Allow making the contacts and client_uri optional in client registration

2025-07-29 22:01:14 +03:00 · 2022-08-22 15:10:53 +02:00
parent ad3d334cb0
commit 2d3afc1c4f
3 changed files with 22 additions and 7 deletions
--- a/crates/policy/policies/client_registration.rego
+++ b/crates/policy/policies/client_registration.rego
@ -35,6 +35,7 @@ host_matches_client_uri(x) {
 }

 violation[{"msg": "missing client_uri"}] {
+	not data.client_registration.allow_missing_client_uri
 	not input.client_metadata.client_uri
 }

@ -80,6 +81,7 @@ violation[{"msg": "logo_uri not on the same host as the client_uri"}] {
 }

 violation[{"msg": "missing contacts"}] {
+	not data.client_registration.allow_missing_contacts
 	not input.client_metadata.contacts
 }

--- a/crates/policy/policies/client_registration_test.rego
+++ b/crates/policy/policies/client_registration_test.rego
@ -13,6 +13,12 @@ test_missing_client_uri {
 		"redirect_uris": ["https://example.com/callback"],
 		"contacts": ["contact@example.com"],
 	}
+
+	allow with input.client_metadata as {
+		"redirect_uris": ["https://example.com/callback"],
+		"contacts": ["contact@example.com"],
+	}
+		with data.client_registration.allow_missing_client_uri as true
 }

 test_insecure_client_uri {
@ -319,6 +325,13 @@ test_contacts {
 		"redirect_uris": ["https://example.com/callback"],
 	}

+	# Missing contacts, but allowed by config
+	allow with input.client_metadata as {
+		"client_uri": "https://example.com/",
+		"redirect_uris": ["https://example.com/callback"],
+	}
+		with data.client_registration.allow_missing_contacts as true
+
 	# contacts is not an array
 	not allow with input.client_metadata as {
 		"client_uri": "https://example.com/",
--- a/crates/policy/policies/util/coveralls.rego
+++ b/crates/policy/policies/util/coveralls.rego
@ -4,12 +4,12 @@ import future.keywords

 from_opa := {"source_files": coverage}

-coverage[obj] {
+coverage contains obj if {
 	some file, report in input.files
 	obj := {"name": file, "coverage": to_lines(report)}
 }

-covered_map(report) = cm {
+covered_map(report) = cm if {
 	covered := object.get(report, "covered", [])
 	cm := {line: 1 |
 		some item in covered
@ -17,7 +17,7 @@ covered_map(report) = cm {
 	}
 }

-not_covered_map(report) = ncm {
+not_covered_map(report) = ncm if {
 	not_covered := object.get(report, "not_covered", [])
 	ncm := {line: 0 |
 		some item in not_covered
@ -25,7 +25,7 @@ not_covered_map(report) = ncm {
 	}
 }

-to_lines(report) = lines {
+to_lines(report) = lines if {
 	cm := covered_map(report)
 	ncm := not_covered_map(report)
 	keys := sort([line | some line, _ in object.union(cm, ncm)])
@ -37,15 +37,15 @@ to_lines(report) = lines {
 	]
 }

-to_value(cm, _, line) = 1 {
+to_value(cm, _, line) = 1 if {
 	cm[line]
 }

-to_value(_, ncm, line) = 0 {
+to_value(_, ncm, line) = 0 if {
 	ncm[line]
 }

-to_value(cm, ncm, line) = null {
+to_value(cm, ncm, line) = null if {
 	not cm[line]
 	not ncm[line]
 }