summaryrefslogtreecommitdiff
path: root/app/middleware/user_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/middleware/user_test.go')
-rw-r--r--app/middleware/user_test.go76
1 files changed, 76 insertions, 0 deletions
diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go
new file mode 100644
index 0000000..e6c74d8
--- /dev/null
+++ b/app/middleware/user_test.go
@@ -0,0 +1,76 @@
+package middleware
+
+import (
+ "net/http"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/key"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test"
+)
+
+func TestUser(t *testing.T) {
+ repository := db.NewRepository[*domain.User]()
+ middleware := User(repository)
+
+ knownUser := &domain.User{ID: domain.ID(pls.GenerateULID())}
+ require.NoError(t, repository.Save(knownUser))
+
+ t.Run("when ID Token is provided", func(t *testing.T) {
+ t.Run("when user is known", func(t *testing.T) {
+ server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ user := key.CurrentUser.From(r.Context())
+ require.NotNil(t, user)
+ assert.Equal(t, knownUser.ID, user.ID)
+
+ w.WriteHeader(http.StatusTeapot)
+ }))
+
+ ctx := key.IDToken.With(t.Context(), &oidc.IDToken{Subject: knownUser.ID.String()})
+
+ r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx))
+ server.ServeHTTP(w, r)
+
+ assert.Equal(t, http.StatusTeapot, w.Code)
+ })
+
+ t.Run("when user is unknown", func(t *testing.T) {
+ unknownID := pls.GenerateULID()
+
+ server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ user := key.CurrentUser.From(r.Context())
+ require.NotNil(t, user)
+ assert.Equal(t, domain.ID(unknownID), user.ID)
+
+ w.WriteHeader(http.StatusTeapot)
+ }))
+
+ ctx := key.IDToken.With(t.Context(), &oidc.IDToken{Subject: unknownID})
+
+ r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx))
+ server.ServeHTTP(w, r)
+
+ assert.Equal(t, http.StatusTeapot, w.Code)
+ require.NotNil(t, repository.Find(domain.ID(unknownID)))
+ })
+ })
+
+ t.Run("when ID Token is not provided", func(t *testing.T) {
+ server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ user := key.CurrentUser.From(r.Context())
+ require.Nil(t, user)
+
+ w.WriteHeader(http.StatusTeapot)
+ }))
+
+ r, w := test.RequestResponse("GET", "/example")
+ server.ServeHTTP(w, r)
+
+ assert.Equal(t, http.StatusTeapot, w.Code)
+ })
+}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 18:38:19 +0000