Adding upstream version 0.28.1.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-22 10:57:38 +02:00 · 2025-05-22 10:57:38 +02:00 · e28c88ef14
commit e28c88ef14
parent 88f1d47ab6
933 changed files with 194711 additions and 0 deletions
--- a/apis/record_auth_methods_test.go
+++ b/apis/record_auth_methods_test.go
@ -0,0 +1,106 @@
+package apis_test
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tests"
+)
+
+func TestRecordAuthMethodsList(t *testing.T) {
+	t.Parallel()
+
+	scenarios := []tests.ApiScenario{
+		{
+			Name:            "missing collection",
+			Method:          http.MethodGet,
+			URL:             "/api/collections/missing/auth-methods",
+			ExpectedStatus:  404,
+			ExpectedContent: []string{`"data":{}`},
+			ExpectedEvents:  map[string]int{"*": 0},
+		},
+		{
+			Name:            "non auth collection",
+			Method:          http.MethodGet,
+			URL:             "/api/collections/demo1/auth-methods",
+			ExpectedStatus:  404,
+			ExpectedContent: []string{`"data":{}`},
+			ExpectedEvents:  map[string]int{"*": 0},
+		},
+		{
+			Name:           "auth collection with none auth methods allowed",
+			Method:         http.MethodGet,
+			URL:            "/api/collections/nologin/auth-methods",
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				`"password":{"identityFields":[],"enabled":false}`,
+				`"oauth2":{"providers":[],"enabled":false}`,
+				`"mfa":{"enabled":false,"duration":0}`,
+				`"otp":{"enabled":false,"duration":0}`,
+			},
+			ExpectedEvents: map[string]int{"*": 0},
+		},
+		{
+			Name:           "auth collection with all auth methods allowed",
+			Method:         http.MethodGet,
+			URL:            "/api/collections/users/auth-methods",
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				`"password":{"identityFields":["email","username"],"enabled":true}`,
+				`"mfa":{"enabled":true,"duration":1800}`,
+				`"otp":{"enabled":true,"duration":300}`,
+				`"oauth2":{`,
+				`"providers":[{`,
+				`"name":"google"`,
+				`"name":"gitlab"`,
+				`"state":`,
+				`"displayName":`,
+				`"codeVerifier":`,
+				`"codeChallenge":`,
+				`"codeChallengeMethod":`,
+				`"authURL":`,
+				`redirect_uri="`, // ensures that the redirect_uri is the last url param
+			},
+			ExpectedEvents: map[string]int{"*": 0},
+		},
+
+		// rate limit checks
+		// -----------------------------------------------------------
+		{
+			Name:   "RateLimit rule - nologin:listAuthMethods",
+			Method: http.MethodGet,
+			URL:    "/api/collections/nologin/auth-methods",
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.Settings().RateLimits.Enabled = true
+				app.Settings().RateLimits.Rules = []core.RateLimitRule{
+					{MaxRequests: 100, Label: "abc"},
+					{MaxRequests: 100, Label: "*:listAuthMethods"},
+					{MaxRequests: 0, Label: "nologin:listAuthMethods"},
+				}
+			},
+			ExpectedStatus:  429,
+			ExpectedContent: []string{`"data":{}`},
+			ExpectedEvents:  map[string]int{"*": 0},
+		},
+		{
+			Name:   "RateLimit rule - *:listAuthMethods",
+			Method: http.MethodGet,
+			URL:    "/api/collections/nologin/auth-methods",
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.Settings().RateLimits.Enabled = true
+				app.Settings().RateLimits.Rules = []core.RateLimitRule{
+					{MaxRequests: 100, Label: "abc"},
+					{MaxRequests: 0, Label: "*:listAuthMethods"},
+				}
+			},
+			ExpectedStatus:  429,
+			ExpectedContent: []string{`"data":{}`},
+			ExpectedEvents:  map[string]int{"*": 0},
+		},
+	}
+
+	for _, scenario := range scenarios {
+		scenario.Test(t)
+	}
+}