test(auth): MedewerkerAuthService exposes realm roles from the medewerker token (refs #13)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
43
libs/auth/src/lib/medewerker-auth.service.spec.ts
Normal file
43
libs/auth/src/lib/medewerker-auth.service.spec.ts
Normal file
@@ -0,0 +1,43 @@
|
||||
import { TestBed } from '@angular/core/testing';
|
||||
import { OidcSecurityService } from 'angular-auth-oidc-client';
|
||||
import { of } from 'rxjs';
|
||||
import { MedewerkerAuthService } from './medewerker-auth.service';
|
||||
|
||||
function makeService(userData: unknown, authenticated = true) {
|
||||
const oidc = {
|
||||
isAuthenticated$: of({ isAuthenticated: authenticated }),
|
||||
userData$: of({ userData }),
|
||||
authorize: vi.fn(),
|
||||
logoff: vi.fn(() => of(null)),
|
||||
};
|
||||
TestBed.configureTestingModule({
|
||||
providers: [MedewerkerAuthService, { provide: OidcSecurityService, useValue: oidc }],
|
||||
});
|
||||
return { svc: TestBed.inject(MedewerkerAuthService), oidc };
|
||||
}
|
||||
|
||||
describe('MedewerkerAuthService', () => {
|
||||
it('exposes the realm roles carried in the token', () => {
|
||||
const { svc } = makeService({ realm_access: { roles: ['behandelaar', 'teamlead'] } });
|
||||
expect(svc.roles()).toEqual(['behandelaar', 'teamlead']);
|
||||
expect(svc.hasRole('behandelaar')).toBe(true);
|
||||
expect(svc.hasRole('beheerder')).toBe(false);
|
||||
});
|
||||
|
||||
it('has no roles when the token omits realm_access', () => {
|
||||
const { svc } = makeService({ preferred_username: 'merel-behandelaar' });
|
||||
expect(svc.roles()).toEqual([]);
|
||||
expect(svc.hasRole('behandelaar')).toBe(false);
|
||||
});
|
||||
|
||||
it('reflects the OIDC authenticated state', () => {
|
||||
const { svc } = makeService({}, true);
|
||||
expect(svc.isAuthenticated()).toBe(true);
|
||||
});
|
||||
|
||||
it('starts login by delegating to the OIDC library', () => {
|
||||
const { svc, oidc } = makeService({});
|
||||
svc.login();
|
||||
expect(oidc.authorize).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user