83 lines
2.0 KiB
Go
83 lines
2.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"ResendIt/internal/security"
|
|
"ResendIt/internal/user"
|
|
"testing"
|
|
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func TestServiceLogin_InvalidUserDoesNotEnumerate(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("open sqlite: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&user.User{}); err != nil {
|
|
t.Fatalf("migrate: %v", err)
|
|
}
|
|
|
|
svc := NewService(NewRepository(db))
|
|
|
|
_, err = svc.Login("does-not-exist", "whatever")
|
|
if err != ErrInvalidCredentials {
|
|
t.Fatalf("expected ErrInvalidCredentials for missing user, got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestServiceLogin_WrongPassword(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("open sqlite: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&user.User{}); err != nil {
|
|
t.Fatalf("migrate: %v", err)
|
|
}
|
|
|
|
hash, err := security.HashPassword("right")
|
|
if err != nil {
|
|
t.Fatalf("hash: %v", err)
|
|
}
|
|
|
|
u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
|
|
if err := db.Create(&u).Error; err != nil {
|
|
t.Fatalf("create user: %v", err)
|
|
}
|
|
|
|
svc := NewService(NewRepository(db))
|
|
_, err = svc.Login("alice", "wrong")
|
|
if err != ErrInvalidCredentials {
|
|
t.Fatalf("expected ErrInvalidCredentials for wrong password, got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestServiceLogin_SuccessReturnsJWT(t *testing.T) {
|
|
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
|
|
if err != nil {
|
|
t.Fatalf("open sqlite: %v", err)
|
|
}
|
|
if err := db.AutoMigrate(&user.User{}); err != nil {
|
|
t.Fatalf("migrate: %v", err)
|
|
}
|
|
|
|
hash, err := security.HashPassword("right")
|
|
if err != nil {
|
|
t.Fatalf("hash: %v", err)
|
|
}
|
|
|
|
u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
|
|
if err := db.Create(&u).Error; err != nil {
|
|
t.Fatalf("create user: %v", err)
|
|
}
|
|
|
|
svc := NewService(NewRepository(db))
|
|
token, err := svc.Login("alice", "right")
|
|
if err != nil {
|
|
t.Fatalf("expected success, got error: %v", err)
|
|
}
|
|
if token == "" {
|
|
t.Fatalf("expected non-empty jwt token")
|
|
}
|
|
}
|