Implement tenant import and RP auto login policies

2026-04-30 15:45:34 +09:00
parent 24807eab0f
commit f7e4d43b16
76 changed files with 5307 additions and 441 deletions
--- a/backend/internal/handler/dev_handler_test.go
+++ b/backend/internal/handler/dev_handler_test.go
@@ -1300,6 +1300,36 @@ func TestCreateClient_DefaultsSkipConsentToTrue(t *testing.T) {
 	assert.True(t, *captured.SkipConsent)
 }

+func TestNormalizeClientAutoLoginMetadata(t *testing.T) {
+	t.Run("keeps supported flag and URL", func(t *testing.T) {
+		metadata, err := normalizeClientAutoLoginMetadata(map[string]interface{}{
+			"auto_login_supported": true,
+			"auto_login_url":       "https://rp.example.com/login?auto=1",
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, true, metadata["auto_login_supported"])
+		assert.Equal(t, "https://rp.example.com/login?auto=1", metadata["auto_login_url"])
+	})
+
+	t.Run("requires URL when supported", func(t *testing.T) {
+		_, err := normalizeClientAutoLoginMetadata(map[string]interface{}{
+			"auto_login_supported": true,
+		})
+		assert.Error(t, err)
+	})
+
+	t.Run("removes URL when unsupported", func(t *testing.T) {
+		metadata, err := normalizeClientAutoLoginMetadata(map[string]interface{}{
+			"auto_login_supported": false,
+			"auto_login_url":       "https://rp.example.com/login?auto=1",
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, false, metadata["auto_login_supported"])
+		_, exists := metadata["auto_login_url"]
+		assert.False(t, exists)
+	})
+}
+
 func TestCreateClient_AllowsExplicitSkipConsentFalse(t *testing.T) {
 	var captured domain.HydraClient