54 lines
1.1 KiB
Go
54 lines
1.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"log/slog"
|
|
"testing"
|
|
)
|
|
|
|
func TestTokenHash(t *testing.T) {
|
|
h1 := tokenHash("token-abc")
|
|
h2 := tokenHash("token-abc")
|
|
h3 := tokenHash("token-def")
|
|
|
|
if h1 != h2 {
|
|
t.Error("same input should produce same hash")
|
|
}
|
|
if h1 == h3 {
|
|
t.Error("different inputs should produce different hashes")
|
|
}
|
|
if len(h1) != 64 { // SHA-256 hex
|
|
t.Errorf("hash length: got %d, want 64", len(h1))
|
|
}
|
|
}
|
|
|
|
func TestHasAdminRole(t *testing.T) {
|
|
if !hasAdminRole([]string{"user", "admin"}) {
|
|
t.Error("should detect admin role")
|
|
}
|
|
if hasAdminRole([]string{"user", "operator"}) {
|
|
t.Error("should not detect admin role when absent")
|
|
}
|
|
if hasAdminRole(nil) {
|
|
t.Error("nil roles should not be admin")
|
|
}
|
|
}
|
|
|
|
func TestNewAuthenticator(t *testing.T) {
|
|
a := NewAuthenticator(nil, slog.Default())
|
|
if a == nil {
|
|
t.Fatal("NewAuthenticator returned nil")
|
|
}
|
|
if a.cache == nil {
|
|
t.Error("cache should be initialized")
|
|
}
|
|
}
|
|
|
|
func TestClearCache(t *testing.T) {
|
|
a := NewAuthenticator(nil, slog.Default())
|
|
a.cache["test"] = &cachedClaims{info: &TokenInfo{Username: "test"}}
|
|
a.ClearCache()
|
|
if len(a.cache) != 0 {
|
|
t.Error("cache should be empty after clear")
|
|
}
|
|
}
|