adminfront/devfront code-check 오류 수정

2026-06-10 15:19:34 +09:00
parent 85c2eb1690
commit e9af231fb0
5 changed files with 188 additions and 152 deletions
--- a/backend/internal/handler/auth_handler_link_test.go
+++ b/backend/internal/handler/auth_handler_link_test.go
@@ -3,7 +3,6 @@ package handler
 import (
 	"baron-sso-backend/internal/domain"
 	"baron-sso-backend/internal/service"
-	"baron-sso-backend/internal/testsupport"
 	"bytes"
 	"encoding/json"
 	"io"
@@ -50,35 +49,37 @@ func newHeadlessLinkTestApp(h *AuthHandler) *fiber.App {
 	return app
 }

-func newKratosWhoamiTestServer(t *testing.T, identityID string) *httptest.Server {
+func newKratosWhoamiTestServer(t *testing.T, identityID string) string {
 	t.Helper()
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/sessions/whoami" {
-			http.NotFound(w, r)
-			return
-		}
-		if r.Header.Get("Cookie") == "" && r.Header.Get("X-Session-Token") == "" {
-			http.Error(w, "missing session", http.StatusUnauthorized)
-			return
-		}
-		_ = json.NewEncoder(w).Encode(map[string]any{
-			"id":               "session-123",
-			"authenticated_at": "2026-05-21T00:00:00Z",
-			"identity": map[string]any{
-				"id": identityID,
-				"traits": map[string]any{
-					"email": "user@example.com",
-				},
-			},
-		})
-	}))
 	origDefaultClient := http.DefaultClient
-	http.DefaultClient = server.Client()
+	http.DefaultClient = &http.Client{
+		Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+			if r.URL.Path != "/sessions/whoami" {
+				return httpResponse(r, http.StatusNotFound, "not found"), nil
+			}
+			if r.Header.Get("Cookie") == "" && r.Header.Get("X-Session-Token") == "" {
+				return httpResponse(r, http.StatusUnauthorized, "missing session"), nil
+			}
+			body, err := json.Marshal(map[string]any{
+				"id":               "session-123",
+				"authenticated_at": "2026-05-21T00:00:00Z",
+				"identity": map[string]any{
+					"id": identityID,
+					"traits": map[string]any{
+						"email": "user@example.com",
+					},
+				},
+			})
+			if err != nil {
+				return nil, err
+			}
+			return httpResponse(r, http.StatusOK, string(body)), nil
+		}),
+	}
 	t.Cleanup(func() {
 		http.DefaultClient = origDefaultClient
 	})
-	t.Cleanup(server.Close)
-	return server
+	return "http://kratos.test"
 }

 func TestEnchantedLinkFlow_Email_Success(t *testing.T) {
@@ -215,8 +216,7 @@ func TestVerifyMagicLink_VerifyOnlySharedBrowserSameSubjectApprovesOnly(t *testi
 	redis := &mockRedisRepo{data: map[string]string{
 		prefixToken + "token-123": `{"pendingRef":"pending-123","loginId":"user@example.com"}`,
 	}}
-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-user-1")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-user-1"))

 	h := &AuthHandler{
 		RedisService: redis,
@@ -248,8 +248,7 @@ func TestVerifyMagicLink_VerifyOnlySharedBrowserDifferentSubjectApprovesOnly(t *
 	redis := &mockRedisRepo{data: map[string]string{
 		prefixToken + "token-123": `{"pendingRef":"pending-123","loginId":"user@example.com"}`,
 	}}
-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-other-user")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-other-user"))

 	h := &AuthHandler{
 		RedisService: redis,
@@ -302,8 +301,7 @@ func TestVerifyLoginCode_VerifyOnlySharedBrowserDifferentSubjectApprovesOnly(t *
 		prefixLoginCodePending + "user@example.com": "pending-123",
 		prefixLoginCodeValue + "pending-123":        "569765",
 	}}
-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-other-user")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-other-user"))

 	h := &AuthHandler{
 		RedisService: redis,
@@ -393,8 +391,7 @@ func TestPollEnchantedLink_SharedBrowserSameSubjectIssuesSession(t *testing.T) {
 	redis := &mockRedisRepo{data: map[string]string{
 		prefixSession + "pending-123": `{"status":"approved","loginId":"user@example.com"}`,
 	}}
-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-user-1")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-user-1"))

 	h := &AuthHandler{
 		RedisService: redis,
@@ -425,8 +422,7 @@ func TestPollEnchantedLink_SharedBrowserDifferentSubjectConflicts(t *testing.T)
 	redis := &mockRedisRepo{data: map[string]string{
 		prefixSession + "pending-123": `{"status":"approved","loginId":"user@example.com"}`,
 	}}
-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-other-user")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-other-user"))

 	h := &AuthHandler{
 		RedisService: redis,
@@ -456,18 +452,11 @@ func TestPollEnchantedLink_SharedBrowserDifferentSubjectConflicts(t *testing.T)
 func TestHeadlessLinkInit_HeadlessLoginClientSuccess(t *testing.T) {
 	t.Setenv("BACKEND_PUBLIC_URL", "")

-	if !testsupport.PortBindingAvailable() {
-		t.Skip("skipping headless link tests because this environment cannot bind local TCP listeners")
-	}
-
 	redis := &mockRedisRepo{data: make(map[string]string)}
 	privateKey, jwks := mustHeadlessRSAJWK(t)
 	jwksBody, _ := json.Marshal(jwks)
-	jwksServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-		_, _ = w.Write(jwksBody)
-	}))
-	defer jwksServer.Close()
+	jwksClient := newJWKSHTTPClient(t, jwksBody)
+	jwksURI := jwksURL()

 	idp := &mockIdpProvider{
 		userExists:      true,
@@ -485,7 +474,7 @@ func TestHeadlessLinkInit_HeadlessLoginClientSuccess(t *testing.T) {
 						"status":                              "active",
 						"headless_login_enabled":              true,
 						"headless_token_endpoint_auth_method": "private_key_jwt",
-						"headless_jwks_uri":                   jwksServer.URL + "/.well-known/jwks.json",
+						"headless_jwks_uri":                   jwksURI,
 					},
 				},
 			})
@@ -497,6 +486,7 @@ func TestHeadlessLinkInit_HeadlessLoginClientSuccess(t *testing.T) {
 	h := &AuthHandler{
 		RedisService: redis,
 		IdpProvider:  idp,
+		HeadlessJWKS: service.NewHeadlessJWKSCacheService(nil, jwksClient),
 		SmsService:   &mockSmsService{},
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
@@ -529,10 +519,6 @@ func TestHeadlessLinkInit_HeadlessLoginClientSuccess(t *testing.T) {
 func TestHeadlessLinkPoll_AfterApprovalReturnsRedirect(t *testing.T) {
 	t.Setenv("BACKEND_PUBLIC_URL", "")

-	if !testsupport.PortBindingAvailable() {
-		t.Skip("skipping headless link tests because this environment cannot bind local TCP listeners")
-	}
-
 	redis := &mockRedisRepo{data: make(map[string]string)}
 	privateKey, jwks := mustHeadlessRSAJWK(t)
 	jwksBody, _ := json.Marshal(jwks)
@@ -659,10 +645,6 @@ func TestHeadlessLinkPoll_AfterApprovalReturnsRedirect(t *testing.T) {
 func TestHeadlessLinkPoll_ApproverSubjectConflictBlocksMixedRP(t *testing.T) {
 	t.Setenv("BACKEND_PUBLIC_URL", "")

-	if !testsupport.PortBindingAvailable() {
-		t.Skip("skipping headless link tests because this environment cannot bind local TCP listeners")
-	}
-
 	redis := &mockRedisRepo{data: make(map[string]string)}
 	privateKey, jwks := mustHeadlessRSAJWK(t)
 	jwksBody, _ := json.Marshal(jwks)
@@ -748,8 +730,7 @@ func TestHeadlessLinkPoll_ApproverSubjectConflictBlocksMixedRP(t *testing.T) {
 	}
 	assert.NotEmpty(t, token)

-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-userfront-a")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-userfront-a"))

 	verifyBody, _ := json.Marshal(map[string]any{
 		"token":      token,
@@ -785,10 +766,6 @@ func TestHeadlessLinkPoll_ApproverSubjectConflictBlocksMixedRP(t *testing.T) {
 func TestHeadlessLinkPoll_RequestCookieSubjectConflictBlocksMixedRP(t *testing.T) {
 	t.Setenv("BACKEND_PUBLIC_URL", "")

-	if !testsupport.PortBindingAvailable() {
-		t.Skip("skipping headless link tests because this environment cannot bind local TCP listeners")
-	}
-
 	redis := &mockRedisRepo{data: make(map[string]string)}
 	privateKey, jwks := mustHeadlessRSAJWK(t)
 	jwksBody, _ := json.Marshal(jwks)
@@ -880,8 +857,7 @@ func TestHeadlessLinkPoll_RequestCookieSubjectConflictBlocksMixedRP(t *testing.T
 	resp, _ = app.Test(req, -1)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)

-	kratosPublic := newKratosWhoamiTestServer(t, "kratos-userfront-a")
-	t.Setenv("KRATOS_PUBLIC_URL", kratosPublic.URL)
+	t.Setenv("KRATOS_PUBLIC_URL", newKratosWhoamiTestServer(t, "kratos-userfront-a"))

 	pollBody, _ := json.Marshal(map[string]string{
 		"client_id":        "headless-login-client",