fix: added tests for user roles claims

sattvikc · sattvikc · commit 684cd5ec16c3 · 2022-09-08T16:16:41.000+05:30
diff --git a/recipe/userroles/claims_test.go b/recipe/userroles/claims_test.go
@@ -0,0 +1,379 @@
+package userroles
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/supertokens/supertokens-golang/recipe/session"
+	"github.com/supertokens/supertokens-golang/recipe/session/claims"
+	sessErrors "github.com/supertokens/supertokens-golang/recipe/session/errors"
+	"github.com/supertokens/supertokens-golang/recipe/userroles/userrolesclaims"
+	"github.com/supertokens/supertokens-golang/recipe/userroles/userrolesmodels"
+	"github.com/supertokens/supertokens-golang/supertokens"
+	"github.com/supertokens/supertokens-golang/test/unittesting"
+)
+
+func TestShouldAddClaimsToSessionWithoutConfig(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(nil),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	userroleClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.UserRoleClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, userroleClaimValue.OK)
+	assert.Equal(t, []interface{}{}, userroleClaimValue.OK.Value)
+
+	permissionClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.PermissionClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, permissionClaimValue.OK)
+	assert.Equal(t, []interface{}{}, permissionClaimValue.OK.Value)
+}
+
+func TestShouldNotAddClaimsToSessionIfDisabledInConfig(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(&userrolesmodels.TypeInput{
+				SkipAddingRolesToAccessToken:       true,
+				SkipAddingPermissionsToAccessToken: true,
+			}),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	userroleClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.UserRoleClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, userroleClaimValue.OK)
+	assert.Equal(t, nil, userroleClaimValue.OK.Value)
+
+	permissionClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.PermissionClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, permissionClaimValue.OK)
+	assert.Equal(t, nil, permissionClaimValue.OK.Value)
+}
+
+func TestShouldAddClaimsToSessionWithValues(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(nil),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	CreateNewRoleOrAddPermissions("test", []string{"a", "b"}, &map[string]interface{}{})
+	AddRoleToUser("userId", "test", &map[string]interface{}{})
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	userroleClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.UserRoleClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, userroleClaimValue.OK)
+	assert.Equal(t, []interface{}{"test"}, userroleClaimValue.OK.Value)
+
+	permissionClaimValue, err := session.GetClaimValue(sessionContainer.GetHandle(), userrolesclaims.PermissionClaim)
+	assert.NoError(t, err)
+
+	assert.NotNil(t, permissionClaimValue.OK)
+	assert.Equal(t, 2, len(permissionClaimValue.OK.Value.([]interface{})))
+	assert.Equal(t, []interface{}{"a", "b"}, permissionClaimValue.OK.Value)
+	assert.Contains(t, permissionClaimValue.OK.Value, "a")
+	assert.Contains(t, permissionClaimValue.OK.Value, "b")
+}
+
+func TestShouldValidateRoles(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(nil),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	CreateNewRoleOrAddPermissions("test", []string{"a", "b"}, &map[string]interface{}{})
+	AddRoleToUser("userId", "test", &map[string]interface{}{})
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.UserRoleClaimValidators.Includes("test", nil, nil),
+	})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.UserRoleClaimValidators.Includes("nope", nil, nil),
+	})
+	assert.NotNil(t, err)
+	assert.IsType(t, sessErrors.InvalidClaimError{}, err)
+
+	invalidClaimErr := err.(sessErrors.InvalidClaimError)
+	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
+	assert.Equal(t, "st-role", invalidClaimErr.InvalidClaims[0].ID)
+	assert.Equal(t, map[string]interface{}{
+		"actualValue":       []interface{}{"test"},
+		"expectedToInclude": "nope",
+		"message":           "wrong value",
+	}, invalidClaimErr.InvalidClaims[0].Reason)
+}
+
+func TestShouldValidateRolesAfterRefetching(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(&userrolesmodels.TypeInput{
+				SkipAddingRolesToAccessToken: true,
+			}),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	CreateNewRoleOrAddPermissions("test", []string{"a", "b"}, &map[string]interface{}{})
+	AddRoleToUser("userId", "test", &map[string]interface{}{})
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.UserRoleClaimValidators.Includes("test", nil, nil),
+	})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.UserRoleClaimValidators.Includes("nope", nil, nil),
+	})
+	assert.NotNil(t, err)
+	assert.IsType(t, sessErrors.InvalidClaimError{}, err)
+
+	invalidClaimErr := err.(sessErrors.InvalidClaimError)
+	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
+	assert.Equal(t, "st-role", invalidClaimErr.InvalidClaims[0].ID)
+	assert.Equal(t, map[string]interface{}{
+		"actualValue":       []interface{}{"test"},
+		"expectedToInclude": "nope",
+		"message":           "wrong value",
+	}, invalidClaimErr.InvalidClaims[0].Reason)
+}
+
+func TestShouldValidatePermissions(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(nil),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	CreateNewRoleOrAddPermissions("test", []string{"a", "b"}, &map[string]interface{}{})
+	AddRoleToUser("userId", "test", &map[string]interface{}{})
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.PermissionClaimValidators.Includes("a", nil, nil),
+	})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.PermissionClaimValidators.Includes("nope", nil, nil),
+	})
+	assert.NotNil(t, err)
+	assert.IsType(t, sessErrors.InvalidClaimError{}, err)
+
+	invalidClaimErr := err.(sessErrors.InvalidClaimError)
+	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
+	assert.Equal(t, "st-perm", invalidClaimErr.InvalidClaims[0].ID)
+	assert.Equal(t, map[string]interface{}{
+		"actualValue":       []interface{}{"a", "b"},
+		"expectedToInclude": "nope",
+		"message":           "wrong value",
+	}, invalidClaimErr.InvalidClaims[0].Reason)
+}
+
+func TestShouldValidatePermissionsAfterRefetching(t *testing.T) {
+	configValue := supertokens.TypeInput{
+		Supertokens: &supertokens.ConnectionInfo{
+			ConnectionURI: "http://localhost:8080",
+		},
+		AppInfo: supertokens.AppInfo{
+			AppName:       "SuperTokens",
+			WebsiteDomain: "supertokens.io",
+			APIDomain:     "api.supertokens.io",
+		},
+		RecipeList: []supertokens.Recipe{
+			session.Init(nil),
+			Init(&userrolesmodels.TypeInput{
+				SkipAddingPermissionsToAccessToken: true,
+			}),
+		},
+	}
+	BeforeEach()
+	unittesting.StartUpST("localhost", "8080")
+	defer AfterEach()
+	err := supertokens.Init(configValue)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	if !canRunTest(t) {
+		return
+	}
+
+	CreateNewRoleOrAddPermissions("test", []string{"a", "b"}, &map[string]interface{}{})
+	AddRoleToUser("userId", "test", &map[string]interface{}{})
+
+	res := fakeRes{}
+	sessionContainer, err := session.CreateNewSession(res, "userId", map[string]interface{}{}, map[string]interface{}{})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.PermissionClaimValidators.Includes("a", nil, nil),
+	})
+	assert.NoError(t, err)
+
+	err = sessionContainer.AssertClaims([]claims.SessionClaimValidator{
+		userrolesclaims.PermissionClaimValidators.Includes("nope", nil, nil),
+	})
+	assert.NotNil(t, err)
+	assert.IsType(t, sessErrors.InvalidClaimError{}, err)
+
+	invalidClaimErr := err.(sessErrors.InvalidClaimError)
+	assert.Equal(t, 1, len(invalidClaimErr.InvalidClaims))
+	assert.Equal(t, "st-perm", invalidClaimErr.InvalidClaims[0].ID)
+	assert.Equal(t, map[string]interface{}{
+		"actualValue":       []interface{}{"a", "b"},
+		"expectedToInclude": "nope",
+		"message":           "wrong value",
+	}, invalidClaimErr.InvalidClaims[0].Reason)
+}
diff --git a/recipe/userroles/recipe.go b/recipe/userroles/recipe.go
@@ -75,11 +75,11 @@ func recipeInit(config *userrolesmodels.TypeInput) supertokens.Recipe {
 					return err
 				}
 
-				if !config.SkipAddingRolesToAccessToken {
+				if config == nil || !config.SkipAddingRolesToAccessToken {
 					sessionRecipe.AddClaimFromOtherRecipe(userrolesclaims.UserRoleClaim)
 				}
 
-				if !config.SkipAddingPermissionsToAccessToken {
+				if config == nil || !config.SkipAddingPermissionsToAccessToken {
 					sessionRecipe.AddClaimFromOtherRecipe(userrolesclaims.PermissionClaim)
 				}
 				return nil
diff --git a/recipe/userroles/testingUtils.go b/recipe/userroles/testingUtils.go

Original file line number	Diff line number	Diff line change
`@@ -75,11 +75,11 @@ func recipeInit(config *userrolesmodels.TypeInput) supertokens.Recipe {`
`75`	`75`	`return err`
`76`	`76`	`}`
`77`	`77`
`78`		`- if !config.SkipAddingRolesToAccessToken {`
	`78`	`+ if config == nil \|\| !config.SkipAddingRolesToAccessToken {`
`79`	`79`	`sessionRecipe.AddClaimFromOtherRecipe(userrolesclaims.UserRoleClaim)`
`80`	`80`	`}`
`81`	`81`
`82`		`- if !config.SkipAddingPermissionsToAccessToken {`
	`82`	`+ if config == nil \|\| !config.SkipAddingPermissionsToAccessToken {`
`83`	`83`	`sessionRecipe.AddClaimFromOtherRecipe(userrolesclaims.PermissionClaim)`
`84`	`84`	`}`
`85`	`85`	`return nil`