diff options
| author | mo khan <mo@mokhan.ca> | 2025-04-25 11:08:58 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-04-25 11:08:58 -0600 |
| commit | 2b1e14690ea6426a67c0faaaddcfb8aa7360dce7 (patch) | |
| tree | 7f764225e3e3a26bbd7532e72ab99a54e465be92 /app/middleware/user_test.go | |
| parent | 0053db0d265af313dd281db5cf1e73236cde30c6 (diff) | |
refactor: move db and mountable to app
Diffstat (limited to 'app/middleware/user_test.go')
| -rw-r--r-- | app/middleware/user_test.go | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go new file mode 100644 index 0000000..e6c74d8 --- /dev/null +++ b/app/middleware/user_test.go @@ -0,0 +1,76 @@ +package middleware + +import ( + "net/http" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/key" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" +) + +func TestUser(t *testing.T) { + repository := db.NewRepository[*domain.User]() + middleware := User(repository) + + knownUser := &domain.User{ID: domain.ID(pls.GenerateULID())} + require.NoError(t, repository.Save(knownUser)) + + t.Run("when ID Token is provided", func(t *testing.T) { + t.Run("when user is known", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := key.CurrentUser.From(r.Context()) + require.NotNil(t, user) + assert.Equal(t, knownUser.ID, user.ID) + + w.WriteHeader(http.StatusTeapot) + })) + + ctx := key.IDToken.With(t.Context(), &oidc.IDToken{Subject: knownUser.ID.String()}) + + r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx)) + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) + + t.Run("when user is unknown", func(t *testing.T) { + unknownID := pls.GenerateULID() + + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := key.CurrentUser.From(r.Context()) + require.NotNil(t, user) + assert.Equal(t, domain.ID(unknownID), user.ID) + + w.WriteHeader(http.StatusTeapot) + })) + + ctx := key.IDToken.With(t.Context(), &oidc.IDToken{Subject: unknownID}) + + r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx)) + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + require.NotNil(t, repository.Find(domain.ID(unknownID))) + }) + }) + + t.Run("when ID Token is not provided", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := key.CurrentUser.From(r.Context()) + require.Nil(t, user) + + w.WriteHeader(http.StatusTeapot) + })) + + r, w := test.RequestResponse("GET", "/example") + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) +} |