diff --git a/pkg/db/fixtures/users.yml b/pkg/db/fixtures/users.yml index e3f23c58d..8d251da66 100644 --- a/pkg/db/fixtures/users.yml +++ b/pkg/db/fixtures/users.yml @@ -145,3 +145,13 @@ issuer: local updated: 2018-12-02 15:13:12 created: 2018-12-01 15:13:12 +# User with openid avatar provider for SSO avatar reset tests +- id: 19 + username: 'user_openid_avatar' + password: '$2a$04$X4aRMEt0ytgPwMIgv36cI..7X9.nhY/.tYwxpqSi0ykRHx2CwQ0S6' + email: 'user_openid_avatar@example.com' + issuer: 'https://some.service.com' + subject: 'openid-avatar-test' + avatar_provider: 'openid' + updated: 2018-12-02 15:13:12 + created: 2018-12-01 15:13:12 diff --git a/pkg/modules/auth/openid/openid_test.go b/pkg/modules/auth/openid/openid_test.go index 21231b7ec..56ce6a549 100644 --- a/pkg/modules/auth/openid/openid_test.go +++ b/pkg/modules/auth/openid/openid_test.go @@ -419,3 +419,49 @@ func TestMergeClaims(t *testing.T) { assert.ErrorAs(t, err, &expectedErr) }) } + +func TestSyncUserAvatarFromOpenID(t *testing.T) { + t.Run("empty picture URL resets openid provider to default", func(t *testing.T) { + db.LoadAndAssertFixtures(t) + s := db.NewSession() + defer s.Close() + + // Use the fixture user that has avatar_provider = "openid" + u, err := user.GetUserByID(s, 19) + require.NoError(t, err) + assert.Equal(t, "openid", u.AvatarProvider, "precondition: user should have openid avatar provider") + + err = syncUserAvatarFromOpenID(s, u, "") + require.NoError(t, err) + err = s.Commit() + require.NoError(t, err) + + // Verify the avatar provider was reset to default in the database + db.AssertExists(t, "users", map[string]interface{}{ + "id": 19, + "avatar_provider": "default", + }, false) + }) + + t.Run("empty picture URL does not reset non-openid provider", func(t *testing.T) { + db.LoadAndAssertFixtures(t) + s := db.NewSession() + defer s.Close() + + // Use a regular user (avatar_provider is empty/"default") + u, err := user.GetUserByID(s, 1) + require.NoError(t, err) + + err = syncUserAvatarFromOpenID(s, u, "") + require.NoError(t, err) + err = s.Commit() + require.NoError(t, err) + + // Verify the avatar provider was NOT changed to "default" or anything else + s2 := db.NewSession() + defer s2.Close() + updatedUser, err := user.GetUserByID(s2, 1) + require.NoError(t, err) + assert.Equal(t, "", updatedUser.AvatarProvider, "avatar provider should remain empty for non-openid user") + }) +}