Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Topic/k1ch/ support token generation for persona with permission and no role (#71) #98

Merged
merged 1 commit into from
Feb 20, 2024
Merged

Topic/k1ch/ support token generation for persona with permission and no role (#71) #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions database/layer/view-select-relationships.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ function getTenantPersonaClientsView () {
FROM usher.tenants t
JOIN usher.tenantclients tc ON t.key = tc.tenantkey
JOIN usher.clients c ON c.key = tc.clientkey
JOIN usher.roles r ON r.clientkey = c.key
JOIN usher.personaroles ur ON ur.rolekey = r.key
JOIN usher.personas p ON ur.personakey = p.key AND p.tenantkey = t.key`
LEFT JOIN usher.roles r ON r.clientkey = c.key
LEFT JOIN usher.permissions pe ON pe.clientkey = c.key
LEFT JOIN usher.personaroles pr ON pr.rolekey = r.key
LEFT JOIN usher.personapermissions pp ON pp.permissionkey = pe.key
JOIN usher.personas p ON (pr.personakey = p.key OR pp.personakey = p.key) AND p.tenantkey = t.key`
}

async function selectTenantPersonaClients (subClaim = '*', userContext = '*', clientId = '*') {
Expand Down
149 changes: 89 additions & 60 deletions database/test/db-persona.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,113 +2,142 @@ const { describe, it } = require('mocha')
const assert = require('assert')
const viewSelectEntities = require('../layer/view-select-entities')
const viewSelectRelationships = require('../layer/view-select-relationships')
const { usherDb } = require('../layer/knex')

describe('Tenant Personas', function () {
describe('Test Tenant Persona Client requests', function () {
describe('Tenant Personas', () => {
describe('Test Tenant Persona Client requests', () => {
const TUC_EXPECTED1 =
[{
client_id: 'test-client1',
clientname: 'Test Client 1'
},
{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]

it('Should return all clients for a specific tenant persona', async function () {
[{
client_id: 'test-client1',
clientname: 'Test Client 1'
},
{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]

it('Should return all clients for a specific tenant persona', async () => {
let TUC_ACTUAL1 = await viewSelectRelationships.selectTenantPersonaClients('mockauth0|5e472b2d8a409e0e62026856', '', '*')
TUC_ACTUAL1 = TUC_ACTUAL1.filter(x => x.client_id === 'test-client1' | x.client_id === 'test-client2')
assert.strictEqual(JSON.stringify(TUC_ACTUAL1), JSON.stringify(TUC_EXPECTED1))
})

const TUC_EXPECTED1A =
[{
client_id: 'test-client1',
clientname: 'Test Client 1'
}, {
client_id: 'test-client2',
clientname: 'Test Client 2'
}, {
client_id: 'test-client3',
clientname: 'Test Client 3'
}]

it('Should return all clients for a specific tenant sub_claim', async function () {
[{
client_id: 'test-client1',
clientname: 'Test Client 1'
}, {
client_id: 'test-client2',
clientname: 'Test Client 2'
}, {
client_id: 'test-client3',
clientname: 'Test Client 3'
}]

it('Should return all clients for a specific tenant sub_claim', async () => {
const TUC_ACTUAL1A = await viewSelectRelationships.selectTenantPersonaClients('mockauth0|test-persona2-REPLACE', '*', '*')
assert.strictEqual(JSON.stringify(TUC_ACTUAL1A), JSON.stringify(TUC_EXPECTED1A))
})

const TUC_EXPECTED2 =
[{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]
[{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]

it('Should return just the specified client for a specific tenant persona', async function () {
it('Should return just the specified client for a specific tenant persona', async () => {
const TUC_ACTUAL2 = await viewSelectRelationships.selectTenantPersonaClients('mockauth0|test-persona2-REPLACE', '', 'test-client2')
assert.strictEqual(JSON.stringify(TUC_ACTUAL2), JSON.stringify(TUC_EXPECTED2))
})

const TUC_EXPECTED3 =
[{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]
[{
client_id: 'test-client2',
clientname: 'Test Client 2'
}]

it('Should return all tenant personas of a specific client', async function () {
it('Should return all tenant personas of a specific client', async () => {
const TUC_ACTUAL3 = await viewSelectRelationships.selectTenantPersonaClients('*', '', 'test-client2')
assert.strictEqual(JSON.stringify(TUC_ACTUAL3), JSON.stringify(TUC_EXPECTED3))
})

const TUC_EXPECTED4 =
[{
client_id: 'test-client1',
clientname: 'Test Client 1'
}]

let testPersonaKey
it('Should return a list of clients for a persona which has a permission but no role', async () => {
const { key: permissionkey, tenantkey } = await usherDb('permissions as p')
.select('p.*', 'tc.tenantkey')
.join('clients as c', 'p.clientkey', '=', 'c.key')
.join('tenantclients as tc', 'c.key', '=', 'tc.clientkey')
.whereRaw('c.client_id = ?', TUC_EXPECTED4[0].client_id)
.first()
const [persona] = await usherDb('personas').insert({ tenantkey, sub_claim: 'selectTenantPersonaClients@test' }).returning('*')
testPersonaKey = persona.key
await usherDb('personapermissions').insert({ personakey: testPersonaKey, permissionkey })
const TUC_ACTUAL4 = await viewSelectRelationships.selectTenantPersonaClients(persona.sub_claim)
assert.ok(TUC_ACTUAL4.length === 1)
assert.strictEqual(JSON.stringify(TUC_ACTUAL4), JSON.stringify(TUC_EXPECTED4))
})

after(async () => {
await usherDb('personas').where({ key: testPersonaKey }).del()
await usherDb('personapermissions').where({ personakey: testPersonaKey }).del()
})
})

describe('Test Tenant Persona Client Role requests', function () {
describe('Test Tenant Persona Client Role requests', () => {
const TUCR_EXPECTED1 =
[{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role2","roledescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|test-persona2-REPLACE","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|test-persona2-REPLACE","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role3","roledescription":"For testing"}]
[{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role2", "roledescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|test-persona2-REPLACE", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|test-persona2-REPLACE", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role3", "roledescription": "For testing" }]

it('Should return all tenant persona roles for a specific client', async function () {
it('Should return all tenant persona roles for a specific client', async () => {
const TUCR_ACTUAL1 = await viewSelectRelationships.selectTenantPersonaClientRoles('*', '', 'test-client1')
assert.strictEqual(JSON.stringify(TUCR_ACTUAL1), JSON.stringify(TUCR_EXPECTED1))
})
})

describe('Test Tenant Persona Client Role Permission requests', function () {
describe('Test Tenant Persona Client Role Permission requests', () => {
const TUCRP_EXPECTED1 =
[{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing","permissionname":"test-permission1","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing","permissionname":"test-permission2","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role2","roledescription":"For testing","permissionname":"test-permission3","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|5e472b2d8a409e0e62026856","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role2","roledescription":"For testing","permissionname":"test-permission4","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|test-persona2-REPLACE","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing","permissionname":"test-permission1","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|test-persona2-REPLACE","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role1","roledescription":"For testing","permissionname":"test-permission2","permissiondescription":"For testing"},
{"iss_claim":"http://idp.dmgt.com.mock.localhost:3002/","tenantname":"test-tenant1","sub_claim":"mockauth0|test-persona2-REPLACE","user_context":"","client_id":"test-client1","clientname":"Test Client 1","rolename":"test-client1:test-role3","roledescription":"For testing","permissionname":"test-permission5","permissiondescription":"For testing"}]

it('Should return all clients role permissions for a specific client', async function () {
[{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing", "permissionname": "test-permission1", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing", "permissionname": "test-permission2", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role2", "roledescription": "For testing", "permissionname": "test-permission3", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|5e472b2d8a409e0e62026856", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role2", "roledescription": "For testing", "permissionname": "test-permission4", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|test-persona2-REPLACE", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing", "permissionname": "test-permission1", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|test-persona2-REPLACE", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role1", "roledescription": "For testing", "permissionname": "test-permission2", "permissiondescription": "For testing" },
{ "iss_claim": "http://idp.dmgt.com.mock.localhost:3002/", "tenantname": "test-tenant1", "sub_claim": "mockauth0|test-persona2-REPLACE", "user_context": "", "client_id": "test-client1", "clientname": "Test Client 1", "rolename": "test-client1:test-role3", "roledescription": "For testing", "permissionname": "test-permission5", "permissiondescription": "For testing" }]

it('Should return all clients role permissions for a specific client', async () => {

const TUCRP_ACTUAL1 = await viewSelectRelationships.selectTenantPersonaClientRolePermissions('*', '', 'test-client1')
assert.strictEqual(JSON.stringify(TUCRP_ACTUAL1), JSON.stringify(TUCRP_EXPECTED1))
})
})

describe('Test Tenant Persona Permission requests', function () {
describe('Test Tenant Persona Permission requests', () => {
const TUCPP_EXPECTED1 =
[{ client_id: 'test-client1', sub_claim: 'mockauth0|5e472b2d8a409e0e62026856', permissionname: 'test-permission8' }]
[{ client_id: 'test-client1', sub_claim: 'mockauth0|5e472b2d8a409e0e62026856', permissionname: 'test-permission8' }]

it('Should return all persona permissions for a specific client', async function () {
it('Should return all persona permissions for a specific client', async () => {
const TUCPP_ACTUAL1 = await viewSelectRelationships.selectTenantPersonaPermissions('test-client1', '*')
assert.strictEqual(JSON.stringify(TUCPP_EXPECTED1), JSON.stringify(TUCPP_ACTUAL1))
})
})

describe('Test issuer JWKS request', function () {
describe('Test issuer JWKS request', () => {
const JWKS_EXPECTED =
[{
tenantname: 'test-tenant1',
iss_claim: 'http://idp.dmgt.com.mock.localhost:3002/',
jwks_uri: 'http://idp.dmgt.com.mock.localhost:3002/.well-known/jwks.json'
}]
[{
tenantname: 'test-tenant1',
iss_claim: 'http://idp.dmgt.com.mock.localhost:3002/',
jwks_uri: 'http://idp.dmgt.com.mock.localhost:3002/.well-known/jwks.json'
}]

it('Should return the JWKS url for the specified issuer', async function () {
it('Should return the JWKS url for the specified issuer', async () => {
const JWKS_ACTUAL = await viewSelectEntities.selectIssuerJWKS('http://idp.dmgt.com.mock.localhost:3002/')
assert.strictEqual(JSON.stringify(JWKS_ACTUAL), JSON.stringify(JWKS_EXPECTED))
})
Expand Down