akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: enhance auth middleware tests; add cases for rejecting disabled and deleted user tokens

Browse Source
This commit is contained in:
GitHub Actions
2026-02-13 08:43:28 +00:00
parent 4d191e364a
commit 7517ad4f31
1 changed files with 58 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
backend/internal/api/middleware/auth_test.go
View File

@@ -16,12 +16,17 @@ import (
)
func setupAuthService(t *testing.T) *services.AuthService {
authService, _ := setupAuthServiceWithDB(t)
return authService
}
func setupAuthServiceWithDB(t *testing.T) (*services.AuthService, *gorm.DB) {
dbName := "file:" + t.Name() + "?mode=memory&cache=shared"
db, err := gorm.Open(sqlite.Open(dbName), &gorm.Config{})
require.NoError(t, err)
_ = db.AutoMigrate(&models.User{})
cfg := config.Config{JWTSecret: "test-secret"}
return services.NewAuthService(db, cfg)
return services.NewAuthService(db, cfg), db
}
func TestAuthMiddleware_MissingHeader(t *testing.T) {
@@ -266,3 +271,55 @@ func TestAuthMiddleware_PrefersCookieOverQueryParam(t *testing.T) {
assert.Equal(t, http.StatusOK, w.Code)
}
func TestAuthMiddleware_RejectsDisabledUserToken(t *testing.T) {
authService, db := setupAuthServiceWithDB(t)
user, err := authService.Register("disabled@example.com", "password", "Disabled User")
require.NoError(t, err)
token, err := authService.GenerateToken(user)
require.NoError(t, err)
require.NoError(t, db.Model(&models.User{}).Where("id = ?", user.ID).Update("enabled", false).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(AuthMiddleware(authService))
r.GET("/test", func(c *gin.Context) {
c.Status(http.StatusOK)
})
req, err := http.NewRequest("GET", "/test", http.NoBody)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+token)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
assert.Equal(t, http.StatusUnauthorized, w.Code)
}
func TestAuthMiddleware_RejectsDeletedUserToken(t *testing.T) {
authService, db := setupAuthServiceWithDB(t)
user, err := authService.Register("deleted@example.com", "password", "Deleted User")
require.NoError(t, err)
token, err := authService.GenerateToken(user)
require.NoError(t, err)
require.NoError(t, db.Delete(&models.User{}, user.ID).Error)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(AuthMiddleware(authService))
r.GET("/test", func(c *gin.Context) {
c.Status(http.StatusOK)
})
req, err := http.NewRequest("GET", "/test", http.NoBody)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+token)
w := httptest.NewRecorder()
r.ServeHTTP(w, req)
assert.Equal(t, http.StatusUnauthorized, w.Code)
}