From a12c97772fa8291d69d54cfac96092865e419adf Mon Sep 17 00:00:00 2001 From: angelsl Date: Wed, 10 Nov 2021 21:25:55 +0800 Subject: [PATCH 1/2] Remove no-op autograding result view transformations --- .../admin_views/admin_grading_view.ex | 10 +----- lib/cadet_web/views/assessments_helpers.ex | 36 +------------------ 2 files changed, 2 insertions(+), 44 deletions(-) diff --git a/lib/cadet_web/admin_views/admin_grading_view.ex b/lib/cadet_web/admin_views/admin_grading_view.ex index ccb9f25f3..8d196c781 100644 --- a/lib/cadet_web/admin_views/admin_grading_view.ex +++ b/lib/cadet_web/admin_views/admin_grading_view.ex @@ -22,19 +22,11 @@ defmodule CadetWeb.AdminGradingView do end defp build_grading_question(answer) do - results = build_autograding_results(answer.autograding_results) - %{question: answer.question} |> build_question_by_question_config(true) |> Map.put(:answer, answer.answer["code"] || answer.answer["choice_id"]) |> Map.put(:autogradingStatus, answer.autograding_status) - |> Map.put(:autogradingResults, results) - end - - defp build_autograding_results(nil), do: nil - - defp build_autograding_results(results) do - Enum.map(results, &build_result/1) + |> Map.put(:autogradingResults, answer.autograding_results) end defp build_grade(answer = %{grader: grader}) do diff --git a/lib/cadet_web/views/assessments_helpers.ex b/lib/cadet_web/views/assessments_helpers.ex index 77dfc44c8..961aed928 100644 --- a/lib/cadet_web/views/assessments_helpers.ex +++ b/lib/cadet_web/views/assessments_helpers.ex @@ -88,45 +88,11 @@ defmodule CadetWeb.AssessmentsHelpers do gradedAt: graded_at_builder(grader), xp: &((&1.xp || 0) + (&1.xp_adjustment || 0)), autogradingStatus: :autograding_status, - autogradingResults: build_results(%{results: answer.autograding_results}), + autogradingResults: :autograding_results, comments: :comments }) end - defp build_results(%{results: results}) do - case results do - nil -> nil - _ -> &Enum.map(&1.autograding_results, fn result -> build_result(result) end) - end - end - - def build_result(result) do - transform_map_for_view(result, %{ - resultType: "resultType", - expected: "expected", - actual: "actual", - errorType: "errorType", - errors: build_errors(result["errors"]) - }) - end - - defp build_errors(errors) do - case errors do - nil -> nil - _ -> &Enum.map(&1["errors"], fn error -> build_error(error) end) - end - end - - defp build_error(error) do - transform_map_for_view(error, %{ - errorType: "errorType", - line: "line", - location: "location", - errorLine: "errorLine", - errorExplanation: "errorExplanation" - }) - end - defp build_contest_entry(entry) do transform_map_for_view(entry, %{ submission_id: :submission_id, From 4231f9cdef5e7aae639166a024e6e1a8c75c2863 Mon Sep 17 00:00:00 2001 From: angelsl Date: Sun, 2 Jan 2022 22:52:35 +0800 Subject: [PATCH 2/2] Remove roles from auth providers --- lib/cadet/auth/provider.ex | 21 +--- .../auth/providers/auth0_claim_extractor.ex | 17 +-- .../auth/providers/cognito_claim_extractor.ex | 14 +-- lib/cadet/auth/providers/config.ex | 9 -- lib/cadet/auth/providers/github.ex | 5 - .../auth/providers/google_claim_extractor.ex | 6 +- lib/cadet/auth/providers/luminus.ex | 106 ---------------- lib/cadet/auth/providers/openid.ex | 22 +--- test/cadet/accounts/accounts_test.exs | 18 --- test/cadet/auth/provider_test.exs | 3 - .../providers/auth0_claim_extractor_test.exs | 7 +- .../cognito_claim_extractor_test.exs | 6 +- test/cadet/auth/providers/config_test.exs | 10 -- .../providers/google_claim_extractor_test.exs | 10 +- test/cadet/auth/providers/luminus_test.exs | 114 ------------------ test/cadet/auth/providers/openid_test.exs | 9 -- 16 files changed, 21 insertions(+), 356 deletions(-) diff --git a/lib/cadet/auth/provider.ex b/lib/cadet/auth/provider.ex index 1c9b4c104..7e399f203 100644 --- a/lib/cadet/auth/provider.ex +++ b/lib/cadet/auth/provider.ex @@ -1,12 +1,9 @@ defmodule Cadet.Auth.Provider do @moduledoc """ An identity provider, which takes the OAuth2 authentication code and exchanges - it for a token with the OAuth2 provider, and then retrieves the user ID, name, - and user role. + it for a token with the OAuth2 provider, and then retrieves the user ID and name. """ - alias Cadet.Accounts.Role - @type code :: String.t() @type token :: String.t() @type client_id :: String.t() @@ -23,9 +20,6 @@ defmodule Cadet.Auth.Provider do @doc "Retrieves the name of the user with the associated token." @callback get_name(any(), token) :: {:ok, String.t()} | {:error, error(), String.t()} - @doc "Retrieves the role of the user with the associated token." - @callback get_role(any(), token) :: {:ok, Role.t()} | {:error, error(), String.t()} - @spec get_instance_config(provider_instance) :: {module(), any()} | nil def get_instance_config(instance) do Application.get_env(:cadet, :identity_providers, %{})[instance] @@ -47,17 +41,4 @@ defmodule Cadet.Auth.Provider do _ -> {:error, :other, "Invalid or nonexistent provider config"} end end - - # no longer used anymore currently - - # coveralls-ignore-start - @spec get_role(provider_instance, token) :: {:ok, String.t()} | {:error, error(), String.t()} - def get_role(instance, token) do - case get_instance_config(instance) do - {provider, config} -> provider.get_role(config, token) - _ -> {:error, :other, "Invalid or nonexistent provider config"} - end - end - - # coveralls-ignore-stop end diff --git a/lib/cadet/auth/providers/auth0_claim_extractor.ex b/lib/cadet/auth/providers/auth0_claim_extractor.ex index 3ab366a58..b64f544f8 100644 --- a/lib/cadet/auth/providers/auth0_claim_extractor.ex +++ b/lib/cadet/auth/providers/auth0_claim_extractor.ex @@ -1,22 +1,11 @@ defmodule Cadet.Auth.Providers.Auth0ClaimExtractor do @moduledoc """ Extracts fields from Auth0 JWTs. - - Note: an Auth0 Rule that adds the role to the ID token is required. E.g.: - - ``` - function (user, context, callback) { - if (context.idToken && user.app_metadata && user.app_metadata.role) { - context.idToken['https://source-academy.github.io/role'] = user.app_metadata.role; - } - callback(null, user, context); - } - ``` """ @behaviour Cadet.Auth.Providers.OpenID.ClaimExtractor - def get_username(claims) do + def get_username(claims, _id_token) do if claims["email_verified"] do claims["email"] else @@ -24,9 +13,7 @@ defmodule Cadet.Auth.Providers.Auth0ClaimExtractor do end end - def get_name(claims), do: claims["name"] - - def get_role(claims), do: claims["https://source-academy.github.io/role"] + def get_name(claims, _id_token), do: claims["name"] def get_token_type, do: "id_token" end diff --git a/lib/cadet/auth/providers/cognito_claim_extractor.ex b/lib/cadet/auth/providers/cognito_claim_extractor.ex index ca3053aff..b75368f97 100644 --- a/lib/cadet/auth/providers/cognito_claim_extractor.ex +++ b/lib/cadet/auth/providers/cognito_claim_extractor.ex @@ -5,23 +5,13 @@ defmodule Cadet.Auth.Providers.CognitoClaimExtractor do @behaviour Cadet.Auth.Providers.OpenID.ClaimExtractor - def get_username(claims) do + def get_username(claims, _access_token) do claims["username"] end - def get_name(claims) do + def get_name(claims, _access_token) do claims["username"] end - def get_role(claims) do - case claims["cognito:groups"] do - [head | _] when is_atom(head) -> head - ["admin" | _] -> :admin - ["staff" | _] -> :staff - nil -> nil - _ -> :student - end - end - def get_token_type, do: "access_token" end diff --git a/lib/cadet/auth/providers/config.ex b/lib/cadet/auth/providers/config.ex index 9d338b2dc..726a71658 100644 --- a/lib/cadet/auth/providers/config.ex +++ b/lib/cadet/auth/providers/config.ex @@ -36,13 +36,4 @@ defmodule Cadet.Auth.Providers.Config do _ -> {:error, :invalid_credentials, "Invalid token"} end end - - @spec get_role(any(), Provider.token()) :: - {:ok, Cadet.Accounts.Role.t()} | {:error, Provider.error(), String.t()} - def get_role(config, token) do - case Enum.find(config, nil, fn %{token: this_token} -> token == this_token end) do - %{role: role} -> {:ok, role} - _ -> {:error, :invalid_credentials, "Invalid token"} - end - end end diff --git a/lib/cadet/auth/providers/github.ex b/lib/cadet/auth/providers/github.ex index 039b935fa..2879cec3a 100644 --- a/lib/cadet/auth/providers/github.ex +++ b/lib/cadet/auth/providers/github.ex @@ -68,11 +68,6 @@ defmodule Cadet.Auth.Providers.GitHub do end end - def get_role(_config, _claims) do - # There is no role specified for the GitHub provider - {:error, :invalid_credentials, "No role specified in token"} - end - defp api_call(url, token) do headers = [{"Authorization", "token " <> token}] diff --git a/lib/cadet/auth/providers/google_claim_extractor.ex b/lib/cadet/auth/providers/google_claim_extractor.ex index ab0d41a7a..80a595376 100644 --- a/lib/cadet/auth/providers/google_claim_extractor.ex +++ b/lib/cadet/auth/providers/google_claim_extractor.ex @@ -5,7 +5,7 @@ defmodule Cadet.Auth.Providers.GoogleClaimExtractor do @behaviour Cadet.Auth.Providers.OpenID.ClaimExtractor - def get_username(claims) do + def get_username(claims, _id_token) do if claims["email_verified"] do claims["email"] else @@ -13,11 +13,9 @@ defmodule Cadet.Auth.Providers.GoogleClaimExtractor do end end - def get_name(claims) do + def get_name(claims, _id_token) do claims["name"] end - def get_role(_claims), do: nil - def get_token_type, do: "id_token" end diff --git a/lib/cadet/auth/providers/luminus.ex b/lib/cadet/auth/providers/luminus.ex index 627f4a1a4..6b819c794 100644 --- a/lib/cadet/auth/providers/luminus.ex +++ b/lib/cadet/auth/providers/luminus.ex @@ -64,112 +64,6 @@ defmodule Cadet.Auth.Providers.LumiNUS do end end - @spec get_role(config(), Provider.token()) :: - {:ok, Cadet.Accounts.Role.t()} | {:error, Provider.error(), String.t()} - @doc """ - Get the role of the user corresponding to this token. - - Roles: - - - student permission -> :student - - manager / read manager permissions -> :staff - - owner / co-owner -> :admin - - ## Returns - - - `{:ok, :student}` - valid token, has student permissions - - `{:ok, :staff}` - valid token, has manager or read manager permissions - - `{:ok, :admin}` - valid token, has owner or co-owner permissions - - `{:error, :invalid_credentials, "User is not part of module"}` - valid token - but the user does not currently read the module - - `{:error, :upstream, "Status code xxx from LumiNUS"}` - invalid token or - luminus_client_secret is invalid - - ## Parameters - - - `token`: String, the OAuth2 token - - ## Examples - - iex> Cadet.Accounts.Luminus.fetch_role("T0K3N...") - {:ok, :student} - """ - def get_role(config, token) do - case api_call("module", token, config.api_key) do - {:ok, modules} -> - parse_modules(modules, config.modules) - - {:error, _, _} = error -> - error - end - end - - @student_access %{ - "access_Full" => false, - "access_Create" => false, - "access_Read" => true, - "access_Update" => false, - "access_Delete" => false, - "access_Settings_Read" => false, - "access_Settings_Update" => false - } - - @staff_access %{ - "access_Full" => false, - "access_Settings_Read" => true - } - - @admin_access %{ - "access_Full" => true, - "access_Create" => true, - "access_Read" => true, - "access_Update" => true, - "access_Delete" => true, - "access_Settings_Read" => true, - "access_Settings_Update" => true - } - - defp parse_modules(modules, allowed) do - roles = - modules["data"] - |> Enum.filter(&(module_allowed?(&1, allowed) and module_active?(&1["endDate"]))) - |> Enum.map(&module_to_role/1) - # NOTE: this depends on the fact that the correct role order - # [:admin, :staff, :student] happens to also be sorted, - # and that :unexpected_access sorts after any valid role - |> Enum.sort() - - case roles do - [] -> {:error, :invalid_credentials, "User is not part of module"} - [role | _] when role in [:admin, :staff, :student] -> {:ok, role} - [:unexpected_access | _] -> {:error, :other, "Unexpected access combination"} - end - end - - defp module_to_role(module) do - case module do - %{"access" => @admin_access} -> :admin - %{"access" => @staff_access} -> :staff - %{"access" => @student_access} -> :student - _ -> :unexpected_access - end - end - - defp module_allowed?(module, allowed) do - allowed_terms = allowed[module["name"]] - term = module["term"] - - cond do - is_list(allowed_terms) -> term in allowed_terms - is_binary(allowed_terms) -> term == allowed_terms - true -> false - end - end - - defp module_active?(end_date) do - Timex.before?(Timex.now(), Timex.parse!(end_date, "{ISO:Extended}")) - end - defp api_call(method, token, api_key) do headers = [{"Ocp-Apim-Subscription-Key", api_key}, {"Authorization", "Bearer #{token}"}] options = [timeout: 10_000, recv_timeout: 10_000] diff --git a/lib/cadet/auth/providers/openid.ex b/lib/cadet/auth/providers/openid.ex index bd3d67223..317fe2c00 100644 --- a/lib/cadet/auth/providers/openid.ex +++ b/lib/cadet/auth/providers/openid.ex @@ -29,7 +29,7 @@ defmodule Cadet.Auth.Providers.OpenID do claims, nil )} do - case claim_extractor.get_username(claims) do + case claim_extractor.get_username(claims, token) do nil -> {:error, :invalid_credentials, "No username specified in token"} @@ -56,37 +56,25 @@ defmodule Cadet.Auth.Providers.OpenID do end # issue with JOSE's type specifications - @dialyzer {:no_fail_call, [get_name: 2, get_role: 2]} + @dialyzer {:no_fail_call, [get_name: 2]} @spec get_name(config, Provider.token()) :: {:ok, String.t()} | {:error, Provider.error(), String.t()} def get_name(config, token) do %{claim_extractor: claim_extractor} = config # Assume the token has already been verified by authorise - case claim_extractor.get_name(JOSE.JWT.peek(token).fields) do + case claim_extractor.get_name(JOSE.JWT.peek(token).fields, token) do nil -> {:error, :invalid_credentials, "No name specified in token"} name -> {:ok, name} end end - - @spec get_role(config, Provider.token()) :: - {:ok, Cadet.Accounts.Role.t()} | {:error, Provider.error(), String.t()} - def get_role(config, token) do - %{claim_extractor: claim_extractor} = config - # Assume the token has already been verified by authorise - case claim_extractor.get_role(JOSE.JWT.peek(token).fields) do - nil -> {:error, :invalid_credentials, "No role specified in token"} - role -> {:ok, role} - end - end end defmodule Cadet.Auth.Providers.OpenID.ClaimExtractor do @moduledoc """ A behaviour for modules that extract fields from JWT token claims. """ - @callback get_username(%{}) :: String.t() | nil - @callback get_name(%{}) :: String.t() | nil - @callback get_role(%{}) :: String.t() | nil + @callback get_username(%{}, String.t()) :: String.t() | nil + @callback get_name(%{}, String.t()) :: String.t() | nil @callback get_token_type() :: String.t() | nil end diff --git a/test/cadet/accounts/accounts_test.exs b/test/cadet/accounts/accounts_test.exs index 4193a1883..e9038c8e8 100644 --- a/test/cadet/accounts/accounts_test.exs +++ b/test/cadet/accounts/accounts_test.exs @@ -71,30 +71,12 @@ defmodule Cadet.AccountsTest do end test_with_mock "upstream error", Cadet.Auth.Provider, - get_role: fn _, _ -> {:error, :upstream, "Upstream error"} end, get_name: fn _, _ -> {:error, :upstream, "Upstream error"} end do assert {:error, :bad_request, "Upstream error"} == Accounts.sign_in("student", "student_token", "test") end end - # describe "sign in with unregistered user gets the right roles" do - # test ~s(user has admin access) do - # assert {:ok, user} = Accounts.sign_in("admin", "admin_token", "test") - # assert %{role: :admin} = user - # end - - # test ~s(user has staff access) do - # assert {:ok, user} = Accounts.sign_in("staff", "staff_token", "test") - # assert %{role: :staff} = user - # end - - # test ~s(user has student access) do - # assert {:ok, user} = Accounts.sign_in("student", "student_token", "test") - # assert %{role: :student} = user - # end - # end - describe "insert_or_update_user" do test "existing user" do user = insert(:user) diff --git a/test/cadet/auth/provider_test.exs b/test/cadet/auth/provider_test.exs index 3d59ae01e..8546cd5a6 100644 --- a/test/cadet/auth/provider_test.exs +++ b/test/cadet/auth/provider_test.exs @@ -18,8 +18,5 @@ defmodule Cadet.Auth.ProviderTest do assert {:error, :other, "Invalid or nonexistent provider config"} = Provider.get_name("32523453", "student_token") - - assert {:error, :other, "Invalid or nonexistent provider config"} = - Provider.get_role("tes0938456720t", "student_token") end end diff --git a/test/cadet/auth/providers/auth0_claim_extractor_test.exs b/test/cadet/auth/providers/auth0_claim_extractor_test.exs index 50b191f01..76172187a 100644 --- a/test/cadet/auth/providers/auth0_claim_extractor_test.exs +++ b/test/cadet/auth/providers/auth0_claim_extractor_test.exs @@ -13,9 +13,8 @@ defmodule Cadet.Auth.Providers.Auth0ClaimExtractorTest do "https://source-academy.github.io/role" => "admin" } - assert Testee.get_username(claims) == @username - assert Testee.get_name(claims) == "name name" - assert Testee.get_role(claims) == "admin" + assert Testee.get_username(claims, "") == @username + assert Testee.get_name(claims, "") == "name name" assert Testee.get_token_type() == "id_token" end @@ -23,6 +22,6 @@ defmodule Cadet.Auth.Providers.Auth0ClaimExtractorTest do test "test non-verified email" do claims = %{"email" => @username, "email_verified" => false} - assert is_nil(Testee.get_username(claims)) + assert is_nil(Testee.get_username(claims, "")) end end diff --git a/test/cadet/auth/providers/cognito_claim_extractor_test.exs b/test/cadet/auth/providers/cognito_claim_extractor_test.exs index a4267ada6..7356f7257 100644 --- a/test/cadet/auth/providers/cognito_claim_extractor_test.exs +++ b/test/cadet/auth/providers/cognito_claim_extractor_test.exs @@ -8,10 +8,8 @@ defmodule Cadet.Auth.Providers.CognitoClaimExtractorTest do @claims %{"username" => @username, "cognito:groups" => [Atom.to_string(@role)]} test "test" do - assert @username == Testee.get_username(@claims) - assert @username == Testee.get_name(@claims) - assert @role == Testee.get_role(@claims) - assert :admin == Testee.get_role(%{"cognito:groups" => [:admin]}) + assert @username == Testee.get_username(@claims, "") + assert @username == Testee.get_name(@claims, "") assert Testee.get_token_type() == "access_token" end diff --git a/test/cadet/auth/providers/config_test.exs b/test/cadet/auth/providers/config_test.exs index b2ad33aef..b49d39d03 100644 --- a/test/cadet/auth/providers/config_test.exs +++ b/test/cadet/auth/providers/config_test.exs @@ -39,14 +39,4 @@ defmodule Cadet.Auth.Providers.ConfigTest do assert {:error, _, _} = Config.get_name(@config, @token <> "dflajhdfs") end end - - describe "get role" do - test "successfully" do - assert {:ok, @role} = Config.get_role(@config, @token) - end - - test "with wrong token" do - assert {:error, _, _} = Config.get_role(@config, @token <> "dflajhdfs") - end - end end diff --git a/test/cadet/auth/providers/google_claim_extractor_test.exs b/test/cadet/auth/providers/google_claim_extractor_test.exs index 9f3b499c7..565413c43 100644 --- a/test/cadet/auth/providers/google_claim_extractor_test.exs +++ b/test/cadet/auth/providers/google_claim_extractor_test.exs @@ -8,9 +8,8 @@ defmodule Cadet.Auth.Providers.GoogleClaimExtractorTest do test "test verified email" do claims = %{"email" => @username, "email_verified" => true} - assert Testee.get_username(claims) == @username - assert is_nil(Testee.get_name(claims)) - assert is_nil(Testee.get_role(claims)) + assert Testee.get_username(claims, "") == @username + assert is_nil(Testee.get_name(claims, "")) assert Testee.get_token_type() == "id_token" end @@ -18,8 +17,7 @@ defmodule Cadet.Auth.Providers.GoogleClaimExtractorTest do test "test non-verified email" do claims = %{"email" => @username, "email_verified" => false} - assert is_nil(Testee.get_username(claims)) - assert is_nil(Testee.get_name(claims)) - assert is_nil(Testee.get_role(claims)) + assert is_nil(Testee.get_username(claims, "")) + assert is_nil(Testee.get_name(claims, "")) end end diff --git a/test/cadet/auth/providers/luminus_test.exs b/test/cadet/auth/providers/luminus_test.exs index 896a4af54..4f53f2dca 100644 --- a/test/cadet/auth/providers/luminus_test.exs +++ b/test/cadet/auth/providers/luminus_test.exs @@ -104,118 +104,4 @@ defmodule Cadet.Auth.Providers.LumiNUSTest do end end end - - describe "Fetch a role" do - test "Using a valid token" do - use_cassette "luminus/get_role#1", custom: true do - assert {:ok, role} = LumiNUS.get_role(@config, @token) - assert role in [:student, :staff, :admin] - end - end - - test "Using an invalid token" do - use_cassette "luminus/get_role#2", custom: true do - assert {:error, :upstream, _} = LumiNUS.get_role(@config, @token <> "Z") - end - end - end - - describe "Map access rights to correct role" do - test "User does not read CS1101S" do - use_cassette "luminus/get_role#3", custom: true do - assert {:error, :invalid_credentials, "User is not part of module"} = - LumiNUS.get_role(@config, @token) - end - end - - test "User no longer reads CS1101S" do - use_cassette "luminus/get_role#4", custom: true do - assert {:error, :invalid_credentials, "User is not part of module"} = - LumiNUS.get_role(@config, @token) - end - end - - test "User is staff of CS1101S from old semester" do - use_cassette "luminus/get_role#10", custom: true do - assert {:error, :invalid_credentials, "User is not part of module"} = - LumiNUS.get_role(@config, @token) - end - end - - test "Student role maps to :student" do - use_cassette "luminus/get_role#5", custom: true do - assert {:ok, :student} = LumiNUS.get_role(@config, @token) - end - end - - test "Read Manager role maps to :staff" do - use_cassette "luminus/get_role#6", custom: true do - assert {:ok, :staff} = LumiNUS.get_role(@config, @token) - end - end - - test "Manager role maps to :staff" do - use_cassette "luminus/get_role#7", custom: true do - assert {:ok, :staff} = LumiNUS.get_role(@config, @token) - end - end - - test "Owner/Co-owner role maps to :admin" do - use_cassette "luminus/get_role#8", custom: true do - assert {:ok, :admin} = LumiNUS.get_role(@config, @token) - end - end - - test "Unknown access role" do - use_cassette "luminus/get_role#9", custom: true do - assert {:error, :other, "Unexpected access combination"} = - LumiNUS.get_role(@config, @token) - end - end - - test "One with multiple modules allowed (1)" do - use_cassette "luminus/get_role#11", custom: true do - assert {:ok, :staff} = LumiNUS.get_role(@config, @token) - end - end - - test "One with multiple modules allowed (2)" do - use_cassette "luminus/get_role#11", custom: true do - assert {:ok, :admin} = - LumiNUS.get_role( - %{ - api_key: "API_KEY", - modules: %{"XY1101Z" => "2010"} - }, - @token - ) - end - end - - test "Highest role of multiple modules taken" do - use_cassette "luminus/get_role#11", custom: true do - assert {:ok, :admin} = - LumiNUS.get_role( - %{ - api_key: "API_KEY", - modules: %{"XY1101Z" => "2010", "CS1101S" => "2010"} - }, - @token - ) - end - end - - test "Multiple terms" do - use_cassette "luminus/get_role#10", custom: true do - assert {:ok, :staff} = - LumiNUS.get_role( - %{ - api_key: "API_KEY", - modules: %{"CS1101S" => ["1910", "2010"]} - }, - @token - ) - end - end - end end diff --git a/test/cadet/auth/providers/openid_test.exs b/test/cadet/auth/providers/openid_test.exs index 27d0aed70..fef336ddd 100644 --- a/test/cadet/auth/providers/openid_test.exs +++ b/test/cadet/auth/providers/openid_test.exs @@ -33,7 +33,6 @@ defmodule Cadet.Auth.Providers.OpenIDTest do """ @username "username" - @role :admin @openid_provider_name :test @@ -107,7 +106,6 @@ defmodule Cadet.Auth.Providers.OpenIDTest do OpenID.authorise(@config, "dummy_code", "", "") assert {:ok, @username} == OpenID.get_name(@config, @okay_token) - assert {:ok, @role} == OpenID.get_role(@config, @okay_token) end @no_username_token "eyJraWQiOiIxIiwiYWxnIjoiUlMyNTYifQ.eyJjb2duaXRvOmdyb3VwcyI6WyJhZG1pbiJdfQ.oAcQXHRZjm9lje8SoIkLBan4ucZDorWuqVU4dtFySh0br48f722VOZ4Ejwm23ha8TMYSmHpOnyS0WKOrBN1tYtmTvaApLT1Q7zphtGLoGVhrQRx-cM23vCswLQWesbmhgD-QzFkTXCnAXy8N2EjaBehWJbBuslZZpqH1R9LIZiqzTEtoY1wIK_ndClZZ2qswVuNdoWBWJShJDvmJAgphb7roKEG5KEc70jb8cOE79CKXpj_uKJwLYrcLpzVyZwLNJevi6FiT2wLIBr2HCL8_Vrv6SmVtLlvRU23-IIyXxdAce4KIyMTC2BovvTgGZtiXPjMOlcklyZMDeIyaWBosMA" @@ -142,13 +140,6 @@ defmodule Cadet.Auth.Providers.OpenIDTest do OpenID.authorise(@config, "dummy_code", "", "") end - @empty_token "eyJraWQiOiIxIiwiYWxnIjoiUlMyNTYifQ.e30.Fi_39PCZ0w5FbyE2xtvnBfVKmGitgH0BdRgmKa70WJBemiZsa1g5tifFRo0Ns74LTXhtK2xHk2jeLuZ3GU4ReYPmMXnnuCDU-6gw-Aavz9Iqj7MxM78v-Sn7icJey-6U4PPVUk-6BPEw2VaXb4FWk2zK6UzGxlFst0_jUJCpoClIhyvTRC8_JgLbDGfwbEYv3VNYwg5XB3NGlBsPZdBFEvcWNgJzfFl5V362H3b2R3u0KC5nBDnICAkghy_HON68ZdTmnhojCxfdYGilmDmzDUqRbqUWAfRDGFqwEhw4OOjRadMwxdC_ks7Z5tSFcVoY7US7XYW_XbK6TsD3qLU-iQ" - - test "get_role with no role in token" do - assert {:error, :invalid_credentials, "No role specified in token"} == - OpenID.get_role(@config, @empty_token) - end - test "non-successful HTTP status", %{bypass: bypass} do Bypass.stub(bypass, "POST", "/oauth2/token", fn conn -> PlugConn.resp(conn, 403, "")