admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d6efecb41934028f2602ec9b6d99f8d6b52edf6
Authorization/handlers/authorize_test.go
T
admin 7d6efecb41 added unit testing
2025-12-16 10:57:26 +08:00

159 lines
3.9 KiB
Go
Raw Blame History

package handlers
import (
"authorization/models"
"bytes"
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
)
func TestInitAuthService(t *testing.T) {
// Skip this test if database is not available
// In unit tests without DB, this would panic
t.Skip("Skipping test - requires database connection")
}
func TestAuthorizeHandler_NoJWTClaims(t *testing.T) {
// Setup
req := httptest.NewRequest("POST", "/v1/auth/check", nil)
w := httptest.NewRecorder()
// Execute
AuthorizeHandler(w, req)
// Assert
if w.Code != http.StatusUnauthorized {
t.Errorf("Expected status %d, got %d", http.StatusUnauthorized, w.Code)
}
}
func TestAuthorizeHandler_InvalidJSON(t *testing.T) {
// Setup - no need to init service, we're testing JSON parsing before auth
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
Role: "admin",
}
req := httptest.NewRequest("POST", "/v1/auth/check", bytes.NewBufferString("invalid json"))
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), claims)
req = req.WithContext(ctx)
w := httptest.NewRecorder()
// Execute
AuthorizeHandler(w, req)
// Assert
if w.Code != http.StatusBadRequest {
t.Errorf("Expected status %d, got %d", http.StatusBadRequest, w.Code)
}
}
func TestAuthorizeHandler_MissingRequiredFields(t *testing.T) {
testCases := []struct {
name string
payload models.AuthorizationContext
}{
{
name: "Missing UserID",
payload: models.AuthorizationContext{Resource: "document", Action: "read"},
},
{
name: "Missing Resource",
payload: models.AuthorizationContext{UserID: "user123", Action: "read"},
},
{
name: "Missing Action",
payload: models.AuthorizationContext{UserID: "user123", Resource: "document"},
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
Role: "admin",
}
body, _ := json.Marshal(tc.payload)
req := httptest.NewRequest("POST", "/v1/auth/check", bytes.NewBuffer(body))
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), claims)
req = req.WithContext(ctx)
w := httptest.NewRecorder()
AuthorizeHandler(w, req)
if w.Code != http.StatusBadRequest {
t.Errorf("Expected status %d, got %d", http.StatusBadRequest, w.Code)
}
})
}
}
func TestAuthorizeHandler_UserIDMismatch(t *testing.T) {
// Setup
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
Role: "admin",
}
payload := models.AuthorizationContext{
UserID: "differentUser",
Resource: "document",
Action: "read",
}
body, _ := json.Marshal(payload)
req := httptest.NewRequest("POST", "/v1/auth/check", bytes.NewBuffer(body))
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), claims)
req = req.WithContext(ctx)
w := httptest.NewRecorder()
// Execute
AuthorizeHandler(w, req)
// Assert
if w.Code != http.StatusForbidden {
t.Errorf("Expected status %d, got %d", http.StatusForbidden, w.Code)
}
}
func TestAuthorizeHandler_NilMaps(t *testing.T) {
// Skip this test if database is not available
if authService == nil {
t.Skip("Skipping test - requires database connection")
}
// Setup - test that nil maps are initialized and don't cause panics
claims := &models.Claims{
UserID: "user123",
Username: "testuser",
Role: "admin",
}
payload := models.AuthorizationContext{
UserID: "user123",
Resource: "document",
Action: "read",
ResourceData: nil, // nil map
Environment: nil, // nil map
}
body, _ := json.Marshal(payload)
req := httptest.NewRequest("POST", "/v1/auth/check", bytes.NewBuffer(body))
ctx := context.WithValue(req.Context(), models.ContextKey("claims"), claims)
req = req.WithContext(ctx)
w := httptest.NewRecorder()
// Execute - should not panic
AuthorizeHandler(w, req)
// The handler should complete without panic
// Status code will depend on whether permission exists in DB
}
Reference in New Issue View Git Blame Copy Permalink