johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f0ade87f5de028b31da27f81609d20cb43d053c
photoprism/internal/config/config_oidc_test.go
Michael Mayer 5f0ade87f5 OIDC: Add support for Microsoft Entra ID security groups #5334 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-11-23 16:04:25 +01:00

240 lines
5.4 KiB
Go
Raw Blame History

package config
import (
"net/url"
"testing"
"github.com/stretchr/testify/assert"
"github.com/photoprism/photoprism/internal/auth/acl"
"github.com/photoprism/photoprism/pkg/authn"
)
func TestConfig_OIDCEnabled(t *testing.T) {
t.Run("DisableForHTTP", func(t *testing.T) {
c := NewConfig(CliTestContext())
c.options.SiteUrl = "http://photos.myphotos.com"
assert.False(t, c.OIDCEnabled())
})
t.Run("OIDCDisabled", func(t *testing.T) {
c := NewConfig(CliTestContext())
c.options.DisableOIDC = true
assert.False(t, c.OIDCEnabled())
})
t.Run("InvalidOIDCUri", func(t *testing.T) {
c := NewConfig(CliTestContext())
c.options.SiteUrl = "https://photos.myphotos.com"
assert.True(t, c.SiteHttps())
c.options.OIDCUri = "http://example.com"
assert.False(t, c.OIDCEnabled())
})
t.Run("Enabled", func(t *testing.T) {
c := NewConfig(CliTestContext())
c.options.SiteUrl = "https://photos.myphotos.com"
assert.True(t, c.SiteHttps())
c.options.OIDCUri = "https://example.com"
c.options.OIDCClient = "test"
c.options.OIDCSecret = "test123467"
assert.True(t, c.OIDCEnabled())
})
}
func TestConfig_OIDCUri(t *testing.T) {
c := NewConfig(CliTestContext())
assert.IsType(t, &url.URL{}, c.OIDCUri())
assert.Equal(t, "", c.OIDCUri().Path)
c.options.OIDCUri = "test"
assert.Equal(t, "", c.OIDCUri().String())
assert.Equal(t, "", c.OIDCUri().Path)
c.options.OIDCUri = "http://test/"
assert.Equal(t, "", c.OIDCUri().String())
assert.Equal(t, "", c.OIDCUri().Path)
c.options.OIDCUri = "https://test/"
assert.Equal(t, "https://test/", c.OIDCUri().String())
assert.Equal(t, "/", c.OIDCUri().Path)
c.options.OIDCUri = ""
assert.IsType(t, &url.URL{}, c.OIDCUri())
assert.Equal(t, "", c.OIDCUri().String())
}
func TestConfig_OIDCClient(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "", c.OIDCClient())
}
func TestConfig_OIDCSecret(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "", c.OIDCSecret())
}
func TestConfig_OIDCScopes(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, authn.OidcDefaultScopes, c.OIDCScopes())
c.options.OIDCScopes = ""
assert.Equal(t, authn.OidcDefaultScopes, c.OIDCScopes())
}
func TestConfig_OIDCProvider(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "OpenID", c.OIDCProvider())
c.options.OIDCProvider = "test"
assert.Equal(t, "test", c.OIDCProvider())
}
func TestConfig_OIDCIcon(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "/static/img/oidc.svg", c.OIDCIcon())
c.options.OIDCIcon = "./test.svg"
assert.Equal(t, "./test.svg", c.OIDCIcon())
}
func TestConfig_OIDCRedirect(t *testing.T) {
c := NewConfig(CliTestContext())
assert.False(t, c.OIDCRedirect())
}
func TestConfig_OIDCUsername(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, authn.OidcClaimPreferredUsername, c.OIDCUsername())
c.options.OIDCUsername = "name"
assert.Equal(t, authn.OidcClaimName, c.OIDCUsername())
c.options.OIDCUsername = "nickname"
assert.Equal(t, authn.OidcClaimNickname, c.OIDCUsername())
c.options.OIDCUsername = "email"
assert.Equal(t, authn.OidcClaimEmail, c.OIDCUsername())
c.options.OIDCUsername = ""
assert.Equal(t, authn.OidcClaimPreferredUsername, c.OIDCUsername())
}
func TestConfig_OIDCGroupClaim(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "groups", c.OIDCGroupClaim())
c.options.OIDCGroupClaim = " roles "
assert.Equal(t, "roles", c.OIDCGroupClaim())
}
func TestConfig_OIDCGroup(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Nil(t, c.OIDCGroup())
c.options.OIDCGroup = []string{"ABC-123", " DEF-456 ", ""}
assert.Equal(t, []string{"abc-123", "def-456"}, c.OIDCGroup())
}
func TestConfig_OIDCGroupRoles(t *testing.T) {
c := NewConfig(CliTestContext())
c.options.OIDCGroupRole = []string{
"ABC-123=admin",
"def-456:guest",
"invalid",
"=none",
}
roles := c.OIDCGroupRoles()
assert.Equal(t, acl.RoleAdmin, roles["abc-123"])
assert.Equal(t, acl.RoleGuest, roles["def-456"])
assert.Len(t, roles, 2)
}
func TestConfig_OIDCDomain(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "", c.OIDCDomain())
c.options.OIDCDomain = "example.com"
assert.Equal(t, "example.com", c.OIDCDomain())
c.options.OIDCDomain = "foo"
assert.Equal(t, "", c.OIDCDomain())
c.options.OIDCDomain = ""
assert.Equal(t, "", c.OIDCDomain())
}
func TestConfig_OIDCRegister(t *testing.T) {
c := NewConfig(CliTestContext())
assert.False(t, c.OIDCRegister())
}
func TestConfig_OIDCRole(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, acl.RoleGuest, c.OIDCRole())
c.options.OIDCRole = "invalid"
assert.Equal(t, acl.RoleNone, c.OIDCRole())
c.options.OIDCRole = "admin"
assert.Equal(t, acl.RoleAdmin, c.OIDCRole())
}
func TestConfig_OIDCWebDAV(t *testing.T) {
c := NewConfig(CliTestContext())
assert.False(t, c.OIDCWebDAV())
}
func TestConfig_DisableOIDC(t *testing.T) {
c := NewConfig(CliTestContext())
assert.False(t, c.DisableOIDC())
}
func TestConfig_OIDCLoginUri(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "/api/v1/oidc/login", c.OIDCLoginUri())
}
func TestConfig_OIDCRedirectUri(t *testing.T) {
c := NewConfig(CliTestContext())
assert.Equal(t, "/api/v1/oidc/redirect", c.OIDCRedirectUri())
}
func TestConfig_OIDCReport(t *testing.T) {
c := NewConfig(CliTestContext())
r, _ := c.OIDCReport()
assert.GreaterOrEqual(t, len(r), 6)
}
Reference in New Issue View Git Blame Copy Permalink