From dea1836b07c14172eee2aaae74b942b80ec79f44 Mon Sep 17 00:00:00 2001
From: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Date: Tue, 29 Apr 2025 07:04:38 -0400
Subject: [PATCH] Add installation client provider tests

---
 .../InstallationClientProviderTests.cs        | 75 +++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 test/Identity.Test/IdentityServer/ClientProviders/InstallationClientProviderTests.cs

diff --git a/test/Identity.Test/IdentityServer/ClientProviders/InstallationClientProviderTests.cs b/test/Identity.Test/IdentityServer/ClientProviders/InstallationClientProviderTests.cs
new file mode 100644
index 0000000000..8128cfa557
--- /dev/null
+++ b/test/Identity.Test/IdentityServer/ClientProviders/InstallationClientProviderTests.cs
@@ -0,0 +1,75 @@
+using Bit.Core.IdentityServer;
+using Bit.Core.Platform.Installations;
+using Bit.Identity.IdentityServer.ClientProviders;
+using Duende.IdentityModel;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Identity.Test.IdentityServer.ClientProviders;
+
+public class InstallationClientProviderTests
+{
+
+    private readonly IInstallationRepository _installationRepository;
+    private readonly InstallationClientProvider _sut;
+
+    public InstallationClientProviderTests()
+    {
+        _installationRepository = Substitute.For<IInstallationRepository>();
+
+        _sut = new InstallationClientProvider(_installationRepository);
+    }
+
+    [Fact]
+    public async Task GetAsync_NonGuidIdentifier_ReturnsNull()
+    {
+        var installationClient = await _sut.GetAsync("non-guid");
+
+        Assert.Null(installationClient);
+    }
+
+    [Fact]
+    public async Task GetAsync_NonExistingInstallationGuid_ReturnsNull()
+    {
+        var installationClient = await _sut.GetAsync(Guid.NewGuid().ToString());
+
+        Assert.Null(installationClient);
+    }
+
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task GetAsync_ExistingClient_ReturnsClientRespectingEnabledStatus(bool enabled)
+    {
+        var installationId = Guid.NewGuid();
+
+        _installationRepository
+            .GetByIdAsync(installationId)
+            .Returns(new Installation
+            {
+                Id = installationId,
+                Key = "some-key",
+                Email = "some-email",
+                Enabled = enabled,
+            });
+
+        var installationClient = await _sut.GetAsync(installationId.ToString());
+
+        Assert.NotNull(installationClient);
+        Assert.Equal($"installation.{installationId}", installationClient.ClientId);
+        Assert.True(installationClient.RequireClientSecret);
+        // The usage of this secret is tested in integration tests
+        Assert.Single(installationClient.ClientSecrets);
+        Assert.Collection(
+            installationClient.AllowedScopes,
+            s => Assert.Equal(ApiScopes.ApiPush, s),
+            s => Assert.Equal(ApiScopes.ApiLicensing, s),
+            s => Assert.Equal(ApiScopes.ApiInstallation, s)
+        );
+        Assert.Equal(enabled, installationClient.Enabled);
+        Assert.Equal(TimeSpan.FromDays(1).TotalSeconds, installationClient.AccessTokenLifetime);
+        var claim = Assert.Single(installationClient.Claims);
+        Assert.Equal(JwtClaimTypes.Subject, claim.Type);
+        Assert.Equal(installationId.ToString(), claim.Value);
+    }
+}