feat: authsession service

2026-04-08 16:23:07 +02:00
parent 28f04916af
commit 86a68ed9d0
174 changed files with 31732 additions and 112 deletions
@@ -0,0 +1,88 @@
+package blockuser
+
+import (
+	"context"
+	"errors"
+	"testing"
+	"time"
+
+	"galaxy/authsession/internal/domain/common"
+	"galaxy/authsession/internal/domain/devicesession"
+	"galaxy/authsession/internal/domain/userresolution"
+	"galaxy/authsession/internal/service/shared"
+	"galaxy/authsession/internal/testkit"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestExecuteRetriesProjectionPublishesForBlockFlow(t *testing.T) {
+	t.Parallel()
+
+	userDirectory := &testkit.InMemoryUserDirectory{}
+	store := &testkit.InMemorySessionStore{}
+	publisher := &testkit.RecordingProjectionPublisher{
+		Errors: []error{errors.New("publish failed"), nil},
+	}
+	require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1")))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC())))
+
+	service, err := New(userDirectory, store, publisher, testkit.FixedClock{Time: time.Unix(20, 0).UTC()})
+	require.NoError(t, err)
+
+	result, err := service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "policy_block",
+		ActorType:  "admin",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "blocked", result.Outcome)
+	assert.EqualValues(t, 1, result.AffectedSessionCount)
+	require.Len(t, publisher.PublishedSnapshots(), 2)
+}
+
+func TestExecuteRepairsProjectionOnRepeatedAlreadyBlockedRequest(t *testing.T) {
+	t.Parallel()
+
+	userDirectory := &testkit.InMemoryUserDirectory{}
+	store := &testkit.InMemorySessionStore{}
+	publisher := &testkit.RecordingProjectionPublisher{Err: errors.New("publish failed")}
+	require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1")))
+	require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC())))
+
+	service, err := New(userDirectory, store, publisher, testkit.FixedClock{Time: time.Unix(20, 0).UTC()})
+	require.NoError(t, err)
+
+	_, err = service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "policy_block",
+		ActorType:  "admin",
+	})
+	require.Error(t, err)
+	assert.Equal(t, shared.ErrorCodeServiceUnavailable, shared.CodeOf(err))
+	require.Len(t, publisher.PublishedSnapshots(), shared.MaxProjectionPublishAttempts)
+
+	sessionRecord, getErr := store.Get(context.Background(), common.DeviceSessionID("device-session-1"))
+	require.NoError(t, getErr)
+	require.NotNil(t, sessionRecord.Revocation)
+	assert.Equal(t, devicesession.StatusRevoked, sessionRecord.Status)
+	assert.Equal(t, devicesession.RevokeReasonUserBlocked, sessionRecord.Revocation.ReasonCode)
+
+	resolution, resolveErr := userDirectory.ResolveByEmail(context.Background(), common.Email("pilot@example.com"))
+	require.NoError(t, resolveErr)
+	assert.Equal(t, userresolution.KindBlocked, resolution.Kind)
+
+	publisher.Err = nil
+
+	result, err := service.Execute(context.Background(), Input{
+		UserID:     "user-1",
+		ReasonCode: "policy_block",
+		ActorType:  "admin",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "already_blocked", result.Outcome)
+	assert.EqualValues(t, 0, result.AffectedSessionCount)
+	require.NotNil(t, result.AffectedDeviceSessionIDs)
+	assert.Empty(t, result.AffectedDeviceSessionIDs)
+	require.Len(t, publisher.PublishedSnapshots(), shared.MaxProjectionPublishAttempts+1)
+}