tenant 제한 에러 처리 보안

2026-06-04 10:09:49 +09:00
parent 80aa60fdf1
commit 243b852591
6 changed files with 104 additions and 18 deletions
--- a/userfront/test/auth_proxy_service_test.dart
+++ b/userfront/test/auth_proxy_service_test.dart
@@ -153,6 +153,37 @@ void main() {
      },
    );

+    test(
+      'acceptOidcLogin error는 code/message/details를 AuthProxyException으로 보존한다',
+      () async {
+        client.enqueueJson({
+          'code': 'tenant_not_allowed',
+          'error': 'tenant blocked',
+          'details': {
+            'allowed_tenants': ['gp'],
+          },
+        }, statusCode: 403);
+
+        await expectLater(
+          AuthProxyService.acceptOidcLogin('login-challenge', token: 'jwt'),
+          throwsA(
+            isA<AuthProxyException>()
+                .having(
+                  (error) => error.errorCode,
+                  'code',
+                  'tenant_not_allowed',
+                )
+                .having((error) => error.message, 'message', 'tenant blocked')
+                .having(
+                  (error) => error.details?['allowed_tenants'],
+                  'details',
+                  ['gp'],
+                ),
+          ),
+        );
+      },
+    );
+
    test(
      'approveQrLogin은 credential mode와 bearer token payload를 지원한다',
      () async {