feat: authsession service

authsession/internal/service/blockuser/cross_flow_test.go

@@ -0,0 +1,91 @@
+package blockuser
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"galaxy/authsession/internal/domain/challenge"
+	"galaxy/authsession/internal/domain/common"
+	"galaxy/authsession/internal/service/confirmemailcode"
+	"galaxy/authsession/internal/service/sendemailcode"
+	"galaxy/authsession/internal/service/shared"
+	"galaxy/authsession/internal/testkit"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const blockFlowPublicKey = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8="
+
+func TestBlockUserAffectsLaterSendAndConfirmFlows(t *testing.T) {
+	t.Parallel()
+
+	challengeStore := &testkit.InMemoryChallengeStore{}
+	sessionStore := &testkit.InMemorySessionStore{}
+	userDirectory := &testkit.InMemoryUserDirectory{}
+	publisher := &testkit.RecordingProjectionPublisher{}
+	idGenerator := &testkit.SequenceIDGenerator{
+		ChallengeIDs:     []common.ChallengeID{"challenge-1"},
+		DeviceSessionIDs: []common.DeviceSessionID{"device-session-1"},
+	}
+	hasher := testkit.DeterministicCodeHasher{}
+	mailSender := &testkit.RecordingMailSender{}
+	now := time.Unix(20, 0).UTC()
+	clock := testkit.FixedClock{Time: now}
+
+	blockService, err := New(userDirectory, sessionStore, publisher, clock)
+	require.NoError(t, err)
+
+	_, err = blockService.Execute(context.Background(), Input{
+		Email:      "pilot@example.com",
+		ReasonCode: "policy_block",
+		ActorType:  "admin",
+	})
+	require.NoError(t, err)
+
+	sendService, err := sendemailcode.New(
+		challengeStore,
+		userDirectory,
+		idGenerator,
+		testkit.FixedCodeGenerator{Code: "654321"},
+		hasher,
+		mailSender,
+		clock,
+	)
+	require.NoError(t, err)
+
+	sendResult, err := sendService.Execute(context.Background(), sendemailcode.Input{Email: "pilot@example.com"})
+	require.NoError(t, err)
+	assert.Equal(t, "challenge-1", sendResult.ChallengeID)
+	assert.Empty(t, mailSender.RecordedInputs())
+
+	challengeRecord, err := challengeStore.Get(context.Background(), common.ChallengeID("challenge-1"))
+	require.NoError(t, err)
+	assert.Equal(t, challenge.StatusDeliverySuppressed, challengeRecord.Status)
+	assert.Equal(t, challenge.DeliverySuppressed, challengeRecord.DeliveryState)
+
+	confirmService, err := confirmemailcode.New(
+		challengeStore,
+		sessionStore,
+		userDirectory,
+		testkit.StaticConfigProvider{},
+		publisher,
+		idGenerator,
+		hasher,
+		clock,
+	)
+	require.NoError(t, err)
+
+	_, err = confirmService.Execute(context.Background(), confirmemailcode.Input{
+		ChallengeID:     "challenge-1",
+		Code:            "654321",
+		ClientPublicKey: blockFlowPublicKey,
+	})
+	require.Error(t, err)
+	assert.Equal(t, shared.ErrorCodeBlockedByPolicy, shared.CodeOf(err))
+
+	updatedChallenge, getErr := challengeStore.Get(context.Background(), common.ChallengeID("challenge-1"))
+	require.NoError(t, getErr)
+	assert.Equal(t, challenge.StatusFailed, updatedChallenge.Status)
+}