Add tests for webauthn passwordless policy properties

treydock · Jun 17, 2024 · 897faab · 897faab
1 parent 2d2b37f
commit 897faab
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 5 deletions.
diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb
@@ -233,6 +233,16 @@ class { 'keycloak': }
  web_authn_policy_create_timeout => 600,
  web_authn_policy_avoid_same_authenticator_register => true,
  web_authn_policy_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'],
+ web_authn_policy_passwordless_rp_entity_name => 'Keycloak',
+ web_authn_policy_passwordless_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'],
+ web_authn_policy_passwordless_rp_id => 'https://example.com',
+ web_authn_policy_passwordless_attestation_conveyance_preference => 'direct',
+ web_authn_policy_passwordless_authenticator_attachment => 'cross-platform',
+ web_authn_policy_passwordless_require_resident_key => 'No',
+ web_authn_policy_passwordless_user_verification_requirement => 'required',
+ web_authn_policy_passwordless_create_timeout => 600,
+ web_authn_policy_passwordless_avoid_same_authenticator_register => true,
+ web_authn_policy_passwordless_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'],
  }
  PUPPET_PP
 
@@ -299,6 +309,16 @@ class { 'keycloak': }
  expect(data['webAuthnPolicyCreateTimeout']).to eq(600)
  expect(data['webAuthnPolicyAvoidSameAuthenticatorRegister']).to eq(true)
  expect(data['webAuthnPolicyAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'])
+ expect(data['webAuthnPolicyPasswordlessRpEntityName']).to eq('Keycloak')
+ expect(data['webAuthnPolicyPasswordlessSignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'])
+ expect(data['webAuthnPolicyPasswordlessRpId']).to eq('https://example.com')
+ expect(data['webAuthnPolicyPasswordlessAttestationConveyancePreference']).to eq('direct')
+ expect(data['webAuthnPolicyPasswordlessAuthenticatorAttachment']).to eq('cross-platform')
+ expect(data['webAuthnPolicyPasswordlessRequireResidentKey']).to eq('No')
+ expect(data['webAuthnPolicyPasswordlessUserVerificationRequirement']).to eq('required')
+ expect(data['webAuthnPolicyPasswordlessCreateTimeout']).to eq(600)
+ expect(data['webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister']).to eq(true)
+ expect(data['webAuthnPolicyPasswordlessAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'])
  end
  end
 

diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -74,7 +74,17 @@
  web_authn_policy_user_verification_requirement: 'not specified',
  web_authn_policy_create_timeout: 0,
  web_authn_policy_avoid_same_authenticator_register: :false,
- web_authn_policy_acceptable_aaguids: []
+ web_authn_policy_acceptable_aaguids: [],
+ web_authn_policy_passwordless_rp_entity_name: 'keycloak',
+ web_authn_policy_passwordless_signature_algorithms: ['ES256'],
+ web_authn_policy_passwordless_rp_id: '',
+ web_authn_policy_passwordless_attestation_conveyance_preference: 'not specified',
+ web_authn_policy_passwordless_authenticator_attachment: 'not specified',
+ web_authn_policy_passwordless_require_resident_key: 'not specified',
+ web_authn_policy_passwordless_user_verification_requirement: 'not specified',
+ web_authn_policy_passwordless_create_timeout: 0,
+ web_authn_policy_passwordless_avoid_same_authenticator_register: :false,
+ web_authn_policy_passwordless_acceptable_aaguids: []
  }
 
  # Test enumerable properties
@@ -83,7 +93,11 @@
  web_authn_policy_attestation_conveyance_preference: [:none, :indirect, :direct],
  web_authn_policy_authenticator_attachment: [:platform, :'cross-platform'],
  web_authn_policy_require_resident_key: [:Yes, :No],
- web_authn_policy_user_verification_requirement: [:required, :preferred, :discouraged]
+ web_authn_policy_user_verification_requirement: [:required, :preferred, :discouraged],
+ web_authn_policy_passwordless_attestation_conveyance_preference: [:none, :indirect, :direct],
+ web_authn_policy_passwordless_authenticator_attachment: [:platform, :'cross-platform'],
+ web_authn_policy_passwordless_require_resident_key: [:Yes, :No],
+ web_authn_policy_passwordless_user_verification_requirement: [:required, :preferred, :discouraged]
  }.each do |p, values|
  values.each do |v|
  it "accepts #{v} for #{p}" do
@@ -146,7 +160,9 @@
  :smtp_server_reply_to_display_name,
  :default_locale,
  :web_authn_policy_rp_entity_name,
- :web_authn_policy_rp_id
+ :web_authn_policy_rp_id,
+ :web_authn_policy_passwordless_rp_entity_name,
+ :web_authn_policy_passwordless_rp_id
  ].each do |p|
  it "accepts a #{p}" do
  config[p] = 'foo'
@@ -184,7 +200,8 @@
  :quick_login_check_milli_seconds,
  :max_delta_time_seconds,
  :failure_factor,
- :web_authn_policy_create_timeout
+ :web_authn_policy_create_timeout,
+ :web_authn_policy_passwordless_create_timeout
  ].each do |p|
  it "accepts a #{p}" do
  config[p] = 100
@@ -266,7 +283,9 @@
  :supported_locales,
  :roles,
  :web_authn_policy_signature_algorithms,
- :web_authn_policy_acceptable_aaguids
+ :web_authn_policy_acceptable_aaguids,
+ :web_authn_policy_passwordless_signature_algorithms,
+ :web_authn_policy_passwordless_acceptable_aaguids
  ].each do |p|
  it "accepts array for #{p}" do
  config[p] = ['foo', 'bar']