@@ -12,6 +12,7 @@ import (
|
||||
"time"
|
||||
"vctp/internal/auth"
|
||||
"vctp/internal/settings"
|
||||
"vctp/server/middleware"
|
||||
"vctp/server/models"
|
||||
)
|
||||
|
||||
@@ -187,6 +188,80 @@ func TestAuthLoginJWTFactoryFailure(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthMeSuccess(t *testing.T) {
|
||||
h := &Handler{
|
||||
Logger: newTestLogger(),
|
||||
Settings: testAuthEnabledSettings(),
|
||||
}
|
||||
protected := middleware.RequireAuth(newTestLogger(), h.Settings)(http.HandlerFunc(h.AuthMe))
|
||||
|
||||
tokenSvc, err := auth.NewJWTService(auth.JWTConfig{
|
||||
SigningKeyBase64: h.Settings.Values.Settings.AuthJWTSigningKey,
|
||||
Issuer: h.Settings.Values.Settings.AuthJWTIssuer,
|
||||
Audience: h.Settings.Values.Settings.AuthJWTAudience,
|
||||
TokenLifespan: time.Duration(h.Settings.Values.Settings.AuthTokenLifespanMinutes) * time.Minute,
|
||||
ClockSkew: time.Duration(h.Settings.Values.Settings.AuthClockSkewSeconds) * time.Second,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create jwt service: %v", err)
|
||||
}
|
||||
token, claims, err := tokenSvc.IssueToken("alice", []string{"viewer"}, []string{"cn=vctp-viewers,ou=groups,dc=example,dc=com"})
|
||||
if err != nil {
|
||||
t.Fatalf("failed to issue token: %v", err)
|
||||
}
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/api/auth/me", nil)
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
rr := httptest.NewRecorder()
|
||||
protected.ServeHTTP(rr, req)
|
||||
|
||||
if rr.Code != http.StatusOK {
|
||||
t.Fatalf("expected status %d, got %d: %s", http.StatusOK, rr.Code, rr.Body.String())
|
||||
}
|
||||
var payload models.AuthMeResponse
|
||||
if err := json.Unmarshal(rr.Body.Bytes(), &payload); err != nil {
|
||||
t.Fatalf("failed to decode response: %v", err)
|
||||
}
|
||||
if payload.Status != "OK" {
|
||||
t.Fatalf("unexpected status: %q", payload.Status)
|
||||
}
|
||||
if payload.Subject != claims.Subject {
|
||||
t.Fatalf("unexpected subject: %q", payload.Subject)
|
||||
}
|
||||
if payload.Issuer != claims.Issuer || payload.Audience != claims.Audience {
|
||||
t.Fatalf("unexpected issuer/audience: %q/%q", payload.Issuer, payload.Audience)
|
||||
}
|
||||
if payload.TokenID != claims.ID {
|
||||
t.Fatalf("unexpected token id: %q", payload.TokenID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthMeMissingAuthContext(t *testing.T) {
|
||||
h := &Handler{
|
||||
Logger: newTestLogger(),
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodGet, "/api/auth/me", nil)
|
||||
rr := httptest.NewRecorder()
|
||||
h.AuthMe(rr, req)
|
||||
|
||||
if rr.Code != http.StatusUnauthorized {
|
||||
t.Fatalf("expected status %d, got %d", http.StatusUnauthorized, rr.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAuthMeMethodNotAllowed(t *testing.T) {
|
||||
h := &Handler{
|
||||
Logger: newTestLogger(),
|
||||
}
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/auth/me", nil)
|
||||
rr := httptest.NewRecorder()
|
||||
h.AuthMe(rr, req)
|
||||
|
||||
if rr.Code != http.StatusMethodNotAllowed {
|
||||
t.Fatalf("expected status %d, got %d", http.StatusMethodNotAllowed, rr.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func testAuthEnabledSettings() *settings.Settings {
|
||||
cfg := &settings.Settings{Values: &settings.SettingsYML{}}
|
||||
cfg.Values.Settings.AuthEnabled = true
|
||||
|
||||
Reference in New Issue
Block a user