From 897faabc3661810b24e90849e64aa9677d0d41bd Mon Sep 17 00:00:00 2001 From: Stephan Eicher Date: Mon, 17 Jun 2024 15:27:31 +0200 Subject: [PATCH] Add tests for webauthn passwordless policy properties --- spec/acceptance/2_realm_spec.rb | 20 ++++++++++++++ spec/unit/puppet/type/keycloak_realm_spec.rb | 29 ++++++++++++++++---- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb index 35149ccc..dea598da 100644 --- a/spec/acceptance/2_realm_spec.rb +++ b/spec/acceptance/2_realm_spec.rb @@ -233,6 +233,16 @@ class { 'keycloak': } web_authn_policy_create_timeout => 600, web_authn_policy_avoid_same_authenticator_register => true, web_authn_policy_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], + web_authn_policy_passwordless_rp_entity_name => 'Keycloak', + web_authn_policy_passwordless_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'], + web_authn_policy_passwordless_rp_id => 'https://example.com', + web_authn_policy_passwordless_attestation_conveyance_preference => 'direct', + web_authn_policy_passwordless_authenticator_attachment => 'cross-platform', + web_authn_policy_passwordless_require_resident_key => 'No', + web_authn_policy_passwordless_user_verification_requirement => 'required', + web_authn_policy_passwordless_create_timeout => 600, + web_authn_policy_passwordless_avoid_same_authenticator_register => true, + web_authn_policy_passwordless_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], } PUPPET_PP @@ -299,6 +309,16 @@ class { 'keycloak': } expect(data['webAuthnPolicyCreateTimeout']).to eq(600) expect(data['webAuthnPolicyAvoidSameAuthenticatorRegister']).to eq(true) expect(data['webAuthnPolicyAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) + expect(data['webAuthnPolicyPasswordlessRpEntityName']).to eq('Keycloak') + expect(data['webAuthnPolicyPasswordlessSignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512']) + expect(data['webAuthnPolicyPasswordlessRpId']).to eq('https://example.com') + expect(data['webAuthnPolicyPasswordlessAttestationConveyancePreference']).to eq('direct') + expect(data['webAuthnPolicyPasswordlessAuthenticatorAttachment']).to eq('cross-platform') + expect(data['webAuthnPolicyPasswordlessRequireResidentKey']).to eq('No') + expect(data['webAuthnPolicyPasswordlessUserVerificationRequirement']).to eq('required') + expect(data['webAuthnPolicyPasswordlessCreateTimeout']).to eq(600) + expect(data['webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister']).to eq(true) + expect(data['webAuthnPolicyPasswordlessAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) end end diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb index c10c07b8..353bfa51 100644 --- a/spec/unit/puppet/type/keycloak_realm_spec.rb +++ b/spec/unit/puppet/type/keycloak_realm_spec.rb @@ -74,7 +74,17 @@ web_authn_policy_user_verification_requirement: 'not specified', web_authn_policy_create_timeout: 0, web_authn_policy_avoid_same_authenticator_register: :false, - web_authn_policy_acceptable_aaguids: [] + web_authn_policy_acceptable_aaguids: [], + web_authn_policy_passwordless_rp_entity_name: 'keycloak', + web_authn_policy_passwordless_signature_algorithms: ['ES256'], + web_authn_policy_passwordless_rp_id: '', + web_authn_policy_passwordless_attestation_conveyance_preference: 'not specified', + web_authn_policy_passwordless_authenticator_attachment: 'not specified', + web_authn_policy_passwordless_require_resident_key: 'not specified', + web_authn_policy_passwordless_user_verification_requirement: 'not specified', + web_authn_policy_passwordless_create_timeout: 0, + web_authn_policy_passwordless_avoid_same_authenticator_register: :false, + web_authn_policy_passwordless_acceptable_aaguids: [] } # Test enumerable properties @@ -83,7 +93,11 @@ web_authn_policy_attestation_conveyance_preference: [:none, :indirect, :direct], web_authn_policy_authenticator_attachment: [:platform, :'cross-platform'], web_authn_policy_require_resident_key: [:Yes, :No], - web_authn_policy_user_verification_requirement: [:required, :preferred, :discouraged] + web_authn_policy_user_verification_requirement: [:required, :preferred, :discouraged], + web_authn_policy_passwordless_attestation_conveyance_preference: [:none, :indirect, :direct], + web_authn_policy_passwordless_authenticator_attachment: [:platform, :'cross-platform'], + web_authn_policy_passwordless_require_resident_key: [:Yes, :No], + web_authn_policy_passwordless_user_verification_requirement: [:required, :preferred, :discouraged] }.each do |p, values| values.each do |v| it "accepts #{v} for #{p}" do @@ -146,7 +160,9 @@ :smtp_server_reply_to_display_name, :default_locale, :web_authn_policy_rp_entity_name, - :web_authn_policy_rp_id + :web_authn_policy_rp_id, + :web_authn_policy_passwordless_rp_entity_name, + :web_authn_policy_passwordless_rp_id ].each do |p| it "accepts a #{p}" do config[p] = 'foo' @@ -184,7 +200,8 @@ :quick_login_check_milli_seconds, :max_delta_time_seconds, :failure_factor, - :web_authn_policy_create_timeout + :web_authn_policy_create_timeout, + :web_authn_policy_passwordless_create_timeout ].each do |p| it "accepts a #{p}" do config[p] = 100 @@ -266,7 +283,9 @@ :supported_locales, :roles, :web_authn_policy_signature_algorithms, - :web_authn_policy_acceptable_aaguids + :web_authn_policy_acceptable_aaguids, + :web_authn_policy_passwordless_signature_algorithms, + :web_authn_policy_passwordless_acceptable_aaguids ].each do |p| it "accepts array for #{p}" do config[p] = ['foo', 'bar']