Add OIDC fixes, add prefered_username, add application-user claims

2025-11-25 16:29:40 +11:00
parent 7796c38c08
commit d6029556d3
34 changed files with 1003 additions and 64 deletions
--- a/test/controllers/oidc_authorization_code_security_test.rb
+++ b/test/controllers/oidc_authorization_code_security_test.rb
@@ -19,8 +19,9 @@ class OidcAuthorizationCodeSecurityTest < ActionDispatch::IntegrationTest
  end

  def teardown
-    OidcAuthorizationCode.where(application: @application).destroy_all
-    OidcAccessToken.where(application: @application).destroy_all
+    OidcAuthorizationCode.where(application: @application).delete_all
+    # Use delete_all to avoid triggering callbacks that might have issues with the schema
+    OidcAccessToken.where(application: @application).delete_all
    @user.destroy
    @application.destroy
  end
--- a/test/controllers/passwords_controller_test.rb
+++ b/test/controllers/passwords_controller_test.rb
@@ -11,7 +11,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
  test "create" do
    post passwords_path, params: { email_address: @user.email_address }
    assert_enqueued_email_with PasswordsMailer, :reset, args: [ @user ]
-    assert_redirected_to new_session_path
+    assert_redirected_to signin_path

    follow_redirect!
    assert_notice "reset instructions sent"
@@ -20,14 +20,14 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
  test "create for an unknown user redirects but sends no mail" do
    post passwords_path, params: { email_address: "missing-user@example.com" }
    assert_enqueued_emails 0
-    assert_redirected_to new_session_path
+    assert_redirected_to signin_path

    follow_redirect!
    assert_notice "reset instructions sent"
  end

  test "edit" do
-    get edit_password_path(@user.password_reset_token)
+    get edit_password_path(@user.generate_token_for(:password_reset))
    assert_response :success
  end

@@ -41,8 +41,8 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest

  test "update" do
    assert_changes -> { @user.reload.password_digest } do
-      put password_path(@user.password_reset_token), params: { password: "new", password_confirmation: "new" }
-      assert_redirected_to new_session_path
+      put password_path(@user.generate_token_for(:password_reset)), params: { password: "newpassword", password_confirmation: "newpassword" }
+      assert_redirected_to signin_path
    end

    follow_redirect!
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -18,7 +18,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
  test "create with invalid credentials" do
    post session_path, params: { email_address: @user.email_address, password: "wrong" }

-    assert_redirected_to new_session_path
+    assert_redirected_to signin_path
    assert_nil cookies[:session_id]
  end

@@ -27,7 +27,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest

    delete session_path

-    assert_redirected_to new_session_path
+    assert_redirected_to signin_path
    assert_empty cookies[:session_id]
  end
 end