zitadel/internal/api/oidc/amr_test.go
Tim Möhlmann 6398349c24
feat(oidc): token exchange impersonation (#7516)
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00

91 lines
1.6 KiB
Go

package oidc
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/domain"
)
func TestAMR(t *testing.T) {
type args struct {
methodTypes []domain.UserAuthMethodType
}
tests := []struct {
name string
args args
want []string
}{
{
"no checks, empty",
args{
nil,
},
nil,
},
{
"pw checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
},
[]string{PWD},
},
{
"passkey checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePasswordless},
},
[]string{UserPresence, MFA},
},
{
"u2f checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeU2F},
},
[]string{UserPresence},
},
{
"totp checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP},
},
[]string{OTP},
},
{
"otp sms checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPSMS},
},
[]string{OTP},
},
{
"otp email checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPEmail},
},
[]string{OTP},
},
{
"multiple (t)otp checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPEmail},
},
[]string{OTP, MFA},
},
{
"multiple checked",
args{
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword, domain.UserAuthMethodTypeU2F},
},
[]string{PWD, UserPresence, MFA},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := AuthMethodTypesToAMR(tt.args.methodTypes)
assert.Equal(t, tt.want, got)
})
}
}