BookStack Code Mirror - bookstack/blobdiff

index db1f87bd5676a585ddb9867a7636cbc841211657..191a25f8801e732a75a3df5d46d4c19de8389756 100644 (file)

--- a/tests/Auth/OidcTest.php

+++ b/tests/Auth/OidcTest.php

@@ -2,9 +2,11 @@

namespace Tests\Auth;

-use BookStack\Actions\ActivityType;

-use BookStack\Auth\Role;

-use BookStack\Auth\User;

+use BookStack\Activity\ActivityType;

+use BookStack\Facades\Theme;

+use BookStack\Theming\ThemeEvents;

+use BookStack\Users\Models\Role;

+use BookStack\Users\Models\User;

use GuzzleHttp\Psr7\Request;

use GuzzleHttp\Psr7\Response;

use Illuminate\Testing\TestResponse;

@@ -42,6 +44,7 @@ class OidcTest extends TestCase

'oidc.user_to_groups' => false,

'oidc.groups_claim' => 'group',

'oidc.remove_from_groups' => false,

+ 'oidc.external_id_claim' => 'sub',

]);

}

@@ -93,7 +96,7 @@ class OidcTest extends TestCase

public function test_logout_route_functions()

{

- $this->actingAs($this->getEditor());

+ $this->actingAs($this->users->editor());

$this->post('/logout');

$this->assertFalse(auth()->check());

}

@@ -228,7 +231,7 @@ class OidcTest extends TestCase

public function test_auth_login_as_existing_user()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$editor->external_auth_id = 'benny505';

$editor->save();

@@ -245,7 +248,7 @@ class OidcTest extends TestCase

public function test_auth_login_as_existing_user_email_with_different_auth_id_fails()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

$editor->external_auth_id = 'editor101';

$editor->save();

@@ -391,6 +394,24 @@ class OidcTest extends TestCase

$this->assertTrue(auth()->check());

}

+ public function test_auth_uses_configured_external_id_claim_option()

+ {

+ config()->set([

+ 'oidc.external_id_claim' => 'super_awesome_id',

+ ]);

+ $resp = $this->runLogin([

+ 'email' => '[email protected]',

+ 'sub' => 'benny1010101',

+ 'super_awesome_id' => 'xXBennyTheGeezXx',

+ ]);

+ $resp->assertRedirect('/');

+ /** @var User $user */

+ $user = User::query()->where('email', '=', '[email protected]')->first();

+ $this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id);

+ }

public function test_login_group_sync()

{

config()->set([

@@ -444,6 +465,60 @@ class OidcTest extends TestCase

$this->assertTrue($user->hasRole($roleA->id));

}

+ public function test_oidc_id_token_pre_validate_theme_event_without_return()

+ {

+ $args = [];

+ $callback = function (...$eventArgs) use (&$args) {

+ $args = $eventArgs;

+ };

+ Theme::listen(ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE, $callback);

+ $resp = $this->runLogin([

+ 'email' => '[email protected]',

+ 'sub' => 'benny1010101',

+ 'name' => 'Benny',

+ ]);

+ $resp->assertRedirect('/');

+ $this->assertDatabaseHas('users', [

+ 'external_auth_id' => 'benny1010101',

+ ]);

+ $this->assertArrayHasKey('iss', $args[0]);

+ $this->assertArrayHasKey('sub', $args[0]);

+ $this->assertEquals('Benny', $args[0]['name']);

+ $this->assertEquals('benny1010101', $args[0]['sub']);

+ $this->assertArrayHasKey('access_token', $args[1]);

+ $this->assertArrayHasKey('expires_in', $args[1]);

+ $this->assertArrayHasKey('refresh_token', $args[1]);

+ }

+ public function test_oidc_id_token_pre_validate_theme_event_with_return()

+ {

+ $callback = function (...$eventArgs) {

+ return array_merge($eventArgs[0], [

+ 'email' => '[email protected]',

+ 'sub' => 'lenny1010101',

+ 'name' => 'Lenny',

+ ]);

+ };

+ Theme::listen(ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE, $callback);

+ $resp = $this->runLogin([

+ 'email' => '[email protected]',

+ 'sub' => 'benny1010101',

+ 'name' => 'Benny',

+ ]);

+ $resp->assertRedirect('/');

+ $this->assertDatabaseHas('users', [

+ 'email' => '[email protected]',

+ 'external_auth_id' => 'lenny1010101',

+ 'name' => 'Lenny',

+ ]);

+ }

protected function withAutodiscovery()

{

config()->set([