테넌트 접속 제한 백엔드 로직 수정

2026-04-28 09:55:37 +09:00
parent 3f85f6cfe3
commit 367368805a
6 changed files with 107 additions and 61 deletions
--- a/backend/internal/handler/auth_handler_consent_test.go
+++ b/backend/internal/handler/auth_handler_consent_test.go
@@ -82,6 +82,7 @@ func TestGetConsentRequest_AddsMandatoryTenantScope(t *testing.T) {
 					"client_name": "Test App",
 					"metadata": map[string]any{
 						"tenant_access_restricted": true,
+						"allowed_tenants":          []string{"tenant-allow"},
 						"structured_scopes": []map[string]any{
 							{"name": "openid", "mandatory": true},
 							{"name": "tenant", "mandatory": true, "locked": true},
@@ -108,6 +109,8 @@ func TestGetConsentRequest_AddsMandatoryTenantScope(t *testing.T) {
 	app := newConsentTestApp(h)

 	req := httptest.NewRequest(http.MethodGet, "/api/v1/auth/consent?consent_challenge=challenge-tenant-scope", nil)
+	req.Header.Set("X-Mock-Role", "user")
+	req.Header.Set("X-Tenant-ID", "tenant-allow")
 	resp, err := app.Test(req)

 	assert.NoError(t, err)
@@ -270,6 +273,7 @@ func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
 					"metadata": map[string]any{
 						"tenant_id":                "tenant-abc",
 						"tenant_access_restricted": true,
+						"allowed_tenants":          []string{"tenant-abc"},
 						"structured_scopes": []map[string]any{
 							{"name": "openid", "mandatory": true},
 							{"name": "tenant", "mandatory": true, "locked": true},
@@ -327,6 +331,8 @@ func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
 	})
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/consent/accept", bytes.NewReader(body))
 	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-Mock-Role", "user")
+	req.Header.Set("X-Tenant-ID", "tenant-abc")

 	resp, err := app.Test(req)
 	assert.NoError(t, err)