dev 병합 code-check 오류 수정

2026-04-28 13:23:40 +09:00
parent 6be0914b65
commit eae3e0bd2a
13 changed files with 349 additions and 67 deletions
--- a/backend/internal/handler/auth_handler_consent_test.go
+++ b/backend/internal/handler/auth_handler_consent_test.go
@@ -1,8 +1,10 @@
 package handler

 import (
+	"baron-sso-backend/internal/domain"
 	"baron-sso-backend/internal/service"
 	"bytes"
+	"context"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
@@ -13,6 +15,121 @@ import (
 	"github.com/stretchr/testify/mock"
 )

+// --- Mocks ---
+
+type MockKratosAdminServiceForConsent struct {
+	mock.Mock
+}
+
+func (m *MockKratosAdminServiceForConsent) FindIdentityIDByIdentifier(ctx context.Context, identifier string) (string, error) {
+	args := m.Called(ctx, identifier)
+	return args.String(0), args.Error(1)
+}
+
+func (m *MockKratosAdminServiceForConsent) GetIdentity(ctx context.Context, id string) (*service.KratosIdentity, error) {
+	args := m.Called(ctx, id)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*service.KratosIdentity), args.Error(1)
+}
+
+func (m *MockKratosAdminServiceForConsent) ListIdentities(ctx context.Context) ([]service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) UpdateIdentity(ctx context.Context, identityID string, traits map[string]interface{}, state string) (*service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) CreateIdentity(ctx context.Context, traits map[string]interface{}) (*service.KratosIdentity, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) DeleteIdentity(ctx context.Context, identityID string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) UpdateIdentityPassword(ctx context.Context, identityID, newPassword string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) ListIdentitySessions(ctx context.Context, identityID string) ([]service.KratosSession, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) GetSession(ctx context.Context, sessionID string) (*service.KratosSession, error) {
+	return nil, nil
+}
+
+func (m *MockKratosAdminServiceForConsent) DeleteSession(ctx context.Context, sessionID string) error {
+	return nil
+}
+
+func (m *MockKratosAdminServiceForConsent) CreateUser(ctx context.Context, user *domain.BrokerUser, password string) (string, error) {
+	return "", nil
+}
+
+type MockTenantServiceForConsent struct {
+	mock.Mock
+}
+
+func (m *MockTenantServiceForConsent) GetTenant(ctx context.Context, id string) (*domain.Tenant, error) {
+	args := m.Called(ctx, id)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(*domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) GetTenantBySlug(ctx context.Context, slug string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) GetTenantByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) ListTenants(ctx context.Context, limit, offset int, parentID string) ([]domain.Tenant, int64, error) {
+	return nil, 0, nil
+}
+
+func (m *MockTenantServiceForConsent) RegisterTenant(ctx context.Context, name, slug, tenantType, description string, domains []string, parentID *string, creatorID string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) RequestRegistration(ctx context.Context, name, slug, description string, domainName string, adminEmail string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) ApproveTenant(ctx context.Context, id string) error {
+	return nil
+}
+
+func (m *MockTenantServiceForConsent) ListManageableTenants(ctx context.Context, userID string) ([]domain.Tenant, error) {
+	args := m.Called(ctx, userID)
+	return args.Get(0).([]domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) ListJoinedTenants(ctx context.Context, userID string) ([]domain.Tenant, error) {
+	args := m.Called(ctx, userID)
+	return args.Get(0).([]domain.Tenant), args.Error(1)
+}
+
+func (m *MockTenantServiceForConsent) IsDomainAllowed(ctx context.Context, domainName string) (bool, error) {
+	return false, nil
+}
+
+func (m *MockTenantServiceForConsent) ProvisionTenantByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
+	return nil, nil
+}
+
+func (m *MockTenantServiceForConsent) SetKetoService(keto service.KetoService) {}
+
+func (m *MockTenantServiceForConsent) DeleteTenantsBulk(ctx context.Context, ids []string) error {
+	return nil
+}
+
 // --- Test Helpers ---

 func newConsentTestApp(h *AuthHandler) *fiber.App {
@@ -100,11 +217,36 @@ func TestGetConsentRequest_AddsMandatoryTenantScope(t *testing.T) {
 	http.DefaultClient = client
 	defer func() { http.DefaultClient = origDefault }()

+	mockTenantSvc := &MockTenantServiceForConsent{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
+
+	// Mock profile resolution to allow tenant access
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+		ID: "user-123",
+		Traits: map[string]interface{}{
+			"email": "user@example.com",
+		},
+	}, nil)
+
+	mockTenantSvc.On("GetTenant", mock.Anything, "tenant-allow").Return(&domain.Tenant{
+		ID:   "tenant-allow",
+		Slug: "tenant-allow",
+		Name: "Allowed Tenant",
+	}, nil)
+
+	// Mock hydration calls
+	mockTenantSvc.On("ListJoinedTenants", mock.Anything, mock.Anything).Return([]domain.Tenant{
+		{ID: "tenant-allow", Slug: "tenant-allow", Name: "Allowed Tenant"},
+	}, nil)
+	mockTenantSvc.On("ListManageableTenants", mock.Anything, mock.Anything).Return([]domain.Tenant{}, nil)
+
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
+		TenantService: mockTenantSvc,
+		KratosAdmin:   mockKratosAdmin,
 	}
 	app := newConsentTestApp(h)

@@ -163,16 +305,17 @@ func TestGetConsentRequest_Skip_AutoAccept(t *testing.T) {
 	defer func() { http.DefaultClient = origDefault }()

 	consentRepo := &mockConsentRepo{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}

 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService), // Reusing MockKratosAdminService if defined or use MockKratosAdminServiceShared
+		KratosAdmin: mockKratosAdmin,
 		ConsentRepo: consentRepo,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",
@@ -199,7 +342,8 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {
 				"requested_scope": []string{"openid", "profile"},
 				"subject":         "user-123",
 				"client": map[string]interface{}{
-					"client_id": "client-app",
+					"client_id":   "client-app",
+					"client_name": "Test App",
 				},
 			}), nil
 		}
@@ -226,17 +370,18 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {

 	auditRepo := &mockAuditRepo{}
 	consentRepo := &mockConsentRepo{}
+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}

 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService),
+		KratosAdmin: mockKratosAdmin,
 		AuditRepo:   auditRepo,
 		ConsentRepo: consentRepo,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",
@@ -260,6 +405,8 @@ func TestAcceptConsentRequest_Normal(t *testing.T) {
 }

 func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
+	t.Setenv("APP_ENV", "dev")
+
 	var capturedGrantScopes []string

 	transport := roundTripFunc(func(r *http.Request) (*http.Response, error) {
@@ -309,14 +456,16 @@ func TestAcceptConsentRequest_EnforcesMandatoryTenantScope(t *testing.T) {
 	http.DefaultClient = client
 	defer func() { http.DefaultClient = origDefault }()

+	mockKratosAdmin := &MockKratosAdminServiceForConsent{}
+
 	h := &AuthHandler{
 		Hydra: &service.HydraAdminService{
 			AdminURL:   "http://hydra.test",
 			HTTPClient: client,
 		},
-		KratosAdmin: new(MockKratosAdminService),
+		KratosAdmin: mockKratosAdmin,
 	}
-	h.KratosAdmin.(*MockKratosAdminService).On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
+	mockKratosAdmin.On("GetIdentity", mock.Anything, "user-123").Return(&service.KratosIdentity{
 		ID: "user-123",
 		Traits: map[string]interface{}{
 			"email": "user@test.com",
--- a/backend/internal/handler/client_tenant_access_test.go
+++ b/backend/internal/handler/client_tenant_access_test.go
@@ -184,6 +184,7 @@ func TestGetConsentRequest_DeniesTenantAccess(t *testing.T) {
 	app := fiber.New()
 	app.Get("/api/v1/auth/consent", h.GetConsentRequest)

+	t.Setenv("APP_ENV", "dev")
 	req := httptest.NewRequest(http.MethodGet, "/api/v1/auth/consent?consent_challenge=challenge-tenant", nil)
 	req.Header.Set("X-Mock-Role", "user")
 	req.Header.Set("X-Tenant-ID", "tenant-a")