mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
6398349c24
* add token exchange feature flag * allow setting reason and actor to access tokens * impersonation * set token types and scopes in response * upgrade oidc to working draft state * fix tests * audience and scope validation * id toke and jwt as input * return id tokens * add grant type token exchange to app config * add integration tests * check and deny actors in api calls * fix instance setting tests by triggering projection on write and cleanup * insert sleep statements again * solve linting issues * add translations * pin oidc v3.15.0 * resolve comments, add event translation * fix refreshtoken test * use ValidateAuthReqScopes from oidc * apparently the linter can't make up its mind * persist actor thru refresh tokens and check in tests * remove unneeded triggers
91 lines
1.6 KiB
Go
91 lines
1.6 KiB
Go
package oidc
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
)
|
|
|
|
func TestAMR(t *testing.T) {
|
|
type args struct {
|
|
methodTypes []domain.UserAuthMethodType
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want []string
|
|
}{
|
|
{
|
|
"no checks, empty",
|
|
args{
|
|
nil,
|
|
},
|
|
nil,
|
|
},
|
|
{
|
|
"pw checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
|
|
},
|
|
[]string{PWD},
|
|
},
|
|
{
|
|
"passkey checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePasswordless},
|
|
},
|
|
[]string{UserPresence, MFA},
|
|
},
|
|
{
|
|
"u2f checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeU2F},
|
|
},
|
|
[]string{UserPresence},
|
|
},
|
|
{
|
|
"totp checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP},
|
|
},
|
|
[]string{OTP},
|
|
},
|
|
{
|
|
"otp sms checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPSMS},
|
|
},
|
|
[]string{OTP},
|
|
},
|
|
{
|
|
"otp email checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPEmail},
|
|
},
|
|
[]string{OTP},
|
|
},
|
|
{
|
|
"multiple (t)otp checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPEmail},
|
|
},
|
|
[]string{OTP, MFA},
|
|
},
|
|
{
|
|
"multiple checked",
|
|
args{
|
|
[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword, domain.UserAuthMethodTypeU2F},
|
|
},
|
|
[]string{PWD, UserPresence, MFA},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := AuthMethodTypesToAMR(tt.args.methodTypes)
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|