Guest create page: name field autofocus

[bookstack] / tests / Auth / OidcTest.php

diff --git a/tests/Auth/OidcTest.php b/tests/Auth/OidcTest.php
index 4215f6a541d5c03739626551d875592c54c2cfdc..db1f87bd5676a585ddb9867a7636cbc841211657 100644 (file)
--- a/tests/Auth/OidcTest.php
+++ b/tests/Auth/OidcTest.php
@@ -40,7 +40,7 @@ class OidcTest extends TestCase
             'oidc.dump_user_details'      => false,
             'oidc.additional_scopes'      => '',
             'oidc.user_to_groups'         => false,
-            'oidc.group_attribute'        => 'group',
+            'oidc.groups_claim'           => 'group',
             'oidc.remove_from_groups'     => false,
         ]);
     }
@@ -360,11 +360,42 @@ class OidcTest extends TestCase
         $this->assertTrue(auth()->check());
     }
 
+    public function test_auth_login_with_autodiscovery_with_keys_that_do_not_have_use_property()
+    {
+        // Based on reading the OIDC discovery spec:
+        // > This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also
+        // > contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When
+        // > both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all
+        // > keys in the referenced JWK Set to indicate each key's intended usage.
+        // We can assume that keys without use are intended for signing.
+        $this->withAutodiscovery();
+
+        $keyArray = OidcJwtHelper::publicJwkKeyArray();
+        unset($keyArray['use']);
+
+        $this->mockHttpClient([
+            $this->getAutoDiscoveryResponse(),
+            new Response(200, [
+                'Content-Type'  => 'application/json',
+                'Cache-Control' => 'no-cache, no-store',
+                'Pragma'        => 'no-cache',
+            ], json_encode([
+                'keys' => [
+                    $keyArray,
+                ],
+            ])),
+        ]);
+
+        $this->assertFalse(auth()->check());
+        $this->runLogin();
+        $this->assertTrue(auth()->check());
+    }
+
     public function test_login_group_sync()
     {
         config()->set([
             'oidc.user_to_groups'     => true,
-            'oidc.group_attribute'    => 'groups',
+            'oidc.groups_claim'       => 'groups',
             'oidc.remove_from_groups' => false,
         ]);
         $roleA = Role::factory()->create(['display_name' => 'Wizards']);
@@ -374,7 +405,7 @@ class OidcTest extends TestCase
         $resp = $this->runLogin([
             'email'  => '[email protected]',
             'sub'    => 'benny1010101',
-            'groups' => ['Wizards', 'Zookeepers']
+            'groups' => ['Wizards', 'Zookeepers'],
         ]);
         $resp->assertRedirect('/');
 
@@ -390,7 +421,7 @@ class OidcTest extends TestCase
     {
         config()->set([
             'oidc.user_to_groups'     => true,
-            'oidc.group_attribute'    => 'my.custom.groups.attr',
+            'oidc.groups_claim'       => 'my.custom.groups.attr',
             'oidc.remove_from_groups' => false,
         ]);
         $roleA = Role::factory()->create(['display_name' => 'Wizards']);
@@ -398,13 +429,13 @@ class OidcTest extends TestCase
         $resp = $this->runLogin([
             'email'  => '[email protected]',
             'sub'    => 'benny1010101',
-            'my' => [
+            'my'     => [
                 'custom' => [
                     'groups' => [
-                        'attr' => ['Wizards']
-                    ]
-                ]
-            ]
+                        'attr' => ['Wizards'],
+                    ],
+                ],
+            ],
         ]);
         $resp->assertRedirect('/');