kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

profile 클레임 구조 확장

Browse Source
This commit is contained in:
김용연
2026-06-17 11:50:34 +09:00
parent fd05c049d3
commit efab2a7291
3 changed files with 111 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
backend/internal/handler/auth_handler_dynamic_claims_test.go
View File

@@ -73,6 +73,8 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
"email": "user@baron.com",
"name": "홍길동",
"phone_number": "+821012345678",
"employee_id": "EMP-001",
"sub_email": []any{"alias1@baron.com", "alias2@baron.com"},
"tenant_id": "primary-tenant-999", // Added primary tenant
"tenant-1": map[string]any{
"department": "개발팀",
@@ -86,13 +88,18 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
scopes := []string{"openid", "profile"}
t.Run("No tenantID", func(t *testing.T) {
claims := buildOidcClaimsFromTraits(traits, scopes, "")
claims := buildOidcClaimsFromTraits(traits, scopes, "", "leave_of_absence")
assert.Equal(t, "user@baron.com", claims["email"])
assert.Equal(t, "홍길동", claims["name"])
assert.Equal(t, "primary-tenant-999", claims["tenant_id"])
assert.Nil(t, claims["department"])
assert.Nil(t, claims["grade"])
profile := claims["profile"].(map[string]any)
assert.Equal(t, "홍길동", profile["name"])
assert.Equal(t, "user@baron.com", profile["email"])
assert.Equal(t, "EMP-001", profile["employee_id"])
assert.Equal(t, []string{"alias1@baron.com", "alias2@baron.com"}, profile["secondary_emails"])
assert.Equal(t, "temporary_leave", profile["status"])
assert.Equal(t, []string{"+821012345678"}, profile["phones"])
assert.Nil(t, claims["tenants"])
@@ -102,13 +109,18 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
})
t.Run("With tenant-1", func(t *testing.T) {
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-1")
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-1", "leave_of_absence")
assert.Equal(t, "user@baron.com", claims["email"])
assert.Equal(t, "홍길동", claims["name"])
assert.Equal(t, "tenant-1", claims["tenant_id"])
assert.Nil(t, claims["department"])
assert.Nil(t, claims["grade"])
profile := claims["profile"].(map[string]any)
assert.Equal(t, "홍길동", profile["name"])
assert.Equal(t, "user@baron.com", profile["email"])
assert.Equal(t, "EMP-001", profile["employee_id"])
assert.Equal(t, []string{"alias1@baron.com", "alias2@baron.com"}, profile["secondary_emails"])
assert.Equal(t, "temporary_leave", profile["status"])
assert.Equal(t, []string{"+821012345678"}, profile["phones"])
assert.Nil(t, claims["tenants"])
@@ -118,13 +130,18 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
})
t.Run("With tenant-2", func(t *testing.T) {
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-2")
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-2", "leave_of_absence")
assert.Equal(t, "user@baron.com", claims["email"])
assert.Equal(t, "홍길동", claims["name"])
assert.Equal(t, "tenant-2", claims["tenant_id"])
assert.Nil(t, claims["department"])
assert.Nil(t, claims["grade"])
profile := claims["profile"].(map[string]any)
assert.Equal(t, "홍길동", profile["name"])
assert.Equal(t, "user@baron.com", profile["email"])
assert.Equal(t, "EMP-001", profile["employee_id"])
assert.Equal(t, []string{"alias1@baron.com", "alias2@baron.com"}, profile["secondary_emails"])
assert.Equal(t, "temporary_leave", profile["status"])
assert.Equal(t, []string{"+821012345678"}, profile["phones"])
assert.Nil(t, claims["tenants"])
@@ -132,13 +149,18 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
})
t.Run("With non-existent tenant", func(t *testing.T) {
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-3")
claims := buildOidcClaimsFromTraits(traits, scopes, "tenant-3", "leave_of_absence")
assert.Equal(t, "user@baron.com", claims["email"])
assert.Equal(t, "홍길동", claims["name"])
assert.Equal(t, "tenant-3", claims["tenant_id"])
assert.Nil(t, claims["department"])
assert.Nil(t, claims["grade"])
profile := claims["profile"].(map[string]any)
assert.Equal(t, "홍길동", profile["name"])
assert.Equal(t, "user@baron.com", profile["email"])
assert.Equal(t, "EMP-001", profile["employee_id"])
assert.Equal(t, []string{"alias1@baron.com", "alias2@baron.com"}, profile["secondary_emails"])
assert.Equal(t, "temporary_leave", profile["status"])
assert.Equal(t, []string{"+821012345678"}, profile["phones"])
assert.Nil(t, claims["tenants"])
@@ -147,11 +169,16 @@ func TestBuildOidcClaimsFromTraits_DynamicClaims(t *testing.T) {
})
t.Run("Tenants scope includes detailed tenant metadata", func(t *testing.T) {
claims := buildOidcClaimsFromTraits(traits, []string{"openid", "profile", "tenants"}, "tenant-1")
claims := buildOidcClaimsFromTraits(traits, []string{"openid", "profile", "tenants"}, "tenant-1", "leave_of_absence")
assert.Equal(t, "tenant-1", claims["tenant_id"])
assert.Equal(t, "개발팀", claims["department"])
assert.Equal(t, "선임", claims["grade"])
profile := claims["profile"].(map[string]any)
assert.Equal(t, "홍길동", profile["name"])
assert.Equal(t, "user@baron.com", profile["email"])
assert.Equal(t, "EMP-001", profile["employee_id"])
assert.Equal(t, []string{"alias1@baron.com", "alias2@baron.com"}, profile["secondary_emails"])
assert.Equal(t, "temporary_leave", profile["status"])
assert.Equal(t, []string{"+821012345678"}, profile["phones"])
assert.NotNil(t, claims["tenants"])
assert.Contains(t, claims["joined_tenants"], "tenant-1")
@@ -856,7 +883,7 @@ func TestBuildOidcClaimsFromTraits_IncludesGlobalCustomClaims(t *testing.T) {
"writePermission": "admin_only",
},
},
}, []string{"openid", "profile", "email"}, "")
}, []string{"openid", "profile", "email"}, "", "")
assert.Equal(t, "2026-06-09", claims["contract_date"])
assert.Equal(t, "2026-06-09T09:30:00+09:00", claims["approved_at"])