From abcb4ac726b3a4532206e7eb4bfcf9843d31c269 Mon Sep 17 00:00:00 2001 From: Stephan Eicher Date: Mon, 17 Jun 2024 19:10:49 +0200 Subject: [PATCH] Add tests for webauthn & webauthn passwordless extra origins property --- spec/acceptance/2_realm_spec.rb | 4 ++++ spec/unit/puppet/type/keycloak_realm_spec.rb | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb index d06b4185..26d6a21b 100644 --- a/spec/acceptance/2_realm_spec.rb +++ b/spec/acceptance/2_realm_spec.rb @@ -239,6 +239,7 @@ class { 'keycloak': } web_authn_policy_create_timeout => 600, web_authn_policy_avoid_same_authenticator_register => true, web_authn_policy_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], + web_authn_policy_extra_origins => ['https://example.com'], web_authn_policy_passwordless_rp_entity_name => 'Keycloak', web_authn_policy_passwordless_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'], web_authn_policy_passwordless_rp_id => 'https://example.com', @@ -249,6 +250,7 @@ class { 'keycloak': } web_authn_policy_passwordless_create_timeout => 600, web_authn_policy_passwordless_avoid_same_authenticator_register => true, web_authn_policy_passwordless_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], + web_authn_policy_passwordless_extra_origins => ['https://example.com'], } PUPPET_PP @@ -321,6 +323,7 @@ class { 'keycloak': } expect(data['webAuthnPolicyCreateTimeout']).to eq(600) expect(data['webAuthnPolicyAvoidSameAuthenticatorRegister']).to eq(true) expect(data['webAuthnPolicyAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) + expect(data['webAuthnPolicyExtraOrigins']).to eq(['https://example.com']) expect(data['webAuthnPolicyPasswordlessRpEntityName']).to eq('Keycloak') expect(data['webAuthnPolicyPasswordlessSignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512']) expect(data['webAuthnPolicyPasswordlessRpId']).to eq('https://example.com') @@ -331,6 +334,7 @@ class { 'keycloak': } expect(data['webAuthnPolicyPasswordlessCreateTimeout']).to eq(600) expect(data['webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister']).to eq(true) expect(data['webAuthnPolicyPasswordlessAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) + expect(data['webAuthnPolicyPasswordlessExtraOrigins']).to eq(['https://example.com']) end end diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb index 42a48eba..dca25314 100644 --- a/spec/unit/puppet/type/keycloak_realm_spec.rb +++ b/spec/unit/puppet/type/keycloak_realm_spec.rb @@ -82,6 +82,7 @@ web_authn_policy_create_timeout: 0, web_authn_policy_avoid_same_authenticator_register: :false, web_authn_policy_acceptable_aaguids: [], + web_authn_policy_extra_origins: [], web_authn_policy_passwordless_rp_entity_name: 'keycloak', web_authn_policy_passwordless_signature_algorithms: ['ES256'], web_authn_policy_passwordless_rp_id: '', @@ -91,7 +92,8 @@ web_authn_policy_passwordless_user_verification_requirement: 'not specified', web_authn_policy_passwordless_create_timeout: 0, web_authn_policy_passwordless_avoid_same_authenticator_register: :false, - web_authn_policy_passwordless_acceptable_aaguids: [] + web_authn_policy_passwordless_acceptable_aaguids: [], + web_authn_policy_passwordless_extra_origins: [] } describe 'otp_policy_digits' do @@ -348,8 +350,10 @@ :roles, :web_authn_policy_signature_algorithms, :web_authn_policy_acceptable_aaguids, + :web_authn_policy_extra_origins, :web_authn_policy_passwordless_signature_algorithms, - :web_authn_policy_passwordless_acceptable_aaguids + :web_authn_policy_passwordless_acceptable_aaguids, + :web_authn_policy_passwordless_extra_origins ].each do |p| it "accepts array for #{p}" do config[p] = ['foo', 'bar']