1
0
forked from baron/baron-sso

test(backend): add unit tests for user group management and fix interface inconsistencies

This commit is contained in:
2026-02-13 14:55:45 +09:00
parent 7f8d52ac3f
commit 92f084fd59
7 changed files with 408 additions and 1 deletions

View File

@@ -80,6 +80,7 @@ type UserProfileResponse struct {
RelyingPartyID *string `json:"relyingPartyId,omitempty"` // 추가 RelyingPartyID *string `json:"relyingPartyId,omitempty"` // 추가
Metadata map[string]any `json:"metadata,omitempty"` Metadata map[string]any `json:"metadata,omitempty"`
Tenant *Tenant `json:"tenant,omitempty"` Tenant *Tenant `json:"tenant,omitempty"`
ManageableTenants []Tenant `json:"manageableTenants,omitempty"` // 추가: 관리 가능한 테넌트 목록
} }
type UpdateUserRequest struct { type UpdateUserRequest struct {

View File

@@ -0,0 +1,137 @@
package handler
import (
"baron-sso-backend/internal/domain"
"bytes"
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
"github.com/gofiber/fiber/v2"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
// --- Mocks ---
type MockUserGroupService struct {
mock.Mock
}
func (m *MockUserGroupService) Create(ctx context.Context, group *domain.UserGroup) error {
return m.Called(ctx, group).Error(0)
}
func (m *MockUserGroupService) Update(ctx context.Context, group *domain.UserGroup) error {
return m.Called(ctx, group).Error(0)
}
func (m *MockUserGroupService) Delete(ctx context.Context, id string) error {
return m.Called(ctx, id).Error(0)
}
func (m *MockUserGroupService) Get(ctx context.Context, id string) (*domain.UserGroup, error) {
args := m.Called(ctx, id)
if args.Get(0) == nil {
return nil, args.Error(1)
}
return args.Get(0).(*domain.UserGroup), args.Error(1)
}
func (m *MockUserGroupService) List(ctx context.Context, tenantID string) ([]domain.UserGroup, error) {
args := m.Called(ctx, tenantID)
return args.Get(0).([]domain.UserGroup), args.Error(1)
}
func (m *MockUserGroupService) AddMember(ctx context.Context, groupID, userID string) error {
return m.Called(ctx, groupID, userID).Error(0)
}
func (m *MockUserGroupService) RemoveMember(ctx context.Context, groupID, userID string) error {
return m.Called(ctx, groupID, userID).Error(0)
}
func (m *MockUserGroupService) ListRoles(ctx context.Context, groupID string) ([]domain.GroupRole, error) {
args := m.Called(ctx, groupID)
return args.Get(0).([]domain.GroupRole), args.Error(1)
}
func (m *MockUserGroupService) AssignRoleToTenant(ctx context.Context, groupID, tenantID, relation string) error {
return m.Called(ctx, groupID, tenantID, relation).Error(0)
}
func (m *MockUserGroupService) RemoveRoleFromTenant(ctx context.Context, groupID, tenantID, relation string) error {
return m.Called(ctx, groupID, tenantID, relation).Error(0)
}
// --- Tests ---
func TestUserGroupHandler_List(t *testing.T) {
mockSvc := new(MockUserGroupService)
h := NewUserGroupHandler(mockSvc)
app := fiber.New()
app.Get("/tenants/:tenantId/user-groups", h.List)
tenantID := "t1"
groups := []domain.UserGroup{{ID: "g1", Name: "Group 1"}}
mockSvc.On("List", mock.Anything, tenantID).Return(groups, nil)
req := httptest.NewRequest("GET", "/tenants/t1/user-groups", nil)
resp, _ := app.Test(req)
assert.Equal(t, http.StatusOK, resp.StatusCode)
var result []domain.UserGroup
json.NewDecoder(resp.Body).Decode(&result)
assert.Len(t, result, 1)
assert.Equal(t, "Group 1", result[0].Name)
}
func TestUserGroupHandler_Create(t *testing.T) {
mockSvc := new(MockUserGroupService)
h := NewUserGroupHandler(mockSvc)
app := fiber.New()
app.Post("/tenants/:tenantId/user-groups", h.Create)
body, _ := json.Marshal(map[string]string{"name": "New Group"})
mockSvc.On("Create", mock.Anything, mock.MatchedBy(func(g *domain.UserGroup) bool {
return g.Name == "New Group" && g.TenantID == "t1"
})).Return(nil)
req := httptest.NewRequest("POST", "/tenants/t1/user-groups", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
resp, _ := app.Test(req)
assert.Equal(t, http.StatusCreated, resp.StatusCode)
}
func TestUserGroupHandler_AddMember(t *testing.T) {
mockSvc := new(MockUserGroupService)
h := NewUserGroupHandler(mockSvc)
app := fiber.New()
app.Post("/user-groups/:id/members", h.AddMember)
groupID := "g1"
userID := "u1"
body, _ := json.Marshal(map[string]string{"userId": userID})
mockSvc.On("AddMember", mock.Anything, groupID, userID).Return(nil)
req := httptest.NewRequest("POST", "/user-groups/g1/members", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
resp, _ := app.Test(req)
assert.Equal(t, http.StatusOK, resp.StatusCode)
}
func TestUserGroupHandler_AssignRole(t *testing.T) {
mockSvc := new(MockUserGroupService)
h := NewUserGroupHandler(mockSvc)
app := fiber.New()
app.Post("/user-groups/:id/roles", h.AssignRole)
groupID := "g1"
targetTenantID := "t2"
relation := "manage"
body, _ := json.Marshal(map[string]string{"tenantId": targetTenantID, "relation": relation})
mockSvc.On("AssignRoleToTenant", mock.Anything, groupID, targetTenantID, relation).Return(nil)
req := httptest.NewRequest("POST", "/user-groups/g1/roles", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
resp, _ := app.Test(req)
assert.Equal(t, http.StatusOK, resp.StatusCode)
}

View File

@@ -14,6 +14,7 @@ type TenantRepository interface {
FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error) FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error)
FindByName(ctx context.Context, name string) (*domain.Tenant, error) FindByName(ctx context.Context, name string) (*domain.Tenant, error)
FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error)
FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error)
AddDomain(ctx context.Context, tenantID string, domainName string) error AddDomain(ctx context.Context, tenantID string, domainName string) error
} }
@@ -70,6 +71,17 @@ func (r *tenantRepository) FindByDomain(ctx context.Context, domainName string)
return &tenant, nil return &tenant, nil
} }
func (r *tenantRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error) {
var tenants []domain.Tenant
if len(ids) == 0 {
return tenants, nil
}
if err := r.db.WithContext(ctx).Preload("Domains").Where("id IN ?", ids).Find(&tenants).Error; err != nil {
return nil, err
}
return tenants, nil
}
func (r *tenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error { func (r *tenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error {
td := domain.TenantDomain{ td := domain.TenantDomain{
TenantID: tenantID, TenantID: tenantID,

View File

@@ -18,6 +18,7 @@ type KetoService interface {
CreateRelation(ctx context.Context, namespace, object, relation, subject string) error CreateRelation(ctx context.Context, namespace, object, relation, subject string) error
DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error
ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error) ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error)
ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error)
} }
type ketoService struct { type ketoService struct {
@@ -192,3 +193,46 @@ func (s *ketoService) DeleteRelation(ctx context.Context, namespace, object, rel
slog.Info("Keto relation deleted", "namespace", namespace, "object", object, "relation", relation, "subject", subject) slog.Info("Keto relation deleted", "namespace", namespace, "object", object, "relation", relation, "subject", subject)
return nil return nil
} }
func (s *ketoService) ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error) {
u, _ := url.Parse(fmt.Sprintf("%s/relation-tuples", s.readURL))
q := u.Query()
if namespace != "" {
q.Set("namespace", namespace)
}
if relation != "" {
q.Set("relation", relation)
}
if subject != "" {
q.Set("subject_id", subject)
}
u.RawQuery = q.Encode()
req, _ := http.NewRequestWithContext(ctx, "GET", u.String(), nil)
resp, err := s.client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, _ := io.ReadAll(resp.Body)
return nil, fmt.Errorf("keto returned status %d: %s", resp.StatusCode, string(body))
}
var res relationTuplesResponse
if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
return nil, err
}
objects := make([]string, 0, len(res.RelationTuples))
seen := make(map[string]bool)
for _, rt := range res.RelationTuples {
if !seen[rt.Object] {
objects = append(objects, rt.Object)
seen[rt.Object] = true
}
}
return objects, nil
}

View File

@@ -57,9 +57,12 @@ func TestKetoService_CreateRelation(t *testing.T) {
func TestKetoService_DeleteRelation(t *testing.T) { func TestKetoService_DeleteRelation(t *testing.T) {
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "/relation-tuples", r.URL.Path) assert.Equal(t, "/admin/relation-tuples", r.URL.Path)
assert.Equal(t, "DELETE", r.Method) assert.Equal(t, "DELETE", r.Method)
assert.Equal(t, "user1", r.URL.Query().Get("subject_id")) assert.Equal(t, "user1", r.URL.Query().Get("subject_id"))
assert.Equal(t, "tenants", r.URL.Query().Get("namespace"))
assert.Equal(t, "tenant1", r.URL.Query().Get("object"))
assert.Equal(t, "admin", r.URL.Query().Get("relation"))
w.WriteHeader(http.StatusNoContent) w.WriteHeader(http.StatusNoContent)
}) })

View File

@@ -54,6 +54,14 @@ func (m *MockKetoService) ListRelations(ctx context.Context, namespace, object,
return args.Get(0).([]RelationTuple), args.Error(1) return args.Get(0).([]RelationTuple), args.Error(1)
} }
func (m *MockKetoService) ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error) {
args := m.Called(ctx, namespace, relation, subject)
if args.Get(0) == nil {
return nil, args.Error(1)
}
return args.Get(0).([]string), args.Error(1)
}
// --- Test Helpers --- // --- Test Helpers ---
type hydraRoundTripperFunc func(*http.Request) (*http.Response, error) type hydraRoundTripperFunc func(*http.Request) (*http.Response, error)

View File

@@ -0,0 +1,202 @@
package service
import (
"baron-sso-backend/internal/domain"
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
// --- Mocks for Repositories ---
type MockUserGroupRepository struct {
mock.Mock
}
func (m *MockUserGroupRepository) Create(ctx context.Context, group *domain.UserGroup) error {
return m.Called(ctx, group).Error(0)
}
func (m *MockUserGroupRepository) Update(ctx context.Context, group *domain.UserGroup) error {
return m.Called(ctx, group).Error(0)
}
func (m *MockUserGroupRepository) Delete(ctx context.Context, id string) error {
return m.Called(ctx, id).Error(0)
}
func (m *MockUserGroupRepository) FindByID(ctx context.Context, id string) (*domain.UserGroup, error) {
args := m.Called(ctx, id)
if args.Get(0) == nil {
return nil, args.Error(1)
}
return args.Get(0).(*domain.UserGroup), args.Error(1)
}
func (m *MockUserGroupRepository) ListByTenantID(ctx context.Context, tenantID string) ([]domain.UserGroup, error) {
args := m.Called(ctx, tenantID)
return args.Get(0).([]domain.UserGroup), args.Error(1)
}
type MockUserRepository struct {
mock.Mock
}
func (m *MockUserRepository) Create(ctx context.Context, user *domain.User) error { return nil }
func (m *MockUserRepository) Update(ctx context.Context, user *domain.User) error { return nil }
func (m *MockUserRepository) FindByEmail(ctx context.Context, email string) (*domain.User, error) {
return nil, nil
}
func (m *MockUserRepository) FindByID(ctx context.Context, id string) (*domain.User, error) {
return nil, nil
}
func (m *MockUserRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.User, error) {
args := m.Called(ctx, ids)
return args.Get(0).([]domain.User), args.Error(1)
}
func (m *MockUserRepository) ListByTenant(ctx context.Context, tenantID string) ([]domain.User, error) {
return nil, nil
}
func (m *MockUserRepository) List(ctx context.Context, offset, limit int, search string) ([]domain.User, int64, error) {
return nil, 0, nil
}
type MockTenantRepository struct {
mock.Mock
}
func (m *MockTenantRepository) Create(ctx context.Context, tenant *domain.Tenant) error { return nil }
func (m *MockTenantRepository) Update(ctx context.Context, tenant *domain.Tenant) error { return nil }
func (m *MockTenantRepository) FindByID(ctx context.Context, id string) (*domain.Tenant, error) {
return nil, nil
}
func (m *MockTenantRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error) {
args := m.Called(ctx, ids)
return args.Get(0).([]domain.Tenant), args.Error(1)
}
func (m *MockTenantRepository) FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error) {
return nil, nil
}
func (m *MockTenantRepository) FindByName(ctx context.Context, name string) (*domain.Tenant, error) {
return nil, nil
}
func (m *MockTenantRepository) FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
return nil, nil
}
func (m *MockTenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error {
return nil
}
// --- Tests ---
func TestUserGroupService_Create(t *testing.T) {
mockRepo := new(MockUserGroupRepository)
mockKeto := new(MockKetoService)
// We don't need userRepo or tenantRepo for Create
svc := NewUserGroupService(mockRepo, nil, nil, mockKeto, nil)
group := &domain.UserGroup{
ID: "group-1",
TenantID: "tenant-1",
Name: "Test Group",
}
mockRepo.On("Create", mock.Anything, group).Return(nil)
mockKeto.On("CreateRelation", mock.Anything, "UserGroup", group.ID, "parent_tenant", "Tenant:"+group.TenantID).Return(nil)
err := svc.Create(context.Background(), group)
assert.NoError(t, err)
mockRepo.AssertExpectations(t)
mockKeto.AssertExpectations(t)
}
func TestUserGroupService_AddMember(t *testing.T) {
mockKeto := new(MockKetoService)
svc := NewUserGroupService(nil, nil, nil, mockKeto, nil)
groupID := "group-1"
userID := "user-1"
mockKeto.On("CreateRelation", mock.Anything, "UserGroup", groupID, "members", "User:"+userID).Return(nil)
err := svc.AddMember(context.Background(), groupID, userID)
assert.NoError(t, err)
mockKeto.AssertExpectations(t)
}
func TestUserGroupService_AssignRoleToTenant(t *testing.T) {
mockKeto := new(MockKetoService)
svc := NewUserGroupService(nil, nil, nil, mockKeto, nil)
groupID := "group-1"
tenantID := "tenant-alpha"
relation := "manage"
expectedSubject := "UserGroup:" + groupID + "#members"
mockKeto.On("CreateRelation", mock.Anything, "Tenant", tenantID, relation, expectedSubject).Return(nil)
err := svc.AssignRoleToTenant(context.Background(), groupID, tenantID, relation)
assert.NoError(t, err)
mockKeto.AssertExpectations(t)
}
func TestUserGroupService_ListRoles(t *testing.T) {
mockKeto := new(MockKetoService)
mockTenantRepo := new(MockTenantRepository)
svc := NewUserGroupService(nil, nil, mockTenantRepo, mockKeto, nil)
groupID := "group-1"
subject := "UserGroup:" + groupID + "#members"
// Mock Keto relations
tuples := []RelationTuple{
{Object: "t1", Relation: "manage", SubjectID: subject},
{Object: "t2", Relation: "view", SubjectID: subject},
}
mockKeto.On("ListRelations", mock.Anything, "Tenant", "", "", subject).Return(tuples, nil)
// Mock Tenant fetching
tenants := []domain.Tenant{
{ID: "t1", Name: "Tenant One"},
{ID: "t2", Name: "Tenant Two"},
}
mockTenantRepo.On("FindByIDs", mock.Anything, []string{"t1", "t2"}).Return(tenants, nil)
roles, err := svc.ListRoles(context.Background(), groupID)
assert.NoError(t, err)
assert.Len(t, roles, 2)
assert.Equal(t, "Tenant One", roles[0].TenantName)
assert.Equal(t, "manage", roles[0].Relation)
assert.Equal(t, "Tenant Two", roles[1].TenantName)
assert.Equal(t, "view", roles[1].Relation)
mockKeto.AssertExpectations(t)
mockTenantRepo.AssertExpectations(t)
}
func TestUserGroupService_Get_WithKratosFallback(t *testing.T) {
// This tests the logic where a user is in Keto but not in local DB
mockRepo := new(MockUserGroupRepository)
mockKeto := new(MockKetoService)
mockUserRepo := new(MockUserRepository)
// We need a way to mock KratosAdminService but it's a struct, not an interface.
// For this POC test, we'll focus on the Keto and UserRepo parts.
// If needed, we can refactor KratosAdminService to an interface.
svc := NewUserGroupService(mockRepo, mockUserRepo, nil, mockKeto, nil)
groupID := "group-1"
mockRepo.On("FindByID", mock.Anything, groupID).Return(&domain.UserGroup{ID: groupID, Name: "Test"}, nil)
tuples := []RelationTuple{
{Object: groupID, Relation: "members", SubjectID: "User:u1"},
}
mockKeto.On("ListRelations", mock.Anything, "UserGroup", groupID, "members", "").Return(tuples, nil)
// User u1 not in local DB
mockUserRepo.On("FindByIDs", mock.Anything, []string{"u1"}).Return([]domain.User{}, nil)
group, err := svc.Get(context.Background(), groupID)
assert.NoError(t, err)
assert.NotNil(t, group)
// Members should be empty since Kratos is nil in this test setup
assert.Len(t, group.Members, 0)
}