mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-07-17 15:31:13 +00:00
tests: add tests for abstain in oauth whitelist
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
@@ -43,8 +44,7 @@ func (rule *UserAllowedRule) Evaluate(ctx *ACLContext) Effect {
|
||||
rule.Log.App.Debug().Msg("User is an OAuth user, checking OAuth whitelist")
|
||||
match, err := utils.CheckFilter(ctx.ACLs.OAuth.Whitelist, ctx.UserContext.OAuth.Email)
|
||||
if err != nil {
|
||||
// Empty whitelist means "not configured" — let OAuth group rules decide.
|
||||
if err == utils.ErrFilterEmpty {
|
||||
if errors.Is(err, utils.ErrFilterEmpty) {
|
||||
rule.Log.App.Debug().Msg("OAuth whitelist is empty, abstaining")
|
||||
return EffectAbstain
|
||||
}
|
||||
@@ -77,7 +77,7 @@ func (rule *UserAllowedRule) Evaluate(ctx *ACLContext) Effect {
|
||||
match, err := utils.CheckFilter(ctx.ACLs.Users.Allow, ctx.UserContext.GetUsername())
|
||||
|
||||
if err != nil {
|
||||
if err == utils.ErrFilterEmpty {
|
||||
if errors.Is(err, utils.ErrFilterEmpty) {
|
||||
return EffectAbstain
|
||||
}
|
||||
rule.Log.App.Warn().Err(err).Str("item", ctx.UserContext.GetUsername()).Msg("Invalid entry in users allow list")
|
||||
|
||||
@@ -44,6 +44,21 @@ func TestUserAllowedRule(t *testing.T) {
|
||||
},
|
||||
expected: EffectAbstain,
|
||||
},
|
||||
{
|
||||
name: "abstains when filter is empty",
|
||||
ctx: &ACLContext{
|
||||
ACLs: &model.App{
|
||||
OAuth: model.AppOAuth{Whitelist: ""},
|
||||
},
|
||||
UserContext: &model.UserContext{
|
||||
Provider: model.ProviderOAuth,
|
||||
OAuth: &model.OAuthContext{
|
||||
BaseContext: model.BaseContext{Username: "alice"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: EffectAbstain,
|
||||
},
|
||||
{
|
||||
name: "allows OAuth user when email matches whitelist",
|
||||
ctx: &ACLContext{
|
||||
|
||||
Reference in New Issue
Block a user