package blockuser import ( "context" "errors" "testing" "time" "galaxy/authsession/internal/domain/common" "galaxy/authsession/internal/domain/devicesession" "galaxy/authsession/internal/domain/userresolution" "galaxy/authsession/internal/service/shared" "galaxy/authsession/internal/testkit" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestExecuteRetriesProjectionPublishesForBlockFlow(t *testing.T) { t.Parallel() userDirectory := &testkit.InMemoryUserDirectory{} store := &testkit.InMemorySessionStore{} publisher := &testkit.RecordingProjectionPublisher{ Errors: []error{errors.New("publish failed"), nil}, } require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1"))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC()))) service, err := New(userDirectory, store, publisher, testkit.FixedClock{Time: time.Unix(20, 0).UTC()}) require.NoError(t, err) result, err := service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "policy_block", ActorType: "admin", }) require.NoError(t, err) assert.Equal(t, "blocked", result.Outcome) assert.EqualValues(t, 1, result.AffectedSessionCount) require.Len(t, publisher.PublishedSnapshots(), 2) } func TestExecuteRepairsProjectionOnRepeatedAlreadyBlockedRequest(t *testing.T) { t.Parallel() userDirectory := &testkit.InMemoryUserDirectory{} store := &testkit.InMemorySessionStore{} publisher := &testkit.RecordingProjectionPublisher{Err: errors.New("publish failed")} require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1"))) require.NoError(t, store.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC()))) service, err := New(userDirectory, store, publisher, testkit.FixedClock{Time: time.Unix(20, 0).UTC()}) require.NoError(t, err) _, err = service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "policy_block", ActorType: "admin", }) require.Error(t, err) assert.Equal(t, shared.ErrorCodeServiceUnavailable, shared.CodeOf(err)) require.Len(t, publisher.PublishedSnapshots(), shared.MaxProjectionPublishAttempts) sessionRecord, getErr := store.Get(context.Background(), common.DeviceSessionID("device-session-1")) require.NoError(t, getErr) require.NotNil(t, sessionRecord.Revocation) assert.Equal(t, devicesession.StatusRevoked, sessionRecord.Status) assert.Equal(t, devicesession.RevokeReasonUserBlocked, sessionRecord.Revocation.ReasonCode) resolution, resolveErr := userDirectory.ResolveByEmail(context.Background(), common.Email("pilot@example.com")) require.NoError(t, resolveErr) assert.Equal(t, userresolution.KindBlocked, resolution.Kind) publisher.Err = nil result, err := service.Execute(context.Background(), Input{ UserID: "user-1", ReasonCode: "policy_block", ActorType: "admin", }) require.NoError(t, err) assert.Equal(t, "already_blocked", result.Outcome) assert.EqualValues(t, 0, result.AffectedSessionCount) require.NotNil(t, result.AffectedDeviceSessionIDs) assert.Empty(t, result.AffectedDeviceSessionIDs) require.Len(t, publisher.PublishedSnapshots(), shared.MaxProjectionPublishAttempts+1) }