Skip to content

Commit

Permalink
Add tests for otp policy properties
Browse files Browse the repository at this point in the history
  • Loading branch information
@TuningYourCode
TuningYourCode committed Jun 17, 2024
1 parent f3352cb commit 260f8a3
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 1 deletion.
12 changes: 12 additions & 0 deletions spec/acceptance/2_realm_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,12 @@ class { 'keycloak': }
wait_increment_seconds => 10,
quick_login_check_milli_seconds => 10,
max_delta_time_seconds => 3600,
otp_policy_type => 'totp',
otp_policy_algorithm => 'HmacSHA512',
otp_policy_initial_counter => 1,
otp_policy_digits => 8,
otp_policy_period => 30,
otp_policy_code_reusable => true,
web_authn_policy_rp_entity_name => 'Keycloak',
web_authn_policy_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'],
web_authn_policy_rp_id => 'https://example.com',
Expand Down Expand Up @@ -299,6 +305,12 @@ class { 'keycloak': }
expect(data['internationalizationEnabled']).to eq(true)
expect(data['defaultLocale']).to eq('en')
expect(data['supportedLocales']).to eq(['de', 'en'])
expect(data['otpPolicyType']).to eq('totp')
expect(data['otpPolicyAlgorithm']).to eq('HmacSHA512')
expect(data['otpPolicyInitialCounter']).to eq(1)
expect(data['otpPolicyDigits']).to eq(8)
expect(data['otpPolicyPeriod']).to eq(30)
expect(data['otpPolicyCodeReusable']).to eq(true)
expect(data['webAuthnPolicyRpEntityName']).to eq('Keycloak')
expect(data['webAuthnPolicySignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'])
expect(data['webAuthnPolicyRpId']).to eq('https://example.com')
Expand Down
66 changes: 65 additions & 1 deletion spec/unit/puppet/type/keycloak_realm_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@
quick_login_check_milli_seconds: 1_000,
max_delta_time_seconds: 43_200,
failure_factor: 30,
otp_policy_type: 'totp',
otp_policy_algorithm: 'HmacSHA1',
otp_policy_initial_counter: 0,
otp_policy_digits: 6,
otp_policy_look_ahead_window: 1,
otp_policy_period: 30,
otp_policy_code_reusable: :false,
web_authn_policy_rp_entity_name: 'keycloak',
web_authn_policy_signature_algorithms: ['ES256'],
web_authn_policy_rp_id: '',
Expand All @@ -87,9 +94,62 @@
web_authn_policy_passwordless_acceptable_aaguids: []
}

describe 'otp_policy_digits' do
it 'accepts 6 for otp_policy_digits' do
config[:otp_policy_digits] = 6
expect(resource[:otp_policy_digits]).to eq(6)
end

it 'accepts 8 for otp_policy_digits' do
config[:otp_policy_digits] = 8
expect(resource[:otp_policy_digits]).to eq(8)
end

it 'does not accept 7 for otp_policy_digits' do
config[:otp_policy_digits] = 7
expect {
resource
}.to raise_error(%r{7})
end

it 'does not accept 5 for otp_policy_digits' do
config[:otp_policy_digits] = 5
expect {
resource
}.to raise_error(%r{5})
end

it 'has default for otp_policy_digits' do
expect(resource[:otp_policy_digits]).to eq(defaults[:otp_policy_digits])
end

it 'does not accept nil for otp_policy_digits' do
config[:otp_policy_digits] = nil
expect {
resource
}.to raise_error(%r{nil})
end

it 'does not accept empty for otp_policy_digits' do
config[:otp_policy_digits] = ''
expect {
resource
}.to raise_error(%r{Invalid value ""})
end

it 'does not accept foo for otp_policy_digits' do
config[:otp_policy_digits] = 'foo'
expect {
resource
}.to raise_error(%r{Invalid value "foo"})
end
end

# Test enumerable properties
describe 'enumerable properties' do
{
otp_policy_type: [:totp, :hotp],
otp_policy_algorithm: [:HmacSHA1, :HmacSHA256, :HmacSHA512],
web_authn_policy_attestation_conveyance_preference: [:none, :indirect, :direct],
web_authn_policy_authenticator_attachment: [:platform, :'cross-platform'],
web_authn_policy_require_resident_key: [:Yes, :No],
Expand Down Expand Up @@ -200,6 +260,9 @@
:quick_login_check_milli_seconds,
:max_delta_time_seconds,
:failure_factor,
:otp_policy_initial_counter,
:otp_policy_look_ahead_window,
:otp_policy_period,
:web_authn_policy_create_timeout,
:web_authn_policy_passwordless_create_timeout
].each do |p|
Expand Down Expand Up @@ -237,7 +300,8 @@
:smtp_server_ssl,
:brute_force_protected,
:offline_session_max_lifespan_enabled,
:permanent_lockout
:permanent_lockout,
:otp_policy_code_reusable
].each do |p|
it "accepts true for #{p}" do
config[p] = true
Expand Down

0 comments on commit 260f8a3

Please sign in to comment.