forked from baron/baron-sso
109 lines
3.0 KiB
Go
109 lines
3.0 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
)
|
|
|
|
// helper to build a Fiber app with the handler route mounted.
|
|
func newTestApp(h *AuthHandler) *fiber.App {
|
|
app := fiber.New()
|
|
app.Post("/api/v1/auth/password/reset/complete", h.CompletePasswordReset)
|
|
return app
|
|
}
|
|
|
|
func TestCompletePasswordReset_MissingLoginID(t *testing.T) {
|
|
h := &AuthHandler{}
|
|
app := newTestApp(h)
|
|
|
|
body, _ := json.Marshal(map[string]string{
|
|
"newPassword": "Password1!",
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/password/reset/complete", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := app.Test(req)
|
|
if err != nil {
|
|
t.Fatalf("request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Fatalf("expected 400 for missing loginId, got %d", resp.StatusCode)
|
|
}
|
|
|
|
var got map[string]string
|
|
if err := json.NewDecoder(resp.Body).Decode(&got); err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
if got["error"] != "Login ID and new password are required" {
|
|
t.Fatalf("unexpected error message: %v", got["error"])
|
|
}
|
|
}
|
|
|
|
func TestCompletePasswordReset_InvalidPasswordPolicy(t *testing.T) {
|
|
h := &AuthHandler{}
|
|
app := newTestApp(h)
|
|
|
|
body, _ := json.Marshal(map[string]string{
|
|
"newPassword": "short", // too short + missing complexity
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/password/reset/complete?loginId=user@example.com", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := app.Test(req)
|
|
if err != nil {
|
|
t.Fatalf("request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Fatalf("expected 400 for weak password, got %d", resp.StatusCode)
|
|
}
|
|
|
|
var got map[string]string
|
|
if err := json.NewDecoder(resp.Body).Decode(&got); err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
if got["error"] != "Password must be at least 8 characters long" {
|
|
t.Fatalf("unexpected error message: %v", got["error"])
|
|
}
|
|
}
|
|
|
|
func TestCompletePasswordReset_NilDescopeClient(t *testing.T) {
|
|
h := &AuthHandler{} // DescopeClient intentionally nil to hit the configuration error branch
|
|
app := newTestApp(h)
|
|
|
|
body, _ := json.Marshal(map[string]string{
|
|
"newPassword": "StrongPass1!",
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/password/reset/complete?loginId=user@example.com", bytes.NewReader(body))
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
resp, err := app.Test(req)
|
|
if err != nil {
|
|
t.Fatalf("request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusInternalServerError {
|
|
t.Fatalf("expected 500 when Descope client is nil, got %d", resp.StatusCode)
|
|
}
|
|
|
|
var got map[string]string
|
|
if err := json.NewDecoder(resp.Body).Decode(&got); err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
if got["error"] != "Authentication service not configured" {
|
|
t.Fatalf("unexpected error message: %v", got["error"])
|
|
}
|
|
}
|