From 1d12d693cea156d76dc0afcb687bbedcb7507533 Mon Sep 17 00:00:00 2001 From: Niek Otten Date: Thu, 16 Jul 2026 09:05:45 +0200 Subject: [PATCH] test(auth): MedewerkerAuthService exposes realm roles from the medewerker token (refs #13) Co-Authored-By: Claude Opus 4.8 (1M context) --- .../src/lib/medewerker-auth.service.spec.ts | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 libs/auth/src/lib/medewerker-auth.service.spec.ts diff --git a/libs/auth/src/lib/medewerker-auth.service.spec.ts b/libs/auth/src/lib/medewerker-auth.service.spec.ts new file mode 100644 index 0000000..503a304 --- /dev/null +++ b/libs/auth/src/lib/medewerker-auth.service.spec.ts @@ -0,0 +1,43 @@ +import { TestBed } from '@angular/core/testing'; +import { OidcSecurityService } from 'angular-auth-oidc-client'; +import { of } from 'rxjs'; +import { MedewerkerAuthService } from './medewerker-auth.service'; + +function makeService(userData: unknown, authenticated = true) { + const oidc = { + isAuthenticated$: of({ isAuthenticated: authenticated }), + userData$: of({ userData }), + authorize: vi.fn(), + logoff: vi.fn(() => of(null)), + }; + TestBed.configureTestingModule({ + providers: [MedewerkerAuthService, { provide: OidcSecurityService, useValue: oidc }], + }); + return { svc: TestBed.inject(MedewerkerAuthService), oidc }; +} + +describe('MedewerkerAuthService', () => { + it('exposes the realm roles carried in the token', () => { + const { svc } = makeService({ realm_access: { roles: ['behandelaar', 'teamlead'] } }); + expect(svc.roles()).toEqual(['behandelaar', 'teamlead']); + expect(svc.hasRole('behandelaar')).toBe(true); + expect(svc.hasRole('beheerder')).toBe(false); + }); + + it('has no roles when the token omits realm_access', () => { + const { svc } = makeService({ preferred_username: 'merel-behandelaar' }); + expect(svc.roles()).toEqual([]); + expect(svc.hasRole('behandelaar')).toBe(false); + }); + + it('reflects the OIDC authenticated state', () => { + const { svc } = makeService({}, true); + expect(svc.isAuthenticated()).toBe(true); + }); + + it('starts login by delegating to the OIDC library', () => { + const { svc, oidc } = makeService({}); + svc.login(); + expect(oidc.authorize).toHaveBeenCalledTimes(1); + }); +});