사용자 삭제 RP 관계 정리 로그 미표시 수정

2026-05-28 15:42:14 +09:00
parent a156713db7
commit 5648b7ec45
2 changed files with 126 additions and 3 deletions
--- a/backend/internal/handler/user_handler_test.go
+++ b/backend/internal/handler/user_handler_test.go
@@ -1293,6 +1293,66 @@ func TestUserHandler_DeleteUserFallsBackToKetoOutboxWhenLiveRelationsAreEmpty(t
 	mockOutbox.AssertExpectations(t)
 }

+func TestUserHandler_DeleteUserRecordsCascadeRelyingPartyCleanupAudit(t *testing.T) {
+	app := fiber.New()
+	mockKratos := new(MockKratosAdmin)
+	userRepo := new(MockUserRepoForHandler)
+	mockKeto := new(userHandlerMockKetoService)
+	mockOutbox := new(userHandlerMockKetoOutboxRepository)
+	auditRepo := &mockAuditRepo{}
+	h := &UserHandler{
+		KratosAdmin:    mockKratos,
+		UserRepo:       userRepo,
+		KetoService:    mockKeto,
+		KetoOutboxRepo: mockOutbox,
+		AuditRepo:      auditRepo,
+	}
+
+	app.Delete("/users/:id", func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "admin-1", Role: domain.RoleSuperAdmin})
+		return h.DeleteUser(c)
+	})
+
+	mockKeto.On("ListRelations", mock.Anything, "RelyingParty", "", "", "User:u-1").Return([]service.RelationTuple{
+		{Namespace: "RelyingParty", Object: "client-1", Relation: "admins", SubjectID: "User:u-1"},
+	}, nil).Once()
+	mockKeto.On("DeleteRelation", mock.Anything, "RelyingParty", "client-1", "admins", "User:u-1").Return(nil).Once()
+	mockOutbox.On("Create", mock.Anything, mock.MatchedBy(func(entry *domain.KetoOutbox) bool {
+		return entry.Namespace == "RelyingParty" && entry.Object == "client-1" && entry.Relation == "admins" && entry.Subject == "User:u-1" && entry.Action == domain.KetoOutboxActionDelete
+	})).Return(nil).Once()
+	mockOutbox.On("Create", mock.Anything, mock.MatchedBy(func(entry *domain.KetoOutbox) bool {
+		return entry.Namespace == "System" && entry.Object == "global" && entry.Relation == "super_admins" && entry.Subject == "User:u-1" && entry.Action == domain.KetoOutboxActionDelete
+	})).Return(nil).Once()
+	mockKratos.On("DeleteIdentity", mock.Anything, "u-1").Return(nil).Once()
+
+	req := httptest.NewRequest(http.MethodDelete, "/users/u-1", nil)
+	resp, err := app.Test(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusNoContent, resp.StatusCode)
+
+	require.Len(t, auditRepo.logs, 1)
+	log := auditRepo.logs[0]
+	assert.Equal(t, "admin-1", log.UserID)
+	assert.Equal(t, "DELETE /api/v1/dev/clients/client-1/relations/admins", log.EventType)
+
+	details := map[string]any{}
+	require.NoError(t, json.Unmarshal([]byte(log.Details), &details))
+	assert.Equal(t, "REMOVE_RELATION", details["action"])
+	assert.Equal(t, "client-1", details["target_id"])
+	assert.Equal(t, "user_delete", details["source"])
+	assert.Equal(t, "u-1", details["deleted_user_id"])
+	assert.Equal(t, "User:u-1", details["relation_subject"])
+
+	before, ok := details["before"].(map[string]any)
+	require.True(t, ok)
+	assert.Equal(t, "admins", before["relation"])
+	assert.Equal(t, "User:u-1", before["subject"])
+
+	mockKratos.AssertExpectations(t)
+	mockKeto.AssertExpectations(t)
+	mockOutbox.AssertExpectations(t)
+}
+
 func TestUserHandler_UpdateUser_AdminOnlyField(t *testing.T) {
 	app := fiber.New()
 	mockKratos := new(MockKratosAdmin)