dev 병합 code-check 오류 수정

backend/internal/handler/auth_handler_consent_test.go

@@ -1,8 +1,10 @@
 package handler
 
 import (
+	"baron-sso-backend/internal/domain"
 	"baron-sso-backend/internal/service"
 	"bytes"
+	"context"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
@@ -13,6 +15,121 @@ import (
 	"github.com/stretchr/testify/mock"
 )
 
+// --- Mocks ---
+
+type MockKratosAdminServiceForConsent struct {
+	mock.Mock
+}
+
+func (m *MockKratosAdminServiceForConsent) FindIdentityIDByIdentifier(ctx context.Context, identifier string) (string, error) {
+	args := m.Called(ctx, identifier)
+	return args.String(0), args.Error(1)
+}
+
+func (m *MockKratosAdminServiceForConsent) GetIdentity(ctx context.Context, id string) (*service.KratosIdentity, error) {
+	args := m.Called(ctx, id)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*service.KratosIdentity), args.Error(1)
+}
+
+func (m *MockKratosAdminServiceForConsent) ListIdentities(ctx context.Context) ([]service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) UpdateIdentity(ctx context.Context, identityID string, traits map[string]interface{}, state string) (*service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) CreateIdentity(ctx context.Context, traits map[string]interface{}) (*service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) DeleteIdentity(ctx context.Context, identityID string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) UpdateIdentityPassword(ctx context.Context, identityID, newPassword string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) ListIdentitySessions(ctx context.Context, identityID string) ([]service.KratosSession, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) GetSession(ctx context.Context, sessionID string) (*service.KratosSession, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) DeleteSession(ctx context.Context, sessionID string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) CreateUser(ctx context.Context, user *domain.BrokerUser, password string) (string, error) {
+	return "", nil
+}
+
+type MockTenantServiceForConsent struct {
+	mock.Mock
+}
+
+func (m *MockTenantServiceForConsent) GetTenant(ctx context.Context, id string) (*domain.Tenant, error) {
+	args := m.Called(ctx, id)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) GetTenantBySlug(ctx context.Context, slug string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) GetTenantByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) ListTenants(ctx context.Context, limit, offset int, parentID string) ([]domain.Tenant, int64, error) {
+	return nil, 0, nil
+}
+
+func (m *MockTenantServiceForConsent) RegisterTenant(ctx context.Context, name, slug, tenantType, description string, domains []string, parentID *string, creatorID string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) RequestRegistration(ctx context.Context, name, slug, description string, domainName string, adminEmail string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) ApproveTenant(ctx context.Context, id string) error {
+	return nil
+}
+
+func (m *MockTenantServiceForConsent) ListManageableTenants(ctx context.Context, userID string) ([]domain.Tenant, error) {
+	args := m.Called(ctx, userID)
+	return args.Get(0).([]domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) ListJoinedTenants(ctx context.Context, userID string) ([]domain.Tenant, error) {
+	args := m.Called(ctx, userID)
+	return args.Get(0).([]domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) IsDomainAllowed(ctx context.Context, domainName string) (bool, error) {
+	return false, nil
+}
+
+func (m *MockTenantServiceForConsent) ProvisionTenantByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) SetKetoService(keto service.KetoService) {}
+
+func (m *MockTenantServiceForConsent) DeleteTenantsBulk(ctx context.Context, ids []string) error {
+	return nil
+}
+
 // --- Test Helpers ---
 
 func newConsentTestApp(h *AuthHandler) *fiber.App {
@@ -100,11 +217,36 @@ func TestGetConsentRequest_AddsMandatoryTenantScope(t *testing.T) {
 	http.DefaultClient = client
 	defer func() { http.DefaultClient = origDefault }()
 
+	mockTenantSvc := &MockTenantServiceForConsent{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
+
+	// Mock profile resolution to allow tenant access
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+		ID: "user-123",
+		Traits: map[string]interface{}{
+			"email": "user@example.com",
+		},
+	}, nil)
+
+	mockTenantSvc.On("GetTenant", mock.Anything, "tenant-allow").Return(&domain.Tenant{
+		ID:   "tenant-allow",
+		Slug: "tenant-allow",
+		Name: "Allowed Tenant",
+	}, nil)
+
+	// Mock hydration calls
+	mockTenantSvc.On("ListJoinedTenants", mock.Anything, mock.Anything).Return([]domain.Tenant{
+		{ID: "tenant-allow", Slug: "tenant-allow", Name: "Allowed Tenant"},
+	}, nil)
+	mockTenantSvc.On("ListManageableTenants", mock.Anything, mock.Anything).Return([]domain.Tenant{}, nil)
+
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
+		TenantService: mockTenantSvc,
+		KratosAdmin:   mockKratosAdmin,
 	}
 	app := newConsentTestApp(h)
 
@@ -163,16 +305,17 @@ func TestGetConsentRequest_Skip_AutoAccept(t *testing.T) {
 	defer func() { http.DefaultClient = origDefault }()
 
 	consentRepo := &mockConsentRepo{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
 
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService), // Reusing MockKratosAdminService if defined or use MockKratosAdminServiceShared
+		KratosAdmin: mockKratosAdmin,
 		ConsentRepo: consentRepo,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",
@@ -199,7 +342,8 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {
 				"requested_scope": []string{"openid", "profile"},
 				"subject":         "user-123",
 				"client": map[string]interface{}{
-					"client_id": "client-app",
+					"client_id":   "client-app",
+					"client_name": "Test App",
 				},
 			}), nil
 		}
@@ -226,17 +370,18 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {
 
 	auditRepo := &mockAuditRepo{}
 	consentRepo := &mockConsentRepo{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
 
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService),
+		KratosAdmin: mockKratosAdmin,
 		AuditRepo:   auditRepo,
 		ConsentRepo: consentRepo,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",
@@ -260,6 +405,8 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {
 }
 
 func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
+	t.Setenv("APP_ENV", "dev")
+
 	var capturedGrantScopes []string
 
 	transport := roundTripFunc(func(r *http.Request) (*http.Response, error) {
@@ -309,14 +456,16 @@ func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
 	http.DefaultClient = client
 	defer func() { http.DefaultClient = origDefault }()
 
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
+
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService),
+		KratosAdmin: mockKratosAdmin,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",

backend/internal/handler/client_tenant_access_test.go

@@ -184,6 +184,7 @@ func TestGetConsentRequest_DeniesTenantAccess(t *testing.T) {
 	app := fiber.New()
 	app.Get("/api/v1/auth/consent", h.GetConsentRequest)
 
+	t.Setenv("APP_ENV", "dev")
 	req := httptest.NewRequest(http.MethodGet, "/api/v1/auth/consent?consent_challenge=challenge-tenant", nil)
 	req.Header.Set("X-Mock-Role", "user")
 	req.Header.Set("X-Tenant-ID", "tenant-a")

backend/internal/idp/factory.go

@@ -13,47 +13,47 @@ import (
 
 // Ory 계열(kratos/hydra) 공급자 문자열을 정규화하기 위한 매핑.
 var providerAliases = map[string]string{
-        "ory":         "ory",
-        "hydra":       "ory",
-        "kratos":      "ory",
-        "ory-kratos":  "ory",
-        "ory_hydra":   "ory",
-        "ory_kratos":  "ory",
+	"ory":        "ory",
+	"hydra":      "ory",
+	"kratos":     "ory",
+	"ory-kratos": "ory",
+	"ory_hydra":  "ory",
+	"ory_kratos": "ory",
 }
 
 // getEnv는 환경 변수를 읽거나 대체 값을 반환하는 헬퍼 함수입니다.
 func getEnv(key, fallback string) string {
-        if value, ok := os.LookupEnv(key); ok {
-                return value
-        }
-        return fallback
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
 }
 
 // InitializeProvider는 환경 설정을 기반으로 IDP 공급자를 생성하고 반환합니다.
 // 이것은 IdentityProvider 인터페이스의 팩토리 역할을 합니다.
 func InitializeProvider() (domain.IdentityProvider, error) {
-        rawProviders := getEnv("IDP_PROVIDER", "ory")
-        providers := strings.Split(rawProviders, ",")
-        slog.Info("Initializing IDP chain", "providers", rawProviders)
+	rawProviders := getEnv("IDP_PROVIDER", "ory")
+	providers := strings.Split(rawProviders, ",")
+	slog.Info("Initializing IDP chain", "providers", rawProviders)
 
-        var initialized []domain.IdentityProvider
-        for _, p := range providers {
-                providerName := strings.TrimSpace(strings.ToLower(p))
-                if canonical, ok := providerAliases[providerName]; ok {
-                        providerName = canonical
-                }
+	var initialized []domain.IdentityProvider
+	for _, p := range providers {
+		providerName := strings.TrimSpace(strings.ToLower(p))
+		if canonical, ok := providerAliases[providerName]; ok {
+			providerName = canonical
+		}
 
-                switch providerName {
-                case "ory":
-                        // Kratos/Hydra 주 공급자
-                        oryProvider := service.NewOryProvider()
-                        initialized = append(initialized, oryProvider)
+		switch providerName {
+		case "ory":
+			// Kratos/Hydra 주 공급자
+			oryProvider := service.NewOryProvider()
+			initialized = append(initialized, oryProvider)
 
-                default:
-                        // 알 수 없는 공급자는 건너뛰고 다음 후보를 시도
-                        slog.Warn("Skipping unsupported IDP provider entry", "provider", providerName)
-                }
-        }
+		default:
+			// 알 수 없는 공급자는 건너뛰고 다음 후보를 시도
+			slog.Warn("Skipping unsupported IDP provider entry", "provider", providerName)
+		}
+	}
 	if len(initialized) == 0 {
 		return nil, fmt.Errorf("no valid IDP_PROVIDER entries configured from: %s", rawProviders)
 	}

backend/internal/repository/main_test.go

@@ -63,7 +63,7 @@ func TestMain(m *testing.M) {
 	}
 
 	// Auto-migrate
-	err = db.AutoMigrate(&domain.Tenant{}, &domain.TenantDomain{}, &domain.User{})
+	err = db.AutoMigrate(&domain.Tenant{}, &domain.TenantDomain{}, &domain.User{}, &domain.ClientConsent{})
 	if err != nil {
 		log.Fatalf("failed to migrate database: %s", err)
 	}