UltiSuite/ultisuite-backend
UltiSuite/ultisuite-backend
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7143a36c19
ultisuite-backend/internal/orgpolicy/auth_test.go
R3D347HR4Y d3c930cac6
Some checks are pending
CI / Go tests (push) Waiting to run
Details
CI / Integration tests (push) Waiting to run
Details
CI / DB migrations (push) Waiting to run
Details
feat(identity-providers): add management for identity providers in admin API 
- Introduced new endpoints for managing identity providers, including retrieval of redirect URIs and testing/syncing providers.
- Enhanced organization settings to include identity provider configurations, allowing for self-enrollment and domain restrictions.
- Implemented caching for access policies and added validation for identity provider secrets.
- Added integration tests to ensure proper functionality of identity provider management and policy enforcement.
2026-06-09 09:36:38 +02:00

73 lines
1.9 KiB
Go
Raw Blame History

package orgpolicy
import (
"testing"
"github.com/ultisuite/ulti-backend/internal/auth"
)
func TestAuthAccessPolicyAllowsOpenProviders(t *testing.T) {
policy := AuthAccessPolicy{
Providers: []IdentityProviderPolicy{
{Enabled: true, Slug: "google"},
},
}
claims := &auth.Claims{Email: "user@example.com"}
if !policy.AllowsIdentity(claims.Email, claims) {
t.Fatal("expected open provider to allow any identity")
}
}
func TestAuthAccessPolicyRejectsUnknownDomain(t *testing.T) {
policy := AuthAccessPolicy{
Providers: []IdentityProviderPolicy{
{
Enabled: true,
Slug: "google",
AllowedEmailDomains: []string{"company.com"},
},
},
}
claims := &auth.Claims{Email: "user@gmail.com"}
if policy.AllowsIdentity(claims.Email, claims) {
t.Fatal("expected domain restriction to reject identity")
}
}
func TestAuthAccessPolicyAllowsMatchingOrganization(t *testing.T) {
policy := AuthAccessPolicy{
Providers: []IdentityProviderPolicy{
{
Enabled: true,
Slug: "google",
AllowedOrganizations: []string{"company.com"},
},
},
}
claims := &auth.Claims{Email: "user@company.com", HD: "company.com"}
if !policy.AllowsIdentity(claims.Email, claims) {
t.Fatal("expected matching hosted domain to allow identity")
}
}
func TestAuthAccessPolicyMatchesSourceSpecificProvider(t *testing.T) {
policy := AuthAccessPolicy{
Providers: []IdentityProviderPolicy{
{
Enabled: true,
Slug: "corp-google",
AllowedEmailDomains: []string{"company.com"},
},
{
Enabled: true,
Slug: "partner-google",
AllowedEmailDomains: []string{"partner.org"},
},
},
}
claims := &auth.Claims{Email: "user@partner.org", Source: "partner-google"}
if !policy.AllowsIdentity(claims.Email, claims) {
t.Fatal("expected source-specific provider rules to allow identity")
}
}
Reference in New Issue View Git Blame Copy Permalink