matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Allow making the contacts and client_uri optional in client registration

Browse Source
This commit is contained in:
Quentin Gliech
2022-08-22 15:10:53 +02:00
parent ad3d334cb0
commit 2d3afc1c4f
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/policy/policies/client_registration.rego
View File

@ -35,6 +35,7 @@ host_matches_client_uri(x) {
} }
violation[{"msg": "missing client_uri"}] { violation[{"msg": "missing client_uri"}] {
not data.client_registration.allow_missing_client_uri
not input.client_metadata.client_uri not input.client_metadata.client_uri
} }
@ -80,6 +81,7 @@ violation[{"msg": "logo_uri not on the same host as the client_uri"}] {
} }
violation[{"msg": "missing contacts"}] { violation[{"msg": "missing contacts"}] {
not data.client_registration.allow_missing_contacts
not input.client_metadata.contacts not input.client_metadata.contacts
} }

13
crates/policy/policies/client_registration_test.rego
View File

@ -13,6 +13,12 @@ test_missing_client_uri {
"redirect_uris": ["https://example.com/callback"], "redirect_uris": ["https://example.com/callback"],
"contacts": ["contact@example.com"], "contacts": ["contact@example.com"],
} }
allow with input.client_metadata as {
"redirect_uris": ["https://example.com/callback"],
"contacts": ["contact@example.com"],
}
with data.client_registration.allow_missing_client_uri as true
} }
test_insecure_client_uri { test_insecure_client_uri {
@ -319,6 +325,13 @@ test_contacts {
"redirect_uris": ["https://example.com/callback"], "redirect_uris": ["https://example.com/callback"],
} }
# Missing contacts, but allowed by config
allow with input.client_metadata as {
"client_uri": "https://example.com/",
"redirect_uris": ["https://example.com/callback"],
}
with data.client_registration.allow_missing_contacts as true
# contacts is not an array # contacts is not an array
not allow with input.client_metadata as { not allow with input.client_metadata as {
"client_uri": "https://example.com/", "client_uri": "https://example.com/",

14
crates/policy/policies/util/coveralls.rego
View File

@ -4,12 +4,12 @@ import future.keywords
from_opa := {"source_files": coverage} from_opa := {"source_files": coverage}
coverage[obj] { coverage contains obj if {
some file, report in input.files some file, report in input.files
obj := {"name": file, "coverage": to_lines(report)} obj := {"name": file, "coverage": to_lines(report)}
} }
covered_map(report) = cm { covered_map(report) = cm if {
covered := object.get(report, "covered", []) covered := object.get(report, "covered", [])
cm := {line: 1 | cm := {line: 1 |
some item in covered some item in covered
@ -17,7 +17,7 @@ covered_map(report) = cm {
} }
} }
not_covered_map(report) = ncm { not_covered_map(report) = ncm if {
not_covered := object.get(report, "not_covered", []) not_covered := object.get(report, "not_covered", [])
ncm := {line: 0 | ncm := {line: 0 |
some item in not_covered some item in not_covered
@ -25,7 +25,7 @@ not_covered_map(report) = ncm {
} }
} }
to_lines(report) = lines { to_lines(report) = lines if {
cm := covered_map(report) cm := covered_map(report)
ncm := not_covered_map(report) ncm := not_covered_map(report)
keys := sort([line | some line, _ in object.union(cm, ncm)]) keys := sort([line | some line, _ in object.union(cm, ncm)])
@ -37,15 +37,15 @@ to_lines(report) = lines {
] ]
} }
to_value(cm, _, line) = 1 { to_value(cm, _, line) = 1 if {
cm[line] cm[line]
} }
to_value(_, ncm, line) = 0 { to_value(_, ncm, line) = 0 if {
ncm[line] ncm[line]
} }
to_value(cm, ncm, line) = null { to_value(cm, ncm, line) = null if {
not cm[line] not cm[line]
not ncm[line] not ncm[line]
} }