File Coverage

blib/lib/OIDC/Client/Role/ConfigurationChecker.pm

Criterion	Covered	Total	%
statement	51	51	100.0
branch	8	10	80.0
condition	1	3	33.3
subroutine	11	11	100.0
pod			n/a
total	71	75	94.6

line	stmt	bran	cond	sub	time	code
1						package OIDC::Client::Role::ConfigurationChecker;
2	3			3	147799	use utf8;
	3				255
	3				28
3	3			3	953	use Moose::Role;
	3				493696
	3				26
4	3			3	21800	use MooseX::Params::Validate;
	3				96114
	3				34
5	3			3	1948	use namespace::autoclean;
	3				7661
	3				28
6	3			3	323	use feature 'signatures';
	3				4
	3				491
7	3			3	19	no warnings 'experimental::signatures';
	3				20
	3				1529
8	3			3	24	use Carp qw(croak);
	3				9
	3				272
9	3			3	2431	use List::MoreUtils qw(duplicates);
	3				49383
	3				34
10
11						=encoding utf8
12
13						=head1 NAME
14
15						OIDC::Client::Role::ConfigurationChecker - Configuration checker
16
17						=head1 DESCRIPTION
18
19						This Moose role covers private methods for checking the configuration.
20
21						=cut
22
23
24						requires qw(config
25						audience
26						store_mode
27						token_endpoint_grant_type);
28
29
30	61			61	128	sub _check_configuration ($self) {
	61				116
	61				395
31	61				99	my @config = %{$self->config};
	61				2593
32
33	61				3693	validated_hash(
34						\@config,
35						provider => { isa => 'Str', optional => 1 },
36						store_mode => { isa => 'StoreMode', optional => 1 },
37						proxy_detect => { isa => 'Bool', optional => 1 },
38						user_agent => { isa => 'Str', optional => 1 },
39						id => { isa => 'Str', optional => 1 },
40						secret => { isa => 'Str', optional => 1 },
41						private_jwk_file => { isa => 'Str', optional => 1 },
42						private_jwk => { isa => 'HashRef', optional => 1 },
43						private_key_file => { isa => 'Str', optional => 1 },
44						private_key => { isa => 'Str', optional => 1 },
45						audience => { isa => 'Str', optional => 1 },
46						role_prefix => { isa => 'Str', optional => 1 },
47						well_known_url => { isa => 'Str', optional => 1 },
48						issuer => { isa => 'Str', optional => 1 },
49						jwks_url => { isa => 'Str', optional => 1 },
50						authorize_url => { isa => 'Str', optional => 1 },
51						token_url => { isa => 'Str', optional => 1 },
52						introspection_url => { isa => 'Str', optional => 1 },
53						userinfo_url => { isa => 'Str', optional => 1 },
54						end_session_url => { isa => 'Str', optional => 1 },
55						signin_redirect_path => { isa => 'Str', optional => 1 },
56						signin_redirect_uri => { isa => 'Str', optional => 1 },
57						scope => { isa => 'Str', optional => 1 },
58						refresh_scope => { isa => 'Str', optional => 1 },
59						identity_expires_in => { isa => 'Int', optional => 1 },
60						expiration_leeway => { isa => 'Int', optional => 1 },
61						max_id_token_age => { isa => 'Int', optional => 1 },
62						jwt_decoding_options => { isa => 'HashRef', optional => 1 },
63						client_secret_jwt_encoding_options => { isa => 'HashRef', optional => 1 },
64						private_key_jwt_encoding_options => { isa => 'HashRef', optional => 1 },
65						claim_mapping => { isa => 'HashRef[Str]', optional => 1 },
66						audience_alias => { isa => 'HashRef[HashRef]', optional => 1 },
67						authorize_endpoint_response_mode => { isa => 'ResponseMode', optional => 1 },
68						authorize_endpoint_extra_params => { isa => 'HashRef', optional => 1 },
69						token_validation_method => { isa => 'TokenValidationMethod', optional => 1 },
70						token_endpoint_grant_type => { isa => 'GrantType', optional => 1 },
71						client_auth_method => { isa => 'ClientAuthMethod', optional => 1 },
72						token_endpoint_auth_method => { isa => 'ClientAuthMethod', optional => 1 },
73						introspection_endpoint_auth_method => { isa => 'ClientAuthMethod', optional => 1 },
74						client_assertion_lifetime => { isa => 'Int', optional => 1 },
75						client_assertion_audience => { isa => 'Str', optional => 1 },
76						username => { isa => 'Str', optional => 1 },
77						password => { isa => 'Str', optional => 1 },
78						logout_redirect_path => { isa => 'Str', optional => 1 },
79						post_logout_redirect_uri => { isa => 'Str', optional => 1 },
80						logout_with_id_token => { isa => 'Bool', optional => 1 },
81						logout_extra_params => { isa => 'HashRef', optional => 1 },
82						cache_config => { isa => 'HashRef', optional => 1 },
83						mocked_identity => { isa => 'HashRef', optional => 1 },
84						mocked_access_token => { isa => 'HashRef', optional => 1 },
85						mocked_userinfo => { isa => 'HashRef', optional => 1 },
86						);
87						}
88
89
90	60			60	151	sub _check_audiences_configuration ($self) {
	60				4708
	60				104
91	60	100			108	my %config_audience_alias = %{ $self->config->{audience_alias} \|\| {} };
	60				2613
92
93	70				212	my @possible_audiences = grep { $_ } ($self->audience,
94	60				2289	map { $_->{audience} } values %config_audience_alias);
	11				34
95
96	59	100			517	if (my @duplicates_audiences = duplicates(@possible_audiences)) {
97	1				19	croak(sprintf('OIDC: these configured audiences are duplicated: %s', join(', ', @duplicates_audiences)));
98						}
99
100	58				363	foreach my $audience_alias (keys %config_audience_alias) {
101	7	50			300	my @config_audience = %{$config_audience_alias{$audience_alias} \|\| {}};
	7				27
102	7				32	validated_hash(
103						\@config_audience,
104						audience => { isa => 'Str', optional => 0 },
105						scope => { isa => 'Str', optional => 1 },
106						);
107						}
108						}
109
110
111	58			58	99	sub _check_cache_configuration ($self) {
	58				106
	58				110
112	58	100			2219	if ($self->store_mode eq 'cache') {
113	1				50	my $grant_type = $self->token_endpoint_grant_type;
114	1	50	33		9	unless ($grant_type eq 'client_credentials' \|\| $grant_type eq 'password') {
115	1				17	croak("OIDC: you cannot use the 'cache' store mode with the '$grant_type' grant type, "
116						. "but only with the 'client_credentials' or 'password' grant types");
117						}
118						}
119						}
120
121
122						1;