test(auth): MedewerkerAuthService exposes realm roles from the medewerker token (refs #13)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
43
libs/auth/src/lib/medewerker-auth.service.spec.ts
Normal file
43
libs/auth/src/lib/medewerker-auth.service.spec.ts
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
import { TestBed } from '@angular/core/testing';
|
||||||
|
import { OidcSecurityService } from 'angular-auth-oidc-client';
|
||||||
|
import { of } from 'rxjs';
|
||||||
|
import { MedewerkerAuthService } from './medewerker-auth.service';
|
||||||
|
|
||||||
|
function makeService(userData: unknown, authenticated = true) {
|
||||||
|
const oidc = {
|
||||||
|
isAuthenticated$: of({ isAuthenticated: authenticated }),
|
||||||
|
userData$: of({ userData }),
|
||||||
|
authorize: vi.fn(),
|
||||||
|
logoff: vi.fn(() => of(null)),
|
||||||
|
};
|
||||||
|
TestBed.configureTestingModule({
|
||||||
|
providers: [MedewerkerAuthService, { provide: OidcSecurityService, useValue: oidc }],
|
||||||
|
});
|
||||||
|
return { svc: TestBed.inject(MedewerkerAuthService), oidc };
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('MedewerkerAuthService', () => {
|
||||||
|
it('exposes the realm roles carried in the token', () => {
|
||||||
|
const { svc } = makeService({ realm_access: { roles: ['behandelaar', 'teamlead'] } });
|
||||||
|
expect(svc.roles()).toEqual(['behandelaar', 'teamlead']);
|
||||||
|
expect(svc.hasRole('behandelaar')).toBe(true);
|
||||||
|
expect(svc.hasRole('beheerder')).toBe(false);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('has no roles when the token omits realm_access', () => {
|
||||||
|
const { svc } = makeService({ preferred_username: 'merel-behandelaar' });
|
||||||
|
expect(svc.roles()).toEqual([]);
|
||||||
|
expect(svc.hasRole('behandelaar')).toBe(false);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('reflects the OIDC authenticated state', () => {
|
||||||
|
const { svc } = makeService({}, true);
|
||||||
|
expect(svc.isAuthenticated()).toBe(true);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('starts login by delegating to the OIDC library', () => {
|
||||||
|
const { svc, oidc } = makeService({});
|
||||||
|
svc.login();
|
||||||
|
expect(oidc.authorize).toHaveBeenCalledTimes(1);
|
||||||
|
});
|
||||||
|
});
|
||||||
Reference in New Issue
Block a user