letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
6421d9d1f516aac78acb6b2b1ace6a486811b4f5
letro-authentication-service/policies/register/register_test.rego
Quentin Gliech 6421d9d1f5 Add license headers in most files that missed them
2025-06-12 11:01:07 +02:00

119 lines
3.5 KiB
Rego
Raw Blame History

# Copyright 2025 New Vector Ltd.
#
# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
# Please see LICENSE files in the repository root for full details.
package register_test
import data.register
import rego.v1
mock_registration := {
"registration_method": "password",
"username": "hello",
"email": "hello@staging.element.io",
}
test_allow_all_domains if {
register.allow with input as mock_registration
}
test_allowed_domain if {
register.allow with input as mock_registration
with data.allowed_domains as ["*.element.io"]
}
test_not_allowed_domain if {
not register.allow with input as mock_registration
with data.allowed_domains as ["example.com"]
}
test_banned_domain if {
not register.allow with input as mock_registration
with data.banned_domains as ["*.element.io"]
}
test_banned_subdomain if {
not register.allow with input as mock_registration
with data.allowed_domains as ["*.element.io"]
with data.banned_domains as ["staging.element.io"]
}
test_email_required if {
not register.allow with input as {"username": "hello", "registration_method": "password"}
}
test_no_email if {
register.allow with input as {"username": "hello", "registration_method": "upstream-oauth2"}
}
test_empty_username if {
not register.allow with input as {"username": "", "registration_method": "upstream-oauth2"}
}
test_long_username if {
not register.allow with input as {
"username": concat("", ["a" | some x in numbers.range(1, 249)]),
"registration_method": "upstream-oauth2",
}
with data.server_name as "matrix.org"
# This makes a MXID that is exactly 255 characters long
register.allow with input as {
"username": concat("", ["a" | some x in numbers.range(1, 249)]),
"registration_method": "upstream-oauth2",
}
with data.server_name as "a.io"
not register.allow with input as {
"username": concat("", ["a" | some x in numbers.range(1, 250)]),
"registration_method": "upstream-oauth2",
}
with data.server_name as "a.io"
}
test_invalid_username if {
not register.allow with input as {"username": "hello world", "registration_method": "upstream-oauth2"}
}
test_numeric_username if {
not register.allow with input as {"username": "1234", "registration_method": "upstream-oauth2"}
}
test_allowed_username if {
register.allow with input as {"username": "hello", "registration_method": "upstream-oauth2"}
with data.registration.allowed_usernames.literals as ["hello"]
not register.allow with input as {"username": "hello", "registration_method": "upstream-oauth2"}
with data.registration.allowed_usernames.literals as ["world"]
}
test_banned_username if {
not register.allow with input as {"username": "hello", "registration_method": "upstream-oauth2"}
with data.registration.banned_usernames.literals as ["hello"]
register.allow with input as {"username": "hello", "registration_method": "upstream-oauth2"}
with data.registration.banned_usernames.literals as ["world"]
}
test_ip_ban if {
not register.allow with input as {
"username": "hello",
"registration_method": "upstream-oauth2",
"requester": {"ip_address": "1.1.1.1"},
}
with data.requester.banned_ips as ["1.1.1.1"]
not register.allow with input as {
"username": "hello",
"registration_method": "upstream-oauth2",
"requester": {"ip_address": "1.1.1.1"},
}
with data.requester.banned_ips as ["1.0.0.0/8"]
not register.allow with input as {
"username": "hello",
"registration_method": "upstream-oauth2",
"requester": {"user_agent": "Evil Client"},
}
with data.requester.banned_user_agents.substrings as ["Evil"]
}
Reference in New Issue View Git Blame Copy Permalink