{"_auth"} = $session_data->{_auth};
$userinfo->{"_auth"} = $session_data->{_auth};
return PE_OK;
}
@ -63,5 +67,34 @@ sub oidcGotClientCredentialsGrant {
return PE_OK;
}
1;
sub genTokenRequest {
my ( $self, $req, $op, $authorize_request_params ) = @_;
$authorize_request_params->{my_param} = "my value";
return PE_OK;
}
sub genAuthRequest {
my ( $self, $req, $op, $token_request_params ) = @_;
$token_request_params->{my_param} = "my value";
return PE_OK;
}
sub modifyIDToken {
my ( $self, $req, $op, $id_token_payload_hash ) = @_;
# do some post-processing on the `sub` claim
$req->sessionInfo->{id_token_hook} = "$op/" . $id_token_payload_hash->{sub};
return PE_OK;
}
sub modifyUserInfo {
my ( $self, $req, $op, $userinfo_content ) = @_;
# Custom attribute processing
$req->sessionInfo->{userinfo_hook} = "$op/" . $userinfo_content->{sub};
return PE_OK;
}
1;