MyGO/mygo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eaa31efd645673fb06ef1751f0c1a4eb0df8c864
mygo/internal/handler/auth_test.go

213 lines
5.7 KiB
Go
Raw Blame History

package handler
import (
"bytes"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/gin-gonic/gin"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"github.com/dhao2001/mygo/internal/model"
"github.com/dhao2001/mygo/internal/repository"
"github.com/dhao2001/mygo/internal/service"
)
func setupTestAuthService(t *testing.T) (*service.AuthService, []byte) {
t.Helper()
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
if err != nil {
t.Fatalf("open db: %v", err)
}
if err := db.AutoMigrate(&model.User{}, &model.Session{}, &model.Credential{}); err != nil {
t.Fatalf("migrate: %v", err)
}
secret := []byte("test-secret")
authService := service.NewAuthService(
repository.NewUserRepository(db),
repository.NewSessionRepository(db),
repository.NewCredentialRepository(db),
secret,
15*time.Minute,
7*24*time.Hour,
)
return authService, secret
}
func setupAuthHandler(t *testing.T) (*AuthHandler, []byte) {
t.Helper()
svc, secret := setupTestAuthService(t)
return NewAuthHandler(svc), secret
}
func setupAuthRouter(t *testing.T) (*gin.Engine, []byte) {
t.Helper()
handler, secret := setupAuthHandler(t)
gin.SetMode(gin.TestMode)
r := gin.New()
auth := r.Group("/api/v1/auth")
{
auth.POST("/register", handler.Register)
auth.POST("/login", handler.Login)
auth.POST("/refresh", handler.Refresh)
auth.POST("/logout", handler.Logout)
}
return r, secret
}
func TestRegisterHandler(t *testing.T) {
r, _ := setupAuthRouter(t)
body, _ := json.Marshal(gin.H{
"username": "alice",
"email": "alice@example.com",
"password": "password123",
})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusCreated {
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusCreated, rec.Body.String())
}
}
func TestRegisterHandlerDuplicate(t *testing.T) {
r, _ := setupAuthRouter(t)
body, _ := json.Marshal(gin.H{
"username": "alice",
"email": "alice@example.com",
"password": "password123",
})
for i := range 2 {
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
if i == 0 && rec.Code != http.StatusCreated {
t.Fatalf("first register: status = %d", rec.Code)
}
if i == 1 && rec.Code != http.StatusConflict {
t.Errorf("second register: status = %d, want %d", rec.Code, http.StatusConflict)
}
}
}
func TestLoginHandler(t *testing.T) {
r, _ := setupAuthRouter(t)
// Register first
body, _ := json.Marshal(gin.H{
"username": "alice",
"email": "alice@example.com",
"password": "password123",
})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusCreated {
t.Fatalf("register failed: %d", rec.Code)
}
// Login
loginBody, _ := json.Marshal(gin.H{
"email": "alice@example.com",
"password": "password123",
})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
}
var pair service.TokenPair
if err := json.Unmarshal(rec.Body.Bytes(), &pair); err != nil {
t.Fatalf("unmarshal response: %v", err)
}
if pair.AccessToken == "" || pair.RefreshToken == "" {
t.Fatal("tokens should not be empty")
}
}
func TestLoginHandlerWrongPassword(t *testing.T) {
r, _ := setupAuthRouter(t)
body, _ := json.Marshal(gin.H{
"username": "alice",
"email": "alice@example.com",
"password": "password123",
})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
loginBody, _ := json.Marshal(gin.H{
"email": "alice@example.com",
"password": "wrongpassword",
})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusUnauthorized {
t.Errorf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
}
}
func TestRefreshHandler(t *testing.T) {
r, _ := setupAuthRouter(t)
// Register + Login
body, _ := json.Marshal(gin.H{
"username": "alice",
"email": "alice@example.com",
"password": "password123",
})
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
r.ServeHTTP(rec, req)
loginBody, _ := json.Marshal(gin.H{"email": "alice@example.com", "password": "password123"})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/login", bytes.NewReader(loginBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
var pair service.TokenPair
json.Unmarshal(rec.Body.Bytes(), &pair)
// Refresh
refreshBody, _ := json.Marshal(gin.H{"refresh_token": pair.RefreshToken})
req = httptest.NewRequest(http.MethodPost, "/api/v1/auth/refresh", bytes.NewReader(refreshBody))
req.Header.Set("Content-Type", "application/json")
rec = httptest.NewRecorder()
r.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("status = %d, want %d; body = %s", rec.Code, http.StatusOK, rec.Body.String())
}
}
Reference in New Issue View Git Blame Copy Permalink