◐ Shell
clean mode source ↗

fix!: reject OIDC login when email_verified claim is non-bool or abse… · coder/coder@120b37a

1+

package coderd

2+3+

import (

4+

"encoding/json"

5+

"testing"

6+7+

"github.com/stretchr/testify/assert"

8+

)

9+10+

func TestCoerceEmailVerified(t *testing.T) {

11+

t.Parallel()

12+13+

tests := []struct {

14+

name string

15+

input interface{}

16+

wantBool bool

17+

wantOK bool

18+

}{

19+

// Native booleans

20+

{name: "BoolTrue", input: true, wantBool: true, wantOK: true},

21+

{name: "BoolFalse", input: false, wantBool: false, wantOK: true},

22+23+

// Strings

24+

{name: "StringTrue", input: "true", wantBool: true, wantOK: true},

25+

{name: "StringFalse", input: "false", wantBool: false, wantOK: true},

26+

{name: "StringOne", input: "1", wantBool: true, wantOK: true},

27+

{name: "StringZero", input: "0", wantBool: false, wantOK: true},

28+

{name: "StringTRUE", input: "TRUE", wantBool: true, wantOK: true},

29+

{name: "StringFALSE", input: "FALSE", wantBool: false, wantOK: true},

30+

{name: "StringT", input: "t", wantBool: true, wantOK: true},

31+

{name: "StringF", input: "f", wantBool: false, wantOK: true},

32+

{name: "StringInvalid", input: "invalid", wantBool: false, wantOK: false},

33+

{name: "StringEmpty", input: "", wantBool: false, wantOK: false},

34+35+

// json.Number (when decoder uses UseNumber)

36+

{name: "JSONNumberOne", input: json.Number("1"), wantBool: true, wantOK: true},

37+

{name: "JSONNumberZero", input: json.Number("0"), wantBool: false, wantOK: true},

38+

{name: "JSONNumberInvalid", input: json.Number("abc"), wantBool: false, wantOK: false},

39+40+

// float64 (default JSON numeric type)

41+

{name: "Float64One", input: float64(1), wantBool: true, wantOK: true},

42+

{name: "Float64Zero", input: float64(0), wantBool: false, wantOK: true},

43+44+

// Integer types

45+

{name: "IntOne", input: int(1), wantBool: true, wantOK: true},

46+

{name: "IntZero", input: int(0), wantBool: false, wantOK: true},

47+

{name: "Int64One", input: int64(1), wantBool: true, wantOK: true},

48+

{name: "Int64Zero", input: int64(0), wantBool: false, wantOK: true},

49+50+

// Nil and unsupported types

51+

{name: "Nil", input: nil, wantBool: false, wantOK: false},

52+

{name: "Slice", input: []string{}, wantBool: false, wantOK: false},

53+

{name: "Map", input: map[string]string{}, wantBool: false, wantOK: false},

54+

}

55+56+

for _, tc := range tests {

57+

t.Run(tc.name, func(t *testing.T) {

58+

t.Parallel()

59+60+

gotBool, gotOK := coerceEmailVerified(tc.input)

61+

assert.Equal(t, tc.wantBool, gotBool, "bool value mismatch")

62+

assert.Equal(t, tc.wantOK, gotOK, "ok value mismatch")

63+

})

64+

}

65+

}