startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d648a55c0c1ac6d3b7ca43c5aa2717cf0d273084
skybridge/test/auth_test.go
Ryan Copley d648a55c0c -
2025-08-22 17:32:57 -04:00

158 lines
4.6 KiB
Go
Raw Blame History

package test
import (
"context"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/zap"
"github.com/kms/api-key-service/internal/auth"
"github.com/kms/api-key-service/internal/domain"
"github.com/kms/api-key-service/internal/services"
)
func TestAuthenticationService_ValidateJWTToken(t *testing.T) {
config := NewMockConfig()
logger := zap.NewNop()
authService := services.NewAuthenticationService(config, logger)
userToken := &domain.UserToken{
AppID: "test-app",
UserID: "test-user",
Permissions: []string{"read", "write"},
IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(time.Hour),
MaxValidAt: time.Now().Add(24 * time.Hour),
TokenType: domain.TokenTypeUser,
Claims: map[string]string{
"email": "test@example.com",
},
}
// Generate token
tokenString, err := authService.GenerateJWTToken(context.Background(), userToken)
require.NoError(t, err)
// Validate token
authContext, err := authService.ValidateJWTToken(context.Background(), tokenString)
require.NoError(t, err)
assert.Equal(t, userToken.UserID, authContext.UserID)
assert.Equal(t, userToken.AppID, authContext.AppID)
assert.Equal(t, userToken.Permissions, authContext.Permissions)
assert.Equal(t, userToken.TokenType, authContext.TokenType)
assert.Equal(t, userToken.Claims, authContext.Claims)
}
func TestAuthenticationService_GenerateJWTToken(t *testing.T) {
config := NewMockConfig()
logger := zap.NewNop()
authService := services.NewAuthenticationService(config, logger)
userToken := &domain.UserToken{
AppID: "test-app",
UserID: "test-user",
Permissions: []string{"read"},
IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(time.Hour),
MaxValidAt: time.Now().Add(24 * time.Hour),
TokenType: domain.TokenTypeUser,
}
tokenString, err := authService.GenerateJWTToken(context.Background(), userToken)
require.NoError(t, err)
assert.NotEmpty(t, tokenString)
// Verify token can be validated
authContext, err := authService.ValidateJWTToken(context.Background(), tokenString)
require.NoError(t, err)
assert.Equal(t, userToken.UserID, authContext.UserID)
}
func TestAuthenticationService_RefreshJWTToken(t *testing.T) {
config := NewMockConfig()
logger := zap.NewNop()
authService := services.NewAuthenticationService(config, logger)
userToken := &domain.UserToken{
AppID: "test-app",
UserID: "test-user",
Permissions: []string{"read"},
IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(time.Hour),
MaxValidAt: time.Now().Add(24 * time.Hour),
TokenType: domain.TokenTypeUser,
}
originalToken, err := authService.GenerateJWTToken(context.Background(), userToken)
require.NoError(t, err)
// Refresh token
newExpiration := time.Now().Add(2 * time.Hour)
refreshedToken, err := authService.RefreshJWTToken(context.Background(), originalToken, newExpiration)
require.NoError(t, err)
assert.NotEmpty(t, refreshedToken)
assert.NotEqual(t, originalToken, refreshedToken)
// Validate refreshed token
authContext, err := authService.ValidateJWTToken(context.Background(), refreshedToken)
require.NoError(t, err)
assert.Equal(t, userToken.UserID, authContext.UserID)
}
func TestJWTManager_InvalidSecret(t *testing.T) {
// Test with empty JWT secret
config := NewTestConfig()
config.values["JWT_SECRET"] = ""
logger := zap.NewNop()
jwtManager := auth.NewJWTManager(config, logger)
userToken := &domain.UserToken{
AppID: "test-app",
UserID: "test-user",
Permissions: []string{"read"},
IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(time.Hour),
MaxValidAt: time.Now().Add(24 * time.Hour),
TokenType: domain.TokenTypeUser,
}
_, err := jwtManager.GenerateToken(userToken)
assert.Error(t, err)
}
func TestJWTManager_TokenRevocation(t *testing.T) {
config := NewMockConfig()
logger := zap.NewNop()
jwtManager := auth.NewJWTManager(config, logger)
userToken := &domain.UserToken{
AppID: "test-app",
UserID: "test-user",
Permissions: []string{"read"},
IssuedAt: time.Now(),
ExpiresAt: time.Now().Add(time.Hour),
MaxValidAt: time.Now().Add(24 * time.Hour),
TokenType: domain.TokenTypeUser,
}
tokenString, err := jwtManager.GenerateToken(userToken)
require.NoError(t, err)
// Check revocation status (should be false initially)
revoked, err := jwtManager.IsTokenRevoked(tokenString)
require.NoError(t, err)
assert.False(t, revoked)
// Revoke token (currently just logs, doesn't actually revoke)
err = jwtManager.RevokeToken(tokenString)
require.NoError(t, err)
// Note: Current implementation doesn't actually implement blacklisting,
// so this test just verifies the methods don't error
}
Reference in New Issue View Git Blame Copy Permalink