159 lines
4.6 KiB
Go
159 lines
4.6 KiB
Go
package accounts
|
||
|
||
import (
|
||
"testing"
|
||
"time"
|
||
)
|
||
|
||
// ─── normalizeRole ──────────────────────────────────────────────────────────
|
||
|
||
func TestNormalizeRole_Admin(t *testing.T) {
|
||
if got := normalizeRole("admin"); got != RoleAdmin {
|
||
t.Fatalf("expected %q, got %q", RoleAdmin, got)
|
||
}
|
||
}
|
||
|
||
func TestNormalizeRole_User(t *testing.T) {
|
||
if got := normalizeRole("user"); got != RoleUser {
|
||
t.Fatalf("expected %q, got %q", RoleUser, got)
|
||
}
|
||
}
|
||
|
||
func TestNormalizeRole_Unknown(t *testing.T) {
|
||
for _, input := range []string{"", "superuser", "moderator", "ADMIN"} {
|
||
if got := normalizeRole(input); got != RoleUser {
|
||
t.Fatalf("input %q: expected %q fallback, got %q", input, RoleUser, got)
|
||
}
|
||
}
|
||
}
|
||
|
||
// ─── roleFromUser ───────────────────────────────────────────────────────────
|
||
|
||
func TestRoleFromUser_Admin(t *testing.T) {
|
||
u := User{IsAdmin: true}
|
||
if got := roleFromUser(u); got != RoleAdmin {
|
||
t.Fatalf("expected admin role, got %q", got)
|
||
}
|
||
}
|
||
|
||
func TestRoleFromUser_RegularUser(t *testing.T) {
|
||
u := User{IsAdmin: false}
|
||
if got := roleFromUser(u); got != RoleUser {
|
||
t.Fatalf("expected user role, got %q", got)
|
||
}
|
||
}
|
||
|
||
// ─── GenerateTokens / ParseAccessToken / ParseRefreshToken ──────────────────
|
||
|
||
func TestGenerateAndParse_RoundTrip(t *testing.T) {
|
||
t.Setenv("JWT_SECRET", "test-access-secret-xyz")
|
||
t.Setenv("JWT_REFRESH_SECRET", "test-refresh-secret-xyz")
|
||
|
||
access, refresh, err := GenerateTokens(99, RoleUser)
|
||
if err != nil {
|
||
t.Fatalf("GenerateTokens error: %v", err)
|
||
}
|
||
|
||
uid, err := ParseAccessToken(access)
|
||
if err != nil {
|
||
t.Fatalf("ParseAccessToken error: %v", err)
|
||
}
|
||
if uid != 99 {
|
||
t.Fatalf("expected user_id 99, got %d", uid)
|
||
}
|
||
|
||
ruid, err := ParseRefreshToken(refresh)
|
||
if err != nil {
|
||
t.Fatalf("ParseRefreshToken error: %v", err)
|
||
}
|
||
if ruid != 99 {
|
||
t.Fatalf("expected refresh user_id 99, got %d", ruid)
|
||
}
|
||
}
|
||
|
||
func TestGenerateTokens_MissingSecretsError(t *testing.T) {
|
||
t.Setenv("JWT_SECRET", "")
|
||
t.Setenv("JWT_REFRESH_SECRET", "")
|
||
|
||
if _, _, err := GenerateTokens(1, RoleUser); err == nil {
|
||
t.Fatal("expected error when JWT secrets are missing")
|
||
}
|
||
}
|
||
|
||
func TestParseAccessToken_TamperedTokenFails(t *testing.T) {
|
||
t.Setenv("JWT_SECRET", "my-secret")
|
||
t.Setenv("JWT_REFRESH_SECRET", "my-refresh")
|
||
|
||
_, err := ParseAccessToken("this.is.notavalidtoken")
|
||
if err == nil {
|
||
t.Fatal("expected error for tampered token")
|
||
}
|
||
}
|
||
|
||
func TestParseRefreshToken_WrongSecretFails(t *testing.T) {
|
||
t.Setenv("JWT_SECRET", "secret-a")
|
||
t.Setenv("JWT_REFRESH_SECRET", "secret-b")
|
||
|
||
access, _, err := GenerateTokens(1, RoleUser)
|
||
if err != nil {
|
||
t.Fatalf("GenerateTokens error: %v", err)
|
||
}
|
||
|
||
// Access token'ı refresh secret ile parse etmeye çalışmak başarısız olmalı
|
||
_, err = ParseRefreshToken(access)
|
||
if err == nil {
|
||
t.Fatal("expected error when parsing access token with refresh secret")
|
||
}
|
||
}
|
||
|
||
// ─── parseAccessClaims – role claim içeriği ──────────────────────────────────
|
||
|
||
func TestParseAccessClaims_ContainsRole(t *testing.T) {
|
||
t.Setenv("JWT_SECRET", "test-secret")
|
||
t.Setenv("JWT_REFRESH_SECRET", "test-refresh")
|
||
|
||
access, _, err := GenerateTokens(7, RoleAdmin)
|
||
if err != nil {
|
||
t.Fatalf("GenerateTokens error: %v", err)
|
||
}
|
||
|
||
claims, err := parseAccessClaims(access)
|
||
if err != nil {
|
||
t.Fatalf("parseAccessClaims error: %v", err)
|
||
}
|
||
|
||
if claims.Role != RoleAdmin {
|
||
t.Fatalf("expected role %q, got %q", RoleAdmin, claims.Role)
|
||
}
|
||
if claims.UserID != 7 {
|
||
t.Fatalf("expected user_id 7, got %d", claims.UserID)
|
||
}
|
||
}
|
||
|
||
// ─── User model – ApiToken süresi ───────────────────────────────────────────
|
||
|
||
func TestUser_ApiTokenExpiresAt_NilMeansNeverExpires(t *testing.T) {
|
||
u := User{ApiTokenExpiresAt: nil}
|
||
if u.ApiTokenExpiresAt != nil {
|
||
t.Fatal("nil ApiTokenExpiresAt must remain nil")
|
||
}
|
||
}
|
||
|
||
func TestUser_ApiTokenExpiresAt_CanBeSet(t *testing.T) {
|
||
exp := time.Now().Add(24 * time.Hour)
|
||
u := User{ApiTokenExpiresAt: &exp}
|
||
if u.ApiTokenExpiresAt == nil {
|
||
t.Fatal("ApiTokenExpiresAt should not be nil after assignment")
|
||
}
|
||
if !u.ApiTokenExpiresAt.Equal(exp) {
|
||
t.Fatalf("expected %v, got %v", exp, *u.ApiTokenExpiresAt)
|
||
}
|
||
}
|
||
|
||
func TestUser_IsAdminDefaultFalse(t *testing.T) {
|
||
u := User{}
|
||
if u.IsAdmin {
|
||
t.Fatal("zero-value User must not be admin")
|
||
}
|
||
}
|