d6647f710f
- parsing scopes in `grantAdditionalScopes` - read basic user info if `read:user` - fail reading repository info if only `read:user` - read repository info if `read:repository` - if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads all groups (public+private) - if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads only public groups - if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization` provided it reads all groups
32 lines
903 B
Go
32 lines
903 B
Go
package auth
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestGrantAdditionalScopes(t *testing.T) {
|
|
tests := []struct {
|
|
grantScopes string
|
|
expectedScopes string
|
|
}{
|
|
{"openid profile email", ""},
|
|
{"openid profile email groups", ""},
|
|
{"openid profile email all", "all"},
|
|
{"openid profile email read:user all", "read:user,all"},
|
|
{"openid profile email groups read:user", "read:user"},
|
|
{"read:user read:repository", "read:user,read:repository"},
|
|
{"read:user write:issue public-only", "read:user,write:issue,public-only"},
|
|
{"openid profile email read:user", "read:user"},
|
|
{"read:invalid_scope", ""},
|
|
{"read:invalid_scope,write:scope_invalid,just-plain-wrong", ""},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.grantScopes, func(t *testing.T) {
|
|
result := grantAdditionalScopes(test.grantScopes)
|
|
assert.Equal(t, test.expectedScopes, result)
|
|
})
|
|
}
|
|
}
|