104 lines
2.6 KiB
Go
104 lines
2.6 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/user-management-system/internal/auth"
|
|
)
|
|
|
|
func init() {
|
|
gin.SetMode(gin.TestMode)
|
|
}
|
|
|
|
func TestSSOHandlerAuthorize_InvalidContextTypes_ReturnsUnauthorized(t *testing.T) {
|
|
h := &SSOHandler{clientsStore: auth.NewDefaultSSOClientsStore()}
|
|
store := h.clientsStore.(*auth.DefaultSSOClientsStore)
|
|
store.RegisterClient(&auth.SSOClient{
|
|
ClientID: "test-client",
|
|
ClientSecret: "test-secret",
|
|
RedirectURIs: []string{"https://example.com/callback"},
|
|
})
|
|
|
|
engine := gin.New()
|
|
engine.GET("/authorize", func(c *gin.Context) {
|
|
c.Set("user_id", "not-int64")
|
|
c.Set("username", 123)
|
|
h.Authorize(c)
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/authorize?client_id=test-client&redirect_uri=https://example.com/callback&response_type=code", nil)
|
|
w := httptest.NewRecorder()
|
|
engine.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected 401, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestSSOHandlerUserInfo_InvalidContextTypes_ReturnsUnauthorized(t *testing.T) {
|
|
h := &SSOHandler{}
|
|
engine := gin.New()
|
|
engine.GET("/userinfo", func(c *gin.Context) {
|
|
c.Set("user_id", "not-int64")
|
|
c.Set("username", 123)
|
|
h.UserInfo(c)
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/userinfo", nil)
|
|
w := httptest.NewRecorder()
|
|
engine.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected 401, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestWebhookHandlerCreateWebhook_InvalidContextType_ReturnsUnauthorized(t *testing.T) {
|
|
h := &WebhookHandler{}
|
|
engine := gin.New()
|
|
engine.POST("/webhooks", func(c *gin.Context) {
|
|
c.Set("user_id", "not-int64")
|
|
h.CreateWebhook(c)
|
|
})
|
|
|
|
body, err := json.Marshal(map[string]any{
|
|
"name": "test",
|
|
"url": "https://example.com/webhook",
|
|
"events": []string{"user.created"},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("marshal request: %v", err)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/webhooks", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
w := httptest.NewRecorder()
|
|
engine.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected 401, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestWebhookHandlerListWebhooks_InvalidContextType_ReturnsUnauthorized(t *testing.T) {
|
|
h := &WebhookHandler{}
|
|
engine := gin.New()
|
|
engine.GET("/webhooks", func(c *gin.Context) {
|
|
c.Set("user_id", "not-int64")
|
|
h.ListWebhooks(c)
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/webhooks?page=1&page_size=20", nil)
|
|
w := httptest.NewRecorder()
|
|
engine.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusUnauthorized {
|
|
t.Fatalf("expected 401, got %d", w.Code)
|
|
}
|
|
}
|