Unit tests for OIDC auth hooks (#2730)
This commit is contained in:
parent
6ccdcec181
commit
fefc81d5fa
|
@ -38,6 +38,11 @@ LWP::Protocol::PSGI->register(
|
|||
}
|
||||
if ( $req->method =~ /^post$/i ) {
|
||||
my $s = $req->content;
|
||||
if ( $req->uri eq '/token/oauth2' ) {
|
||||
is( $req->param("my_param"),
|
||||
"my value", "oidcGenerateTokenRequest called" );
|
||||
count(1);
|
||||
}
|
||||
ok(
|
||||
$res = $client->_post(
|
||||
$url, IO::String->new($s),
|
||||
|
@ -198,6 +203,10 @@ ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
|
|||
or explain( $res, 'cn => Frédéric Accents' );
|
||||
count(2);
|
||||
|
||||
is( $res->{userinfo_hook}, "op/french", "oidcGotUserInfo called" );
|
||||
is( $res->{id_token_hook}, "op/french", "oidcGotIDToken called" );
|
||||
count(2);
|
||||
|
||||
my $id_token_decoded = id_token_payload( $res->{_oidc_id_token} );
|
||||
is( $id_token_decoded->{acr}, 'customacr-1', "Correct custom ACR" );
|
||||
count(1);
|
||||
|
@ -289,6 +298,10 @@ count(1);
|
|||
( $url, $query ) =
|
||||
expectRedirection( $res, qr#^http://auth.op.com(/oauth2/authorize)\?(.*)$# );
|
||||
|
||||
like( $query, qr/my_param=my\+value/,
|
||||
"oidcGenerateAuthenticationRequest called" );
|
||||
count(1);
|
||||
|
||||
# Test if consent was saved
|
||||
# -------------------------
|
||||
|
||||
|
@ -349,7 +362,7 @@ sub op {
|
|||
oidcRPMetaDataOptionsBypassConsent => 0,
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsPostLogoutRedirectUris =>
|
||||
"http://auth.rp.com/?logout=1",
|
||||
oidcRPMetaDataOptionsRule => '$uid eq "french"',
|
||||
|
@ -410,7 +423,8 @@ sub rp {
|
|||
},
|
||||
oidcOPMetaDataJSON => {
|
||||
op => $metadata,
|
||||
}
|
||||
},
|
||||
customPlugins => 't::OidcHookPlugin',
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
|
@ -8,13 +8,17 @@ use Data::Dumper;
|
|||
use Test::More;
|
||||
|
||||
use constant hook => {
|
||||
oidcGenerateCode => 'modifyRedirectUri',
|
||||
oidcGenerateIDToken => 'addClaimToIDToken',
|
||||
oidcGenerateUserInfoResponse => 'addClaimToUserInfo',
|
||||
oidcGotRequest => 'addScopeToRequest',
|
||||
oidcResolveScope => 'addHardcodedScope',
|
||||
oidcGenerateAccessToken => 'addClaimToAccessToken',
|
||||
oidcGotClientCredentialsGrant => 'oidcGotClientCredentialsGrant',
|
||||
oidcGenerateCode => 'modifyRedirectUri',
|
||||
oidcGenerateIDToken => 'addClaimToIDToken',
|
||||
oidcGenerateUserInfoResponse => 'addClaimToUserInfo',
|
||||
oidcGotRequest => 'addScopeToRequest',
|
||||
oidcResolveScope => 'addHardcodedScope',
|
||||
oidcGenerateAccessToken => 'addClaimToAccessToken',
|
||||
oidcGotClientCredentialsGrant => 'oidcGotClientCredentialsGrant',
|
||||
oidcGenerateAuthenticationRequest => 'genAuthRequest',
|
||||
oidcGenerateTokenRequest => 'genTokenRequest',
|
||||
oidcGotUserInfo => 'modifyUserInfo',
|
||||
oidcGotIDToken => 'modifyIDToken',
|
||||
};
|
||||
|
||||
sub addClaimToIDToken {
|
||||
|
@ -26,7 +30,7 @@ sub addClaimToIDToken {
|
|||
sub addClaimToUserInfo {
|
||||
my ( $self, $req, $userinfo, $rp, $session_data ) = @_;
|
||||
$userinfo->{"userinfo_hook"} = 1;
|
||||
$userinfo->{"_auth"} = $session_data->{_auth};
|
||||
$userinfo->{"_auth"} = $session_data->{_auth};
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
|
@ -63,5 +67,34 @@ sub oidcGotClientCredentialsGrant {
|
|||
return PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
sub genTokenRequest {
|
||||
my ( $self, $req, $op, $authorize_request_params ) = @_;
|
||||
|
||||
$authorize_request_params->{my_param} = "my value";
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
sub genAuthRequest {
|
||||
my ( $self, $req, $op, $token_request_params ) = @_;
|
||||
|
||||
$token_request_params->{my_param} = "my value";
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
sub modifyIDToken {
|
||||
my ( $self, $req, $op, $id_token_payload_hash ) = @_;
|
||||
|
||||
# do some post-processing on the `sub` claim
|
||||
$req->sessionInfo->{id_token_hook} = "$op/" . $id_token_payload_hash->{sub};
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
sub modifyUserInfo {
|
||||
my ( $self, $req, $op, $userinfo_content ) = @_;
|
||||
|
||||
# Custom attribute processing
|
||||
$req->sessionInfo->{userinfo_hook} = "$op/" . $userinfo_content->{sub};
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue