scripte/mailarchiv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c8b115a635e96ce019aa3ad4f7736d79041e505b
mailarchiv/userstore_test.go
T
patrick c8b115a635 Dateien nach "/" hochladen
2026-03-12 16:27:43 +01:00

246 lines
5.8 KiB
Go
Raw Blame History

package userstore_test
import (
"path/filepath"
"testing"
"time"
"github.com/mailarchive/internal/userstore"
)
func newTestStore(t *testing.T) *userstore.Store {
t.Helper()
s, err := userstore.New(filepath.Join(t.TempDir(), "users.db"))
if err != nil {
t.Fatalf("userstore.New: %v", err)
}
t.Cleanup(func() { s.Close() })
return s
}
func TestCreateAndGetUser(t *testing.T) {
s := newTestStore(t)
u, err := s.Create(userstore.CreateUserRequest{
Username: "alice",
Email: "alice@example.com",
Password: "secret123",
Role: userstore.RoleAdmin,
})
if err != nil {
t.Fatalf("Create: %v", err)
}
if u.ID == 0 {
t.Error("expected non-zero ID")
}
if u.Username != "alice" {
t.Errorf("Username = %q", u.Username)
}
if u.Role != userstore.RoleAdmin {
t.Errorf("Role = %q", u.Role)
}
if u.Source != "local" {
t.Errorf("Source = %q, want local", u.Source)
}
got, err := s.GetByID(u.ID)
if err != nil {
t.Fatalf("GetByID: %v", err)
}
if got.Email != "alice@example.com" {
t.Errorf("Email = %q", got.Email)
}
}
func TestVerifyPassword(t *testing.T) {
s := newTestStore(t)
_, err := s.Create(userstore.CreateUserRequest{
Username: "bob", Email: "bob@example.com",
Password: "correcthorse", Role: userstore.RoleUser,
})
if err != nil {
t.Fatal(err)
}
// Correct password
u, err := s.VerifyPassword("bob", "correcthorse")
if err != nil {
t.Errorf("VerifyPassword correct: %v", err)
}
if u.Username != "bob" {
t.Errorf("Username = %q", u.Username)
}
// Wrong password
if _, err := s.VerifyPassword("bob", "wrongpassword"); err == nil {
t.Error("expected error for wrong password")
}
// Non-existent user
if _, err := s.VerifyPassword("nobody", "x"); err == nil {
t.Error("expected error for unknown user")
}
}
func TestUpdateUser(t *testing.T) {
s := newTestStore(t)
u, _ := s.Create(userstore.CreateUserRequest{
Username: "carol", Email: "carol@old.com",
Password: "pw", Role: userstore.RoleUser,
})
newEmail := "carol@new.com"
newRole := userstore.RoleAuditor
updated, err := s.Update(u.ID, userstore.UpdateUserRequest{
Email: &newEmail,
Role: &newRole,
})
if err != nil {
t.Fatalf("Update: %v", err)
}
if updated.Email != "carol@new.com" {
t.Errorf("Email after update = %q", updated.Email)
}
if updated.Role != userstore.RoleAuditor {
t.Errorf("Role after update = %q", updated.Role)
}
}
func TestDisableUser(t *testing.T) {
s := newTestStore(t)
u, _ := s.Create(userstore.CreateUserRequest{
Username: "dave", Email: "dave@x.com",
Password: "pw", Role: userstore.RoleUser,
})
active := false
s.Update(u.ID, userstore.UpdateUserRequest{Active: &active})
if _, err := s.VerifyPassword("dave", "pw"); err == nil {
t.Error("disabled user should not be able to login")
}
}
func TestDeleteUser(t *testing.T) {
s := newTestStore(t)
u, _ := s.Create(userstore.CreateUserRequest{
Username: "eve", Email: "eve@x.com",
Password: "pw", Role: userstore.RoleUser,
})
if err := s.Delete(u.ID); err != nil {
t.Fatalf("Delete: %v", err)
}
if _, err := s.GetByID(u.ID); err == nil {
t.Error("GetByID should error after delete")
}
// Delete non-existent should error
if err := s.Delete(u.ID); err == nil {
t.Error("second delete should return error")
}
}
func TestListUsers(t *testing.T) {
s := newTestStore(t)
users := []userstore.CreateUserRequest{
{Username: "u1", Email: "u1@x.com", Password: "pw", Role: userstore.RoleUser},
{Username: "u2", Email: "u2@x.com", Password: "pw", Role: userstore.RoleAdmin},
{Username: "u3", Email: "u3@x.com", Password: "pw", Role: userstore.RoleAuditor},
{Username: "u4", Email: "u4@x.com", Password: "pw", Role: userstore.RoleUser},
}
for _, req := range users {
s.Create(req)
}
all, err := s.List("")
if err != nil {
t.Fatalf("List all: %v", err)
}
if len(all) != 4 {
t.Errorf("List all: got %d, want 4", len(all))
}
admins, _ := s.List(userstore.RoleAdmin)
if len(admins) != 1 {
t.Errorf("List admin: got %d, want 1", len(admins))
}
regular, _ := s.List(userstore.RoleUser)
if len(regular) != 2 {
t.Errorf("List user: got %d, want 2", len(regular))
}
}
func TestTokenBlacklist(t *testing.T) {
s := newTestStore(t)
jti := "test-jti-12345"
expires := time.Now().Add(1 * time.Hour)
if err := s.BlacklistToken(jti, expires); err != nil {
t.Fatalf("BlacklistToken: %v", err)
}
blacklisted, err := s.IsBlacklisted(jti)
if err != nil {
t.Fatalf("IsBlacklisted: %v", err)
}
if !blacklisted {
t.Error("token should be blacklisted")
}
// Non-blacklisted token
bl2, _ := s.IsBlacklisted("other-jti")
if bl2 {
t.Error("unknown token should not be blacklisted")
}
}
func TestCleanExpiredTokens(t *testing.T) {
s := newTestStore(t)
// Add an already-expired token
s.BlacklistToken("expired-jti", time.Now().Add(-1*time.Hour))
// Add a valid token
s.BlacklistToken("valid-jti", time.Now().Add(1*time.Hour))
if err := s.CleanExpiredTokens(); err != nil {
t.Fatalf("CleanExpiredTokens: %v", err)
}
bl, _ := s.IsBlacklisted("expired-jti")
if bl {
t.Error("expired token should be cleaned up")
}
bl2, _ := s.IsBlacklisted("valid-jti")
if !bl2 {
t.Error("valid token should still be blacklisted")
}
}
func TestUpsertLDAPUser(t *testing.T) {
s := newTestStore(t)
u, err := s.UpsertLDAPUser("ldapuser", "ldap@corp.com", userstore.RoleAuditor)
if err != nil {
t.Fatalf("UpsertLDAPUser: %v", err)
}
if u.Source != "ldap" {
t.Errorf("Source = %q, want ldap", u.Source)
}
// Second upsert should update, not duplicate
u2, err := s.UpsertLDAPUser("ldapuser", "ldap@corp.com", userstore.RoleAuditor)
if err != nil {
t.Fatalf("UpsertLDAPUser second: %v", err)
}
if u2.ID != u.ID {
t.Error("second upsert should not create a new record")
}
all, _ := s.List("")
if len(all) != 1 {
t.Errorf("expected 1 user after double upsert, got %d", len(all))
}
}
Reference in New Issue View Git Blame Copy Permalink