[Bug 33782] New: Oauth2/OIDC identity providers code is not covered by unit tests
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Bug ID: 33782 Summary: Oauth2/OIDC identity providers code is not covered by unit tests Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: nick@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org We need to provide tests for this code. It will require mocking, or using the Mojo mocking, but should be done before we add more in this area. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |33675 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33675 [Bug 33675] Add CSRF protection to OAuth/OIDC authentication -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Michaela Sieber <michaela.sieber@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michaela.sieber@kit.edu See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=33768 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #1 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 186630 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186630&action=edit Bug 33782: Add unit tests for Koha::Auth::Client::OAuth This patch adds comprehensive unit tests for the OAuth authentication client, specifically covering the _get_data_and_patron method which handles JWT token processing and UserInfo endpoint integration. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! 3. Tests cover: - JWT id_token processing and patron matching - UserInfo endpoint calls and data merging - Non-existent user scenarios - Combined JWT + UserInfo data sources 4. Sign off :-D status: Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #2 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 186631 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186631&action=edit Bug 33782: (follow-up) Remove code duplication in OAuth client This patch eliminates duplicated patron search logic in the _get_data_and_patron method by extracting it into a dedicated helper method _find_patron_by_matchpoint. Changes: - Extract duplicated patron search logic (8 lines removed) - Add _find_patron_by_matchpoint helper method - Improve code maintainability and readability - No functional changes - behavior preserved Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! OAuth client tests work correctly k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! OAuth API integration works 3. Confirm OAuth authentication still works in browser 4. Sign off :-D -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Oauth2/OIDC identity |OAuth2/OIDC identity |providers code is not |providers code is not |covered by unit tests |covered by unit tests CC| |tomascohen@gmail.com Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #186630|0 |1 is obsolete| | --- Comment #3 from David Nind <david@davidnind.com> --- Created attachment 190309 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=190309&action=edit Bug 33782: Add unit tests for Koha::Auth::Client::OAuth This patch adds comprehensive unit tests for the OAuth authentication client, specifically covering the _get_data_and_patron method which handles JWT token processing and UserInfo endpoint integration. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! 3. Tests cover: - JWT id_token processing and patron matching - UserInfo endpoint calls and data merging - Non-existent user scenarios - Combined JWT + UserInfo data sources 4. Sign off :-D Signed-off-by: David Nind <you@example.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #186631|0 |1 is obsolete| | --- Comment #4 from David Nind <david@davidnind.com> --- Created attachment 190310 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=190310&action=edit Bug 33782: (follow-up) Remove code duplication in OAuth client This patch eliminates duplicated patron search logic in the _get_data_and_patron method by extracting it into a dedicated helper method _find_patron_by_matchpoint. Changes: - Extract duplicated patron search logic (8 lines removed) - Add _find_patron_by_matchpoint helper method - Improve code maintainability and readability - No functional changes - behavior preserved Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! OAuth client tests work correctly k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! OAuth API integration works 3. Confirm OAuth authentication still works in browser 4. Sign off :-D Signed-off-by: David Nind <you@example.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com --- Comment #5 from David Nind <david@davidnind.com> --- I've signed off as the tests pass (and it has been sitting in the needs sign-off queue for some time). I have no idea how to test step 3 from the second patch: "Confirm OAuth authentication still works in browser". Please change back to needs sign off if this is required, and I'll leave for someone who knows how to test. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #190309|0 |1 is obsolete| | --- Comment #6 from David Nind <david@davidnind.com> --- Created attachment 190323 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=190323&action=edit Bug 33782: Add unit tests for Koha::Auth::Client::OAuth This patch adds comprehensive unit tests for the OAuth authentication client, specifically covering the _get_data_and_patron method which handles JWT token processing and UserInfo endpoint integration. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! 3. Tests cover: - JWT id_token processing and patron matching - UserInfo endpoint calls and data merging - Non-existent user scenarios - Combined JWT + UserInfo data sources 4. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #190310|0 |1 is obsolete| | --- Comment #7 from David Nind <david@davidnind.com> --- Created attachment 190324 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=190324&action=edit Bug 33782: (follow-up) Remove code duplication in OAuth client This patch eliminates duplicated patron search logic in the _get_data_and_patron method by extracting it into a dedicated helper method _find_patron_by_matchpoint. Changes: - Extract duplicated patron search logic (8 lines removed) - Add _find_patron_by_matchpoint helper method - Improve code maintainability and readability - No functional changes - behavior preserved Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! OAuth client tests work correctly k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! OAuth API integration works 3. Confirm OAuth authentication still works in browser 4. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #8 from David Nind <david@davidnind.com> --- My sign-off line was incorrect, so have updated. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Kyle M Hall (khall) <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Kyle M Hall (khall) <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #190323|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Kyle M Hall (khall) <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #190324|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #9 from Kyle M Hall (khall) <kyle@bywatersolutions.com> --- Created attachment 192266 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192266&action=edit Bug 33782: Add unit tests for Koha::Auth::Client::OAuth This patch adds comprehensive unit tests for the OAuth authentication client, specifically covering the _get_data_and_patron method which handles JWT token processing and UserInfo endpoint integration. Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! 3. Tests cover: - JWT id_token processing and patron matching - UserInfo endpoint calls and data merging - Non-existent user scenarios - Combined JWT + UserInfo data sources 4. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #10 from Kyle M Hall (khall) <kyle@bywatersolutions.com> --- Created attachment 192267 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192267&action=edit Bug 33782: (follow-up) Remove code duplication in OAuth client This patch eliminates duplicated patron search logic in the _get_data_and_patron method by extracting it into a dedicated helper method _find_patron_by_matchpoint. Changes: - Extract duplicated patron search logic (8 lines removed) - Add _find_patron_by_matchpoint helper method - Improve code maintainability and readability - No functional changes - behavior preserved Test plan: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Auth/Client/OAuth.t => SUCCESS: Tests pass! OAuth client tests work correctly k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! OAuth API integration works 3. Confirm OAuth authentication still works in browser 4. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #11 from Kyle M Hall (khall) <kyle@bywatersolutions.com> --- Created attachment 192268 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192268&action=edit Bug 33782: (QA follow-up) Fix qa issues Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com QA Contact|testopia@bugs.koha-communit |kyle@bywatersolutions.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |26.05.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #12 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Nice work everyone! Pushed to main for 26.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 Chloé Zermatten <chloe.zermatten@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)|26.05.00 |26.05.00,25.11.03 released in| | Status|Pushed to main |Pushed to stable -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33782 --- Comment #13 from Chloé Zermatten <chloe.zermatten@openfifth.co.uk> --- All pushed to 25.11.x Thanks all! -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org