kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

merge: integrate origin dev into dev

Browse Source 
Includes Worksmobile SSOT sync comparison updates, UUID import conflict resolution, and Playwright route mock stabilization.
This commit is contained in:
admin-bot
2026-06-01 17:48:39 +09:00
parent 5c8a338085 af55e3dbb8
commit 75f192fb24
91 changed files with 2173 additions and 1268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
backend/internal/service/ory_service_test.go
View File

@@ -36,76 +36,6 @@ type roundTripperFunc func(req *http.Request) (*http.Response, error)
func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) { return f(req) }
func TestCreateUserSendsRequestedIdentityID(t *testing.T) {
const requestedID = "9f8cc1b1-af8d-45d4-946c-924a529c2556"
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.URL.Path == "/admin/identities" && r.Method == http.MethodGet:
_ = json.NewEncoder(w).Encode([]map[string]string{})
return
case r.URL.Path == "/admin/identities" && r.Method == http.MethodPost:
var payload map[string]interface{}
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
t.Fatalf("failed to decode payload: %v", err)
}
if payload["id"] != requestedID {
t.Fatalf("expected id=%s, got=%v", requestedID, payload["id"])
}
_ = json.NewEncoder(w).Encode(map[string]string{"id": requestedID})
return
default:
t.Fatalf("unexpected request: %s %s", r.Method, r.URL.String())
}
})
provider := &OryProvider{
KratosAdminURL: "http://kratos-admin.local",
HTTPClient: clientForHandler(handler),
}
id, err := provider.CreateUser(&domain.BrokerUser{
ID: requestedID,
Email: "restore@test.com",
Name: "Restore User",
}, "Sup3rStr0ng!Pass#2026")
if err != nil {
t.Fatalf("CreateUser returned error: %v", err)
}
if id != requestedID {
t.Fatalf("expected %s, got %s", requestedID, id)
}
}
func TestCreateUserRejectsRequestedIdentityIDMismatch(t *testing.T) {
const requestedID = "9f8cc1b1-af8d-45d4-946c-924a529c2556"
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.URL.Path == "/admin/identities" && r.Method == http.MethodGet:
_ = json.NewEncoder(w).Encode([]map[string]string{})
return
case r.URL.Path == "/admin/identities" && r.Method == http.MethodPost:
_ = json.NewEncoder(w).Encode(map[string]string{"id": "generated-id"})
return
default:
t.Fatalf("unexpected request: %s %s", r.Method, r.URL.String())
}
})
provider := &OryProvider{
KratosAdminURL: "http://kratos-admin.local",
HTTPClient: clientForHandler(handler),
}
_, err := provider.CreateUser(&domain.BrokerUser{
ID: requestedID,
Email: "restore@test.com",
Name: "Restore User",
}, "Sup3rStr0ng!Pass#2026")
if err == nil || !strings.Contains(err.Error(), "requested identity id was not preserved") {
t.Fatalf("expected requested identity id mismatch error, got: %v", err)
}
}
func TestUpdateUserPassword_Success(t *testing.T) {
const (
loginID = "user@example.com"
@@ -121,19 +51,24 @@ func TestUpdateUserPassword_Success(t *testing.T) {
if got := q.Get("credentials_identifier"); got != loginID {
t.Fatalf("expected credentials_identifier=%s, got=%s", loginID, got)
}
_ = json.NewEncoder(w).Encode([]map[string]string{
{"id": identityID},
_ = json.NewEncoder(w).Encode([]map[string]any{
{
"id": identityID,
"traits": map[string]any{
"email": loginID,
},
},
})
return
}
if r.URL.Path != "/admin/identities/"+identityID {
t.Fatalf("unexpected identity lookup path: %s", r.URL.Path)
}
_ = json.NewEncoder(w).Encode(map[string]interface{}{
_ = json.NewEncoder(w).Encode(map[string]any{
"id": identityID,
"schema_id": "default",
"state": "active",
"traits": map[string]interface{}{
"traits": map[string]any{
"email": loginID,
},
})
@@ -191,17 +126,22 @@ func TestUpdateUserPassword_ServerError(t *testing.T) {
switch {
case strings.HasPrefix(r.URL.Path, "/admin/identities") && r.Method == http.MethodGet:
if r.URL.Path == "/admin/identities" {
_ = json.NewEncoder(w).Encode([]map[string]string{
{"id": "abc"},
_ = json.NewEncoder(w).Encode([]map[string]any{
{
"id": "abc",
"traits": map[string]any{
"email": "user@example.com",
},
},
})
return
}
if r.URL.Path == "/admin/identities/abc" {
_ = json.NewEncoder(w).Encode(map[string]interface{}{
_ = json.NewEncoder(w).Encode(map[string]any{
"id": "abc",
"schema_id": "default",
"state": "active",
"traits": map[string]interface{}{
"traits": map[string]any{
"email": "user@example.com",
},
})
@@ -234,8 +174,13 @@ func TestFindIdentityID_QueryEncoding(t *testing.T) {
if values.Get("credentials_identifier") != loginID {
t.Fatalf("expected credentials_identifier=%s, got=%s", loginID, values.Get("credentials_identifier"))
}
_ = json.NewEncoder(w).Encode([]map[string]string{
{"id": "id-123"},
_ = json.NewEncoder(w).Encode([]map[string]any{
{
"id": "id-123",
"traits": map[string]any{
"email": loginID,
},
},
})
})
@@ -252,3 +197,30 @@ func TestFindIdentityID_QueryEncoding(t *testing.T) {
t.Fatalf("expected id-123, got %s", id)
}
}
func TestOryProvider_CreateUser_RejectsRequestedIdentityID(t *testing.T) {
const (
email = "newuser@test.com"
name = "New User"
customUuid = "550e8400-e29b-41d4-a716-446655440000"
password = "secret123456"
)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("unexpected request: %s %s", r.Method, r.URL.String())
})
provider := &OryProvider{
KratosAdminURL: "http://kratos-admin.local",
HTTPClient: clientForHandler(handler),
}
id, err := provider.CreateUser(&domain.BrokerUser{
ID: customUuid,
Email: email,
Name: name,
}, password)
if err == nil || !strings.Contains(err.Error(), "requested identity id import is disabled") {
t.Fatalf("expected requested identity id rejection, got id=%s err=%v", id, err)
}
}