matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-07 22:41:18 +03:00
Code Activity
Files
e3b51c09faac79d6c900b947029c68defb53056c
authentication-service/policies/authorization_grant_test.rego
Quentin Gliech 834214bcac Do not embed the WASM-compiled policies in the binary
2022-11-18 22:37:55 +01:00

64 lines
2.1 KiB
Rego
Raw Blame History

package authorization_grant
user := {"username": "john"}
test_standard_scopes {
allow with input.user as user
with input.authorization_grant as {"scope": "openid"}
allow with input.user as user
with input.authorization_grant as {"scope": "email"}
allow with input.user as user
with input.authorization_grant as {"scope": "openid email"}
# Not supported yet
not allow with input.user as user
with input.authorization_grant as {"scope": "phone"}
# Not supported yet
not allow with input.user as user
with input.authorization_grant as {"scope": "profile"}
}
test_matrix_scopes {
allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:api:*"}
}
test_device_scopes {
allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AAbbCCdd01"}
allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AAbbCCdd01-asdasdsa1-2313"}
# Invalid characters
not allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AABB:CCDDEE"}
not allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AABB*CCDDEE"}
not allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AABB!CCDDEE"}
# Too short
not allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:abcd"}
# Multiple device scope
not allow with input.user as user
with input.authorization_grant as {"scope": "urn:matrix:org.matrix.msc2967.client:device:AAbbCCdd01 urn:matrix:org.matrix.msc2967.client:device:AAbbCCdd02"}
}
test_synapse_admin_scopes {
allow with input.user as user
with data.admin_users as ["john"]
with input.authorization_grant as {"scope": "urn:synapse:admin:*"}
not allow with input.user as user
with data.admin_users as []
with input.authorization_grant as {"scope": "urn:synapse:admin:*"}
}
View Git Blame Copy Permalink