Kyle Isom
d5580f01f2
All import paths updated to git.wntrmute.dev/mc/. Bumps mcdsl to v1.2.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
117 lines
2.9 KiB
Go
117 lines
2.9 KiB
Go
package server
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"git.wntrmute.dev/mc/mcr/internal/auth"
|
|
)
|
|
|
|
func TestAdminHealthHandler(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
// Health endpoint does not require auth.
|
|
rr := adminReq(t, router, "GET", "/v1/health", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var resp map[string]string
|
|
if err := json.NewDecoder(rr.Body).Decode(&resp); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if resp["status"] != "ok" {
|
|
t.Fatalf("status field: got %q, want %q", resp["status"], "ok")
|
|
}
|
|
}
|
|
|
|
func TestAdminLoginSuccess(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
body := `{"username":"admin","password":"secret"}`
|
|
rr := adminReq(t, router, "POST", "/v1/auth/login", body)
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200; body: %s", rr.Code, rr.Body.String())
|
|
}
|
|
|
|
var resp adminLoginResponse
|
|
if err := json.NewDecoder(rr.Body).Decode(&resp); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if resp.Token != "test-token" {
|
|
t.Fatalf("token: got %q, want %q", resp.Token, "test-token")
|
|
}
|
|
if resp.ExpiresAt == "" {
|
|
t.Fatal("expires_at: expected non-empty")
|
|
}
|
|
}
|
|
|
|
func TestAdminLoginInvalidCreds(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
|
|
validator := &fakeValidator{
|
|
claims: &auth.Claims{Subject: "admin-uuid", AccountType: "human", Roles: []string{"admin"}},
|
|
}
|
|
login := &fakeLoginClient{err: auth.ErrUnauthorized}
|
|
reloader := &fakePolicyReloader{}
|
|
gcState := &GCState{}
|
|
|
|
r := chi.NewRouter()
|
|
MountAdminRoutes(r, validator, "mcr-test", AdminDeps{
|
|
DB: database,
|
|
Login: login,
|
|
Engine: reloader,
|
|
AuditFn: nil,
|
|
GCState: gcState,
|
|
})
|
|
|
|
body := `{"username":"admin","password":"wrong"}`
|
|
rr := adminReq(t, r, "POST", "/v1/auth/login", body)
|
|
if rr.Code != 401 {
|
|
t.Fatalf("status: got %d, want 401", rr.Code)
|
|
}
|
|
|
|
var errResp adminErrorResponse
|
|
if err := json.NewDecoder(rr.Body).Decode(&errResp); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if errResp.Error != "authentication failed" {
|
|
t.Fatalf("error: got %q, want %q", errResp.Error, "authentication failed")
|
|
}
|
|
}
|
|
|
|
func TestAdminLoginMissingFields(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
body := `{"username":"admin"}`
|
|
rr := adminReq(t, router, "POST", "/v1/auth/login", body)
|
|
if rr.Code != 400 {
|
|
t.Fatalf("status: got %d, want 400", rr.Code)
|
|
}
|
|
}
|
|
|
|
func TestAdminLoginBadJSON(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
rr := adminReq(t, router, "POST", "/v1/auth/login", "not json")
|
|
if rr.Code != 400 {
|
|
t.Fatalf("status: got %d, want 400", rr.Code)
|
|
}
|
|
}
|
|
|
|
func TestAdminLogout(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
rr := adminReq(t, router, "POST", "/v1/auth/logout", "")
|
|
if rr.Code != 204 {
|
|
t.Fatalf("status: got %d, want 204", rr.Code)
|
|
}
|
|
}
|