tests additional grant scopes

- parsing scopes in `grantAdditionalScopes` - read basic user info if `read:user` - fail reading repository info if only `read:user` - read repository info if `read:repository` - if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads all groups (public+private) - if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads only public groups - if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization` provided it reads all groups
2025-05-22 01:34:18 +00:00 · 2024-08-09 11:14:40 +02:00 · 2024-08-09 11:14:40 +02:00 · d6647f710f
commit d6647f710f
parent 8524589d8c
2 changed files with 548 additions and 0 deletions
--- a/services/auth/additional_scopes_test.go
+++ b/services/auth/additional_scopes_test.go
@ -0,0 +1,32 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGrantAdditionalScopes(t *testing.T) {
+	tests := []struct {
+		grantScopes    string
+		expectedScopes string
+	}{
+		{"openid profile email", ""},
+		{"openid profile email groups", ""},
+		{"openid profile email all", "all"},
+		{"openid profile email read:user all", "read:user,all"},
+		{"openid profile email groups read:user", "read:user"},
+		{"read:user read:repository", "read:user,read:repository"},
+		{"read:user write:issue public-only", "read:user,write:issue,public-only"},
+		{"openid profile email read:user", "read:user"},
+		{"read:invalid_scope", ""},
+		{"read:invalid_scope,write:scope_invalid,just-plain-wrong", ""},
+	}
+
+	for _, test := range tests {
+		t.Run(test.grantScopes, func(t *testing.T) {
+			result := grantAdditionalScopes(test.grantScopes)
+			assert.Equal(t, test.expectedScopes, result)
+		})
+	}
+}