generated from coulomb/repo-seed
50 lines
1.7 KiB
Python
50 lines
1.7 KiB
Python
import unittest
|
|
|
|
from user_engine.domain import AuthorizationEffect, AuthorizationRequest
|
|
from user_engine.testing.fixtures import (
|
|
FixtureIdentityClaimsAdapter,
|
|
StaticAuthorizationCheckPort,
|
|
human_actor_claims,
|
|
sample_application_binding,
|
|
)
|
|
|
|
|
|
class PortFixtureTests(unittest.TestCase):
|
|
def test_fixture_identity_claims_adapter_normalizes_actor(self):
|
|
adapter = FixtureIdentityClaimsAdapter()
|
|
actor = adapter.normalize(human_actor_claims())
|
|
|
|
self.assertEqual(actor.identity_key, ("https://issuer.example.test", "user-123"))
|
|
self.assertEqual(actor.tenant, "tenant:coulomb")
|
|
self.assertIn("profile", actor.scopes)
|
|
|
|
def test_static_authorization_check_records_requests(self):
|
|
adapter = FixtureIdentityClaimsAdapter()
|
|
actor = adapter.normalize(human_actor_claims())
|
|
authz = StaticAuthorizationCheckPort(effect=AuthorizationEffect.ALLOW)
|
|
request = AuthorizationRequest(
|
|
actor=actor,
|
|
resource_type="user-engine:profile",
|
|
resource_id="usr_123",
|
|
action="read",
|
|
tenant="tenant:coulomb",
|
|
correlation_id="corr-1",
|
|
target_user_id="usr_123",
|
|
)
|
|
|
|
decision = authz.check(request)
|
|
|
|
self.assertTrue(decision.allowed)
|
|
self.assertEqual(authz.requests, [request])
|
|
|
|
def test_sample_application_binding_keeps_external_ids_separate(self):
|
|
binding = sample_application_binding()
|
|
|
|
self.assertEqual(binding.application_id, "app.demo")
|
|
self.assertEqual(binding.oidc_client_id, "demo-client")
|
|
self.assertEqual(binding.protected_system_id, "user-engine.demo")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|