|
| 1 | +package userroutes |
| 2 | + |
| 3 | +import ( |
| 4 | + "net/http" |
| 5 | + "net/http/httptest" |
| 6 | + "testing" |
| 7 | + |
| 8 | + "github.com/go-chi/chi/v5" |
| 9 | + "github.com/golang/mock/gomock" |
| 10 | + "github.com/teleclimber/DropServer/cmd/ds-host/domain" |
| 11 | + "github.com/teleclimber/DropServer/cmd/ds-host/testmocks" |
| 12 | +) |
| 13 | + |
| 14 | +func TestMustBeAdminNoAuth(t *testing.T) { |
| 15 | + a := AdminRoutes{} |
| 16 | + router := chi.NewMux() |
| 17 | + router.Use(a.mustBeAdmin) |
| 18 | + router.Get("/", func(w http.ResponseWriter, r *http.Request) {}) |
| 19 | + |
| 20 | + req, err := http.NewRequest(http.MethodGet, "/", nil) |
| 21 | + if err != nil { |
| 22 | + t.Fatal(err) |
| 23 | + } |
| 24 | + |
| 25 | + rr := httptest.NewRecorder() |
| 26 | + router.ServeHTTP(rr, req) |
| 27 | + |
| 28 | + if rr.Result().StatusCode != http.StatusUnauthorized { |
| 29 | + t.Errorf("expected Unauthorized got status %v", rr.Result().Status) |
| 30 | + } |
| 31 | +} |
| 32 | + |
| 33 | +func TestMustBeAdminForbidden(t *testing.T) { |
| 34 | + mockCtrl := gomock.NewController(t) |
| 35 | + defer mockCtrl.Finish() |
| 36 | + |
| 37 | + reqUid := domain.UserID(7) |
| 38 | + |
| 39 | + um := testmocks.NewMockUserModel(mockCtrl) |
| 40 | + um.EXPECT().IsAdmin(reqUid).Return(false) |
| 41 | + a := AdminRoutes{ |
| 42 | + UserModel: um} |
| 43 | + |
| 44 | + router := chi.NewMux() |
| 45 | + router.Use(a.mustBeAdmin) |
| 46 | + router.Get("/", func(w http.ResponseWriter, r *http.Request) {}) |
| 47 | + |
| 48 | + req, err := http.NewRequest(http.MethodGet, "/", nil) |
| 49 | + if err != nil { |
| 50 | + t.Fatal(err) |
| 51 | + } |
| 52 | + req = req.WithContext(domain.CtxWithAuthUserID(req.Context(), reqUid)) |
| 53 | + |
| 54 | + rr := httptest.NewRecorder() |
| 55 | + router.ServeHTTP(rr, req) |
| 56 | + |
| 57 | + if rr.Result().StatusCode != http.StatusForbidden { |
| 58 | + t.Errorf("expected Forbidden got status %v", rr.Result().Status) |
| 59 | + } |
| 60 | +} |
0 commit comments