98 lines
2.7 KiB
TypeScript
98 lines
2.7 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import { evaluateSenderGroupAccess, evaluateSenderGroupAccessForPolicy } from "./group-access.js";
|
|
|
|
describe("evaluateSenderGroupAccessForPolicy", () => {
|
|
it("blocks disabled policy", () => {
|
|
const decision = evaluateSenderGroupAccessForPolicy({
|
|
groupPolicy: "disabled",
|
|
groupAllowFrom: ["123"],
|
|
senderId: "123",
|
|
isSenderAllowed: () => true,
|
|
});
|
|
|
|
expect(decision).toMatchObject({ allowed: false, reason: "disabled", groupPolicy: "disabled" });
|
|
});
|
|
|
|
it("blocks allowlist with empty list", () => {
|
|
const decision = evaluateSenderGroupAccessForPolicy({
|
|
groupPolicy: "allowlist",
|
|
groupAllowFrom: [],
|
|
senderId: "123",
|
|
isSenderAllowed: () => true,
|
|
});
|
|
|
|
expect(decision).toMatchObject({
|
|
allowed: false,
|
|
reason: "empty_allowlist",
|
|
groupPolicy: "allowlist",
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("evaluateSenderGroupAccess", () => {
|
|
it("defaults missing provider config to allowlist", () => {
|
|
const decision = evaluateSenderGroupAccess({
|
|
providerConfigPresent: false,
|
|
configuredGroupPolicy: undefined,
|
|
defaultGroupPolicy: "open",
|
|
groupAllowFrom: ["123"],
|
|
senderId: "123",
|
|
isSenderAllowed: () => true,
|
|
});
|
|
|
|
expect(decision).toEqual({
|
|
allowed: true,
|
|
groupPolicy: "allowlist",
|
|
providerMissingFallbackApplied: true,
|
|
reason: "allowed",
|
|
});
|
|
});
|
|
|
|
it("blocks disabled policy", () => {
|
|
const decision = evaluateSenderGroupAccess({
|
|
providerConfigPresent: true,
|
|
configuredGroupPolicy: "disabled",
|
|
defaultGroupPolicy: "open",
|
|
groupAllowFrom: ["123"],
|
|
senderId: "123",
|
|
isSenderAllowed: () => true,
|
|
});
|
|
|
|
expect(decision).toMatchObject({ allowed: false, reason: "disabled", groupPolicy: "disabled" });
|
|
});
|
|
|
|
it("blocks allowlist with empty list", () => {
|
|
const decision = evaluateSenderGroupAccess({
|
|
providerConfigPresent: true,
|
|
configuredGroupPolicy: "allowlist",
|
|
defaultGroupPolicy: "open",
|
|
groupAllowFrom: [],
|
|
senderId: "123",
|
|
isSenderAllowed: () => true,
|
|
});
|
|
|
|
expect(decision).toMatchObject({
|
|
allowed: false,
|
|
reason: "empty_allowlist",
|
|
groupPolicy: "allowlist",
|
|
});
|
|
});
|
|
|
|
it("blocks sender not allowlisted", () => {
|
|
const decision = evaluateSenderGroupAccess({
|
|
providerConfigPresent: true,
|
|
configuredGroupPolicy: "allowlist",
|
|
defaultGroupPolicy: "open",
|
|
groupAllowFrom: ["123"],
|
|
senderId: "999",
|
|
isSenderAllowed: () => false,
|
|
});
|
|
|
|
expect(decision).toMatchObject({
|
|
allowed: false,
|
|
reason: "sender_not_allowlisted",
|
|
groupPolicy: "allowlist",
|
|
});
|
|
});
|
|
});
|