akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
eec8c28fb3c2e8c0bc387bb3139184b8d67f1b21
Charon/backend/internal/api/middleware/optional_auth_test.go
akanealw eec8c28fb3
Some checks failed
Go Benchmark / Performance Regression Check (push) Has been cancelled
Details
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Details
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Details
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
Details
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
Details
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
Details
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Details
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Details
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Details
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Details
Quality Checks / Backend (Go) (push) Has been cancelled
Details
Quality Checks / Frontend (React) (push) Has been cancelled
Details
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Details
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Details
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
Details
WAF integration / Coraza WAF Integration (push) Has been cancelled
Details
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Details
Repo Health Check / Repo health (push) Has been cancelled
Details
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Details
Prune Renovate Branches / prune (push) Has been cancelled
Details
Renovate / renovate (push) Has been cancelled
Details
changed perms
2026-04-22 18:19:14 +00:00

168 lines
4.0 KiB
Go
Executable File
Raw Blame History

package middleware
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/Wikid82/charon/backend/internal/models"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestOptionalAuth_NilServicePassThrough(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(OptionalAuth(nil))
r.GET("/", func(c *gin.Context) {
_, hasUserID := c.Get("userID")
_, hasRole := c.Get("role")
assert.False(t, hasUserID)
assert.False(t, hasRole)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
func TestOptionalAuth_EmergencyBypassPassThrough(t *testing.T) {
t.Parallel()
authService := setupAuthService(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("emergency_bypass", true)
c.Next()
})
r.Use(OptionalAuth(authService))
r.GET("/", func(c *gin.Context) {
_, hasUserID := c.Get("userID")
_, hasRole := c.Get("role")
assert.False(t, hasUserID)
assert.False(t, hasRole)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
func TestOptionalAuth_RoleAlreadyInContextSkipsAuth(t *testing.T) {
t.Parallel()
authService := setupAuthService(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(func(c *gin.Context) {
c.Set("role", "admin")
c.Set("userID", uint(42))
c.Next()
})
r.Use(OptionalAuth(authService))
r.GET("/", func(c *gin.Context) {
role, _ := c.Get("role")
userID, _ := c.Get("userID")
assert.Equal(t, "admin", role)
assert.Equal(t, uint(42), userID)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
func TestOptionalAuth_NoTokenPassThrough(t *testing.T) {
t.Parallel()
authService := setupAuthService(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(OptionalAuth(authService))
r.GET("/", func(c *gin.Context) {
_, hasUserID := c.Get("userID")
_, hasRole := c.Get("role")
assert.False(t, hasUserID)
assert.False(t, hasRole)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
func TestOptionalAuth_InvalidTokenPassThrough(t *testing.T) {
t.Parallel()
authService := setupAuthService(t)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(OptionalAuth(authService))
r.GET("/", func(c *gin.Context) {
_, hasUserID := c.Get("userID")
_, hasRole := c.Get("role")
assert.False(t, hasUserID)
assert.False(t, hasRole)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
req.Header.Set("Authorization", "Bearer invalid-token")
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
func TestOptionalAuth_ValidTokenSetsContext(t *testing.T) {
t.Parallel()
authService, db := setupAuthServiceWithDB(t)
user := &models.User{Email: "optional-auth@example.com", Name: "Optional Auth", Role: models.RoleAdmin, Enabled: true}
require.NoError(t, user.SetPassword("password123"))
require.NoError(t, db.Create(user).Error)
token, err := authService.GenerateToken(user)
require.NoError(t, err)
gin.SetMode(gin.TestMode)
r := gin.New()
r.Use(OptionalAuth(authService))
r.GET("/", func(c *gin.Context) {
role, roleExists := c.Get("role")
userID, userExists := c.Get("userID")
require.True(t, roleExists)
require.True(t, userExists)
assert.Equal(t, "admin", role)
assert.Equal(t, user.ID, userID)
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
req.Header.Set("Authorization", "Bearer "+token)
res := httptest.NewRecorder()
r.ServeHTTP(res, req)
assert.Equal(t, http.StatusOK, res.Code)
}
Reference in New Issue View Git Blame Copy Permalink