From c16ebe1707137f80374e6daf5e95c27461500f8a Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 13 Nov 2024 13:45:44 -0800 Subject: [PATCH] add unit test for audit logging when token refresh updates groups --- .../endpoints/token/token_handler_test.go | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/internal/federationdomain/endpoints/token/token_handler_test.go b/internal/federationdomain/endpoints/token/token_handler_test.go index 228b4175e..1eeb148e1 100644 --- a/internal/federationdomain/endpoints/token/token_handler_test.go +++ b/internal/federationdomain/endpoints/token/token_handler_test.go @@ -2961,6 +2961,41 @@ func TestRefreshGrant(t *testing.T) { {Text: `User "some-username" has been added to the following groups: ["new-group1" "new-group2" "new-group3"]`}, {Text: `User "some-username" has been removed from the following groups: ["group1" "groups2"]`}, }, + wantAuditLogs: func(sessionID string) []testutil.WantedAuditLog { + return []testutil.WantedAuditLog{ + testutil.WantAuditLog("HTTP Request Parameters", map[string]any{ + "params": map[string]any{ + "client_id": "pinniped-cli", + "grant_type": "refresh_token", + "refresh_token": "redacted", + "scope": "openid", + }, + }), + testutil.WantAuditLog("Identity Refreshed From Upstream IDP", map[string]any{ + "sessionID": sessionID, + "personalInfo": map[string]any{ + "upstreamGroups": []any{ + "new-group1", + "new-group2", + "new-group3", + }, + "upstreamUsername": "some-username", + }, + }), + testutil.WantAuditLog("Session Refreshed", map[string]any{ + "sessionID": sessionID, + "personalInfo": map[string]any{ + "username": "some-username", + "groups": []any{ + "new-group1", + "new-group2", + "new-group3", + }, + "subject": "https://issuer?sub=some-subject", + }, + }), + } + }, }, }, },