package jwt import ( "testing" ) func TestGenerateAndValidateAccessToken(t *testing.T) { t.Setenv("JWT_SECRET", "test-secret-1234567890") token, err := GenerateAccessToken(42, "user@example.com", "tester") if err != nil { t.Fatalf("GenerateAccessToken returned error: %v", err) } claims, err := ValidateToken(token, "test-secret-1234567890") if err != nil { t.Fatalf("ValidateToken returned error: %v", err) } if claims.UserID != 42 { t.Fatalf("expected user_id=42, got %d", claims.UserID) } if claims.Email != "user@example.com" { t.Fatalf("expected email=user@example.com, got %s", claims.Email) } if claims.UserName != "tester" { t.Fatalf("expected username=tester, got %s", claims.UserName) } } func TestValidateTokenWrongSecretFails(t *testing.T) { t.Setenv("JWT_SECRET", "test-secret-1234567890") token, err := GenerateAccessToken(1, "user@example.com", "tester") if err != nil { t.Fatalf("GenerateAccessToken returned error: %v", err) } if _, err := ValidateToken(token, "wrong-secret"); err == nil { t.Fatal("expected ValidateToken to fail with wrong secret") } }