feat: authsession service
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,186 @@
|
||||
package devicesession
|
||||
|
||||
import (
|
||||
"crypto/ed25519"
|
||||
"github.com/stretchr/testify/require"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"galaxy/authsession/internal/domain/common"
|
||||
)
|
||||
|
||||
func TestStatusIsKnown(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
value Status
|
||||
want bool
|
||||
}{
|
||||
{name: "active", value: StatusActive, want: true},
|
||||
{name: "revoked", value: StatusRevoked, want: true},
|
||||
{name: "unknown", value: Status("unknown"), want: false},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
if got := tt.value.IsKnown(); got != tt.want {
|
||||
require.Failf(t, "test failed", "IsKnown() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestStatusCanTransitionTo(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
from Status
|
||||
to Status
|
||||
want bool
|
||||
}{
|
||||
{name: "active to revoked", from: StatusActive, to: StatusRevoked, want: true},
|
||||
{name: "active to active", from: StatusActive, to: StatusActive, want: false},
|
||||
{name: "revoked terminal", from: StatusRevoked, to: StatusActive, want: false},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
if got := tt.from.CanTransitionTo(tt.to); got != tt.want {
|
||||
require.Failf(t, "test failed", "CanTransitionTo() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsKnownRevokeReasonCode(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
value common.RevokeReasonCode
|
||||
want bool
|
||||
}{
|
||||
{name: "device logout", value: RevokeReasonDeviceLogout, want: true},
|
||||
{name: "logout all", value: RevokeReasonLogoutAll, want: true},
|
||||
{name: "admin revoke", value: RevokeReasonAdminRevoke, want: true},
|
||||
{name: "user blocked", value: RevokeReasonUserBlocked, want: true},
|
||||
{name: "custom code", value: common.RevokeReasonCode("custom_policy"), want: false},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
if got := IsKnownRevokeReasonCode(tt.value); got != tt.want {
|
||||
require.Failf(t, "test failed", "IsKnownRevokeReasonCode() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionValidate(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mutate func(*Session)
|
||||
wantErr bool
|
||||
}{
|
||||
{name: "active valid"},
|
||||
{
|
||||
name: "revoked valid",
|
||||
mutate: func(s *Session) {
|
||||
s.Status = StatusRevoked
|
||||
s.Revocation = validRevocation()
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "active rejects revocation",
|
||||
mutate: func(s *Session) {
|
||||
s.Revocation = validRevocation()
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "revoked requires revocation",
|
||||
mutate: func(s *Session) {
|
||||
s.Status = StatusRevoked
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "revoked requires complete metadata",
|
||||
mutate: func(s *Session) {
|
||||
s.Status = StatusRevoked
|
||||
revocation := validRevocation()
|
||||
revocation.ReasonCode = ""
|
||||
s.Revocation = revocation
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
session := validSession(t)
|
||||
if tt.mutate != nil {
|
||||
tt.mutate(&session)
|
||||
}
|
||||
|
||||
err := session.Validate()
|
||||
if tt.wantErr && err == nil {
|
||||
require.FailNow(t, "Validate() returned nil error")
|
||||
}
|
||||
if !tt.wantErr && err != nil {
|
||||
require.Failf(t, "test failed", "Validate() returned error: %v", err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func validSession(t *testing.T) Session {
|
||||
t.Helper()
|
||||
|
||||
raw := make(ed25519.PublicKey, ed25519.PublicKeySize)
|
||||
for index := range raw {
|
||||
raw[index] = byte(index + 7)
|
||||
}
|
||||
|
||||
key, err := common.NewClientPublicKey(raw)
|
||||
if err != nil {
|
||||
require.Failf(t, "test failed", "NewClientPublicKey() returned error: %v", err)
|
||||
}
|
||||
|
||||
return Session{
|
||||
ID: common.DeviceSessionID("device-session-123"),
|
||||
UserID: common.UserID("user-123"),
|
||||
ClientPublicKey: key,
|
||||
Status: StatusActive,
|
||||
CreatedAt: time.Unix(1_775_121_600, 0).UTC(),
|
||||
}
|
||||
}
|
||||
|
||||
func validRevocation() *Revocation {
|
||||
return &Revocation{
|
||||
At: time.Unix(1_775_121_800, 0).UTC(),
|
||||
ReasonCode: RevokeReasonAdminRevoke,
|
||||
ActorType: common.RevokeActorType("admin"),
|
||||
ActorID: "admin-123",
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user