테넌트 목록 조회 cursor기반으로 재구성. 사용자 metadata 미사용 필드 제거

2026-05-13 18:05:51 +09:00
parent a4d707d4d8
commit 5e7b7b878c
85 changed files with 4808 additions and 734 deletions
--- a/backend/internal/handler/api_key_handler_test.go
+++ b/backend/internal/handler/api_key_handler_test.go
@@ -1,6 +1,7 @@
 package handler

 import (
+	"baron-sso-backend/internal/domain"
 	"bytes"
 	"encoding/json"
 	"net/http"
@@ -57,3 +58,76 @@ func TestApiKeyHandler_Validation(t *testing.T) {

 	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 }
+
+func TestApiKeyHandler_UpdateApiKeyScopesRequiresDatabase(t *testing.T) {
+	app := fiber.New()
+	h := &ApiKeyHandler{DB: nil}
+
+	app.Patch("/api-keys/:id", h.UpdateApiKey)
+
+	body, _ := json.Marshal(map[string]interface{}{
+		"scopes": []string{"org-context:read"},
+	})
+	req := httptest.NewRequest("PATCH", "/api-keys/api-key-id", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	resp, _ := app.Test(req)
+
+	assert.Equal(t, http.StatusServiceUnavailable, resp.StatusCode)
+}
+
+func TestApiKeyHandler_RotateApiKeySecretRequiresDatabase(t *testing.T) {
+	app := fiber.New()
+	h := &ApiKeyHandler{DB: nil}
+
+	app.Post("/api-keys/:id/secret/rotate", h.RotateApiKeySecret)
+
+	req := httptest.NewRequest("POST", "/api-keys/api-key-id/secret/rotate", nil)
+	resp, _ := app.Test(req)
+
+	assert.Equal(t, http.StatusServiceUnavailable, resp.StatusCode)
+}
+
+func TestApiKeyWithUpdatedScopesPreservesClientID(t *testing.T) {
+	key := domain.ApiKey{
+		ID:               "api-key-id",
+		Name:             "M2M Test",
+		ClientID:         "client-id-stable",
+		ClientSecretHash: "old-secret-hash",
+		Scopes:           "audit:read",
+		Status:           "active",
+	}
+
+	updated := apiKeyWithUpdatedScopes(key, []string{"audit:read", "org-context:read"})
+
+	assert.Equal(t, "client-id-stable", updated.ClientID)
+	assert.Equal(t, "old-secret-hash", updated.ClientSecretHash)
+	assert.Equal(t, "audit:read org-context:read", updated.Scopes)
+}
+
+func TestApiKeyWithRotatedSecretHashPreservesClientIDAndScopes(t *testing.T) {
+	key := domain.ApiKey{
+		ID:               "api-key-id",
+		Name:             "M2M Test",
+		ClientID:         "client-id-stable",
+		ClientSecretHash: "old-secret-hash",
+		Scopes:           "audit:read org-context:read",
+		Status:           "active",
+	}
+
+	updated := apiKeyWithRotatedSecretHash(key, "new-secret-hash")
+
+	assert.Equal(t, "client-id-stable", updated.ClientID)
+	assert.Equal(t, "audit:read org-context:read", updated.Scopes)
+	assert.Equal(t, "new-secret-hash", updated.ClientSecretHash)
+}
+
+func TestNormalizeApiKeyScopesTrimsAndDeduplicates(t *testing.T) {
+	scopes := normalizeApiKeyScopes([]string{
+		" audit:read ",
+		"",
+		"org-context:read",
+		"audit:read",
+	})
+
+	assert.Equal(t, []string{"audit:read", "org-context:read"}, scopes)
+}