From 591f293c8bcf464ed62701321d3f27de31ceb621 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 28 May 2025 12:14:11 -0600
Subject: refactor: parse headers injected by envoy

---
 app/middleware/user_parser_test.go | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 app/middleware/user_parser_test.go

(limited to 'app/middleware/user_parser_test.go')

diff --git a/app/middleware/user_parser_test.go b/app/middleware/user_parser_test.go
new file mode 100644
index 0000000..2127a10
--- /dev/null
+++ b/app/middleware/user_parser_test.go
@@ -0,0 +1,36 @@
+package middleware
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/xlgmokha/x/pkg/test"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
+)
+
+func TestUserParser(t *testing.T) {
+	parser := UserParser()
+
+	t.Run("when x-jwt-claim-* headers are not provided", func(t *testing.T) {
+		t.Run("forwards the request without a current user attached to the request", func(t *testing.T) {
+			assert.Nil(t, parser(test.Request("GET", "/")))
+		})
+	})
+
+	t.Run("when x-jwt-claim-* headers are provided", func(t *testing.T) {
+		r := test.Request("GET", "/",
+			test.WithRequestHeader("x-jwt-claim-sub", "1"),
+			test.WithRequestHeader("x-jwt-claim-username", "root"),
+			test.WithRequestHeader("x-jwt-claim-profile-url", "https://gitlab.com/tanuki"),
+			test.WithRequestHeader("x-jwt-claim-picture-url", "https://example.com/profile.png"),
+		)
+
+		result := parser(r)
+		require.NotNil(t, result)
+		assert.Equal(t, domain.ID("1"), result.ID)
+		assert.Equal(t, "root", result.Username)
+		assert.Equal(t, "https://gitlab.com/tanuki", result.ProfileURL)
+		assert.Equal(t, "https://example.com/profile.png", result.Picture)
+	})
+}
-- 
cgit v1.2.3