first commit
This commit is contained in:
54
accounts/jwt_test.go
Normal file
54
accounts/jwt_test.go
Normal file
@@ -0,0 +1,54 @@
|
||||
package accounts
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestGenerateTokensIncludesRoleClaim(t *testing.T) {
|
||||
t.Setenv("JWT_SECRET", "test-access-secret")
|
||||
t.Setenv("JWT_REFRESH_SECRET", "test-refresh-secret")
|
||||
|
||||
accessToken, refreshToken, err := GenerateTokens(42, RoleAdmin)
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateTokens returned error: %v", err)
|
||||
}
|
||||
|
||||
accessClaims, err := parseAccessClaims(accessToken)
|
||||
if err != nil {
|
||||
t.Fatalf("parseAccessClaims returned error: %v", err)
|
||||
}
|
||||
|
||||
if accessClaims.UserID != 42 {
|
||||
t.Fatalf("expected access user id 42, got %d", accessClaims.UserID)
|
||||
}
|
||||
|
||||
if accessClaims.Role != RoleAdmin {
|
||||
t.Fatalf("expected access role %q, got %q", RoleAdmin, accessClaims.Role)
|
||||
}
|
||||
|
||||
refreshUserID, err := ParseRefreshToken(refreshToken)
|
||||
if err != nil {
|
||||
t.Fatalf("ParseRefreshToken returned error: %v", err)
|
||||
}
|
||||
|
||||
if refreshUserID != 42 {
|
||||
t.Fatalf("expected refresh user id 42, got %d", refreshUserID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGenerateTokensNormalizesUnknownRoleToUser(t *testing.T) {
|
||||
t.Setenv("JWT_SECRET", "test-access-secret")
|
||||
t.Setenv("JWT_REFRESH_SECRET", "test-refresh-secret")
|
||||
|
||||
accessToken, _, err := GenerateTokens(7, "superuser")
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateTokens returned error: %v", err)
|
||||
}
|
||||
|
||||
accessClaims, err := parseAccessClaims(accessToken)
|
||||
if err != nil {
|
||||
t.Fatalf("parseAccessClaims returned error: %v", err)
|
||||
}
|
||||
|
||||
if accessClaims.Role != RoleUser {
|
||||
t.Fatalf("expected normalized role %q, got %q", RoleUser, accessClaims.Role)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user