75 lines
2 KiB
Go
75 lines
2 KiB
Go
package auth_test
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/rede5/gohorsejobs/backend/internal/infrastructure/auth"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestJWTService_HashAndVerifyPassword(t *testing.T) {
|
|
// Setup
|
|
os.Setenv("PASSWORD_PEPPER", "test-pepper")
|
|
defer os.Unsetenv("PASSWORD_PEPPER")
|
|
|
|
service := auth.NewJWTService("secret", "issuer")
|
|
|
|
t.Run("Should hash and verify password correctly", func(t *testing.T) {
|
|
password := "mysecurepassword"
|
|
hash, err := service.HashPassword(password)
|
|
assert.NoError(t, err)
|
|
assert.NotEmpty(t, hash)
|
|
|
|
valid := service.VerifyPassword(hash, password)
|
|
assert.True(t, valid)
|
|
})
|
|
|
|
t.Run("Should fail verification with wrong password", func(t *testing.T) {
|
|
password := "password"
|
|
hash, _ := service.HashPassword(password)
|
|
|
|
valid := service.VerifyPassword(hash, "wrong-password")
|
|
assert.False(t, valid)
|
|
})
|
|
|
|
t.Run("Should fail verification with wrong pepper", func(t *testing.T) {
|
|
password := "password"
|
|
hash, _ := service.HashPassword(password)
|
|
|
|
// Change pepper
|
|
os.Setenv("PASSWORD_PEPPER", "wrong-pepper")
|
|
valid := service.VerifyPassword(hash, password)
|
|
assert.False(t, valid)
|
|
|
|
// Reset pepper
|
|
os.Setenv("PASSWORD_PEPPER", "test-pepper")
|
|
})
|
|
}
|
|
|
|
func TestJWTService_TokenOperations(t *testing.T) {
|
|
service := auth.NewJWTService("secret", "issuer")
|
|
|
|
t.Run("Should generate and validate token", func(t *testing.T) {
|
|
userID := "user-123"
|
|
tenantID := "tenant-456"
|
|
roles := []string{"admin"}
|
|
|
|
token, err := service.GenerateToken(userID, tenantID, roles)
|
|
assert.NoError(t, err)
|
|
assert.NotEmpty(t, token)
|
|
|
|
claims, err := service.ValidateToken(token)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, userID, claims["sub"])
|
|
assert.Equal(t, tenantID, claims["tenant"])
|
|
// JSON numbers are float64, so careful with types if we check deep structure,
|
|
// but roles might come back as []interface{}
|
|
})
|
|
|
|
t.Run("Should fail invalid token", func(t *testing.T) {
|
|
claims, err := service.ValidateToken("invalid-token")
|
|
assert.Error(t, err)
|
|
assert.Nil(t, claims)
|
|
})
|
|
}
|