Add tests for webauthn & webauthn passwordless extra origins property

treydock · Jun 17, 2024 · 133715a · 133715a
1 parent 29ee7af
commit 133715a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb
@@ -239,6 +239,7 @@ class { 'keycloak': }
  web_authn_policy_create_timeout => 600,
  web_authn_policy_avoid_same_authenticator_register => true,
  web_authn_policy_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'],
+ web_authn_policy_extra_origins => ['https://example.com'],
  web_authn_policy_passwordless_rp_entity_name => 'Keycloak',
  web_authn_policy_passwordless_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'],
  web_authn_policy_passwordless_rp_id => 'https://example.com',
@@ -249,6 +250,7 @@ class { 'keycloak': }
  web_authn_policy_passwordless_create_timeout => 600,
  web_authn_policy_passwordless_avoid_same_authenticator_register => true,
  web_authn_policy_passwordless_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'],
+ web_authn_policy_passwordless_extra_origins => ['https://example.com'],
  }
  PUPPET_PP
 
@@ -321,6 +323,7 @@ class { 'keycloak': }
  expect(data['webAuthnPolicyCreateTimeout']).to eq(600)
  expect(data['webAuthnPolicyAvoidSameAuthenticatorRegister']).to eq(true)
  expect(data['webAuthnPolicyAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'])
+ expect(data['webAuthnPolicyExtraOrigins']).to eq(['https://example.com'])
  expect(data['webAuthnPolicyPasswordlessRpEntityName']).to eq('Keycloak')
  expect(data['webAuthnPolicyPasswordlessSignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'])
  expect(data['webAuthnPolicyPasswordlessRpId']).to eq('https://example.com')
@@ -331,6 +334,7 @@ class { 'keycloak': }
  expect(data['webAuthnPolicyPasswordlessCreateTimeout']).to eq(600)
  expect(data['webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister']).to eq(true)
  expect(data['webAuthnPolicyPasswordlessAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'])
+ expect(data['webAuthnPolicyPasswordlessExtraOrigins']).to eq(['https://example.com'])
  end
  end
 

diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -82,6 +82,7 @@
  web_authn_policy_create_timeout: 0,
  web_authn_policy_avoid_same_authenticator_register: :false,
  web_authn_policy_acceptable_aaguids: [],
+ web_authn_policy_extra_origins: [],
  web_authn_policy_passwordless_rp_entity_name: 'keycloak',
  web_authn_policy_passwordless_signature_algorithms: ['ES256'],
  web_authn_policy_passwordless_rp_id: '',
@@ -91,7 +92,8 @@
  web_authn_policy_passwordless_user_verification_requirement: 'not specified',
  web_authn_policy_passwordless_create_timeout: 0,
  web_authn_policy_passwordless_avoid_same_authenticator_register: :false,
- web_authn_policy_passwordless_acceptable_aaguids: []
+ web_authn_policy_passwordless_acceptable_aaguids: [],
+ web_authn_policy_passwordless_extra_origins: []
  }
 
  describe 'otp_policy_digits' do
@@ -348,8 +350,10 @@
  :roles,
  :web_authn_policy_signature_algorithms,
  :web_authn_policy_acceptable_aaguids,
+ :web_authn_policy_extra_origins,
  :web_authn_policy_passwordless_signature_algorithms,
- :web_authn_policy_passwordless_acceptable_aaguids
+ :web_authn_policy_passwordless_acceptable_aaguids,
+ :web_authn_policy_passwordless_extra_origins
  ].each do |p|
  it "accepts array for #{p}" do
  config[p] = ['foo', 'bar']