Fix account and backup admin settings flows

2026-03-28 15:30:07 +01:00
parent 5f14490ead
commit 4103f84f85
12 changed files with 446 additions and 37 deletions
@@ -0,0 +1,58 @@
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using JobTrackerApi.Services;
+using Microsoft.Extensions.Configuration;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using Moq;
+using Xunit;
+
+namespace JobTrackerApi.Tests;
+
+public sealed class GoogleTokenValidatorTests
+{
+    [Fact]
+    public async Task ValidateAsync_accepts_subject_mapped_to_nameidentifier_claim()
+    {
+        var config = new ConfigurationBuilder()
+            .AddInMemoryCollection(new Dictionary<string, string?>
+            {
+                ["Auth:GoogleClientId"] = "client-123",
+            })
+            .Build();
+
+        var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("super-secret-signing-key-super-secret"));
+        var oidc = new OpenIdConnectConfiguration();
+        oidc.SigningKeys.Add(signingKey);
+
+        var configManager = new Mock<IConfigurationManager<OpenIdConnectConfiguration>>();
+        configManager.Setup(x => x.GetConfigurationAsync(It.IsAny<CancellationToken>())).ReturnsAsync(oidc);
+
+        var token = new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
+            issuer: "https://accounts.google.com",
+            audience: "client-123",
+            claims: new[]
+            {
+                new Claim(JwtRegisteredClaimNames.Sub, "google-subject-1"),
+                new Claim("email", "demo@example.com"),
+                new Claim("email_verified", "true"),
+                new Claim("given_name", "Demo"),
+                new Claim("family_name", "User"),
+                new Claim("name", "Demo User"),
+            },
+            expires: DateTime.UtcNow.AddMinutes(10),
+            signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)));
+
+        var validator = new GoogleTokenValidator(config, configManager.Object);
+        var result = await validator.ValidateAsync(token);
+
+        Assert.Equal("google-subject-1", result.Subject);
+        Assert.Equal("demo@example.com", result.Email);
+        Assert.True(result.EmailVerified);
+        Assert.Equal("Demo", result.GivenName);
+        Assert.Equal("User", result.FamilyName);
+        Assert.Equal("Demo User", result.Name);
+    }
+}