mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8f77050a844d327d344d41b557a871ee4c740006
metacrypt/internal/auth/auth_test.go
Kyle Isom 4ddd32b117 Implement Phase 1: core framework, operational tooling, and runbook 
Core packages: crypto (Argon2id/AES-256-GCM), config (TOML/viper),
db (SQLite/migrations), barrier (encrypted storage), seal (state machine
with rate-limited unseal), auth (MCIAS integration with token cache),
policy (priority-based ACL engine), engine (interface + registry).

Server: HTTPS with TLS 1.2+, REST API, auth/admin middleware, htmx web UI
(init, unseal, login, dashboard pages).

CLI: cobra/viper subcommands (server, init, status, snapshot) with env
var override support (METACRYPT_ prefix).

Operational tooling: Dockerfile (multi-stage, non-root), docker-compose,
hardened systemd units (service + daily backup timer), install script,
backup script with retention pruning, production config examples.

Runbook covering installation, configuration, daily operations,
backup/restore, monitoring, troubleshooting, and security procedures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 20:43:11 -07:00

53 lines
1.1 KiB
Go
Raw Blame History

package auth
import (
"testing"
)
func TestTokenHash(t *testing.T) {
h1 := tokenHash("token-abc")
h2 := tokenHash("token-abc")
h3 := tokenHash("token-def")
if h1 != h2 {
t.Error("same input should produce same hash")
}
if h1 == h3 {
t.Error("different inputs should produce different hashes")
}
if len(h1) != 64 { // SHA-256 hex
t.Errorf("hash length: got %d, want 64", len(h1))
}
}
func TestHasAdminRole(t *testing.T) {
if !hasAdminRole([]string{"user", "admin"}) {
t.Error("should detect admin role")
}
if hasAdminRole([]string{"user", "operator"}) {
t.Error("should not detect admin role when absent")
}
if hasAdminRole(nil) {
t.Error("nil roles should not be admin")
}
}
func TestNewAuthenticator(t *testing.T) {
a := NewAuthenticator(nil)
if a == nil {
t.Fatal("NewAuthenticator returned nil")
}
if a.cache == nil {
t.Error("cache should be initialized")
}
}
func TestClearCache(t *testing.T) {
a := NewAuthenticator(nil)
a.cache["test"] = &cachedClaims{info: &TokenInfo{Username: "test"}}
a.ClearCache()
if len(a.cache) != 0 {
t.Error("cache should be empty after clear")
}
}
Reference in New Issue View Git Blame Copy Permalink