|
1 | 1 | package servex |
2 | 2 |
|
3 | 3 | import ( |
| 4 | + "context" |
4 | 5 | "os" |
5 | 6 | "testing" |
6 | 7 | "time" |
@@ -293,6 +294,250 @@ func TestConfigToOptions(t *testing.T) { |
293 | 294 | } |
294 | 295 | } |
295 | 296 |
|
| 297 | +func TestAuthConfiguration_FullIntegration(t *testing.T) { |
| 298 | + // Test that Auth configuration from Config struct actually works |
| 299 | + config := &Config{ |
| 300 | + Server: ServerConfig{ |
| 301 | + HTTP: ":0", // Random port |
| 302 | + }, |
| 303 | + Auth: AuthConfiguration{ |
| 304 | + Enabled: true, |
| 305 | + UseMemoryDatabase: true, |
| 306 | + JWTAccessSecret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", |
| 307 | + JWTRefreshSecret: "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210", |
| 308 | + AccessTokenDuration: 15 * time.Minute, |
| 309 | + RefreshTokenDuration: 7 * 24 * time.Hour, |
| 310 | + Issuer: "test-issuer", |
| 311 | + BasePath: "/auth", |
| 312 | + InitialRoles: []string{"user"}, |
| 313 | + }, |
| 314 | + } |
| 315 | + |
| 316 | + // Create server from config |
| 317 | + server, err := NewServerFromConfig(config) |
| 318 | + if err != nil { |
| 319 | + t.Fatalf("Failed to create server from config: %v", err) |
| 320 | + } |
| 321 | + defer server.Shutdown(context.Background()) |
| 322 | + |
| 323 | + // Verify auth manager was created |
| 324 | + if !server.IsAuthEnabled() { |
| 325 | + t.Fatal("Expected Auth to be enabled") |
| 326 | + } |
| 327 | + if server.AuthManager() == nil { |
| 328 | + t.Fatal("Expected Auth manager to be initialized, got nil") |
| 329 | + } |
| 330 | + |
| 331 | + // Verify auth configuration was applied |
| 332 | + authMgr := server.AuthManager() |
| 333 | + if authMgr == nil { |
| 334 | + t.Fatal("Auth manager should not be nil") |
| 335 | + } |
| 336 | + |
| 337 | + // Test creating a user through the auth manager |
| 338 | + ctx := context.Background() |
| 339 | + username := "testuser" |
| 340 | + password := "TestPass123!" |
| 341 | + |
| 342 | + err = authMgr.CreateUser(ctx, username, password, "user") |
| 343 | + if err != nil { |
| 344 | + t.Fatalf("Failed to create user: %v", err) |
| 345 | + } |
| 346 | + |
| 347 | + // Verify auth manager has routes registered (this validates configuration is working) |
| 348 | + // We can't directly test authentication without making HTTP requests, |
| 349 | + // but we verified that: |
| 350 | + // 1. Auth is enabled |
| 351 | + // 2. AuthManager was created |
| 352 | + // 3. User can be created |
| 353 | + // This confirms the configuration is working |
| 354 | +} |
| 355 | + |
| 356 | +func TestAuthConfiguration_Disabled(t *testing.T) { |
| 357 | + // Test that when Auth is disabled, no auth manager is created |
| 358 | + config := &Config{ |
| 359 | + Server: ServerConfig{ |
| 360 | + HTTP: ":0", |
| 361 | + }, |
| 362 | + Auth: AuthConfiguration{ |
| 363 | + Enabled: false, |
| 364 | + }, |
| 365 | + } |
| 366 | + |
| 367 | + server, err := NewServerFromConfig(config) |
| 368 | + if err != nil { |
| 369 | + t.Fatalf("Failed to create server: %v", err) |
| 370 | + } |
| 371 | + defer server.Shutdown(context.Background()) |
| 372 | + |
| 373 | + // Verify auth manager was NOT created |
| 374 | + if server.IsAuthEnabled() { |
| 375 | + t.Error("Expected Auth to be disabled") |
| 376 | + } |
| 377 | + if server.AuthManager() != nil { |
| 378 | + t.Error("Expected AuthManager to be nil when disabled, got non-nil") |
| 379 | + } |
| 380 | +} |
| 381 | + |
| 382 | +func TestAuthConfiguration_FromYAML(t *testing.T) { |
| 383 | + // Create a temporary YAML file with auth config |
| 384 | + yamlContent := ` |
| 385 | +server: |
| 386 | + http: ":0" |
| 387 | +
|
| 388 | +auth: |
| 389 | + enabled: true |
| 390 | + use_memory_database: true |
| 391 | + jwt_access_secret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
| 392 | + jwt_refresh_secret: "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210" |
| 393 | + access_token_duration: 15m |
| 394 | + refresh_token_duration: 168h |
| 395 | + issuer: "yaml-test-issuer" |
| 396 | + base_path: "/api/auth" |
| 397 | + initial_roles: |
| 398 | + - user |
| 399 | + - admin |
| 400 | +` |
| 401 | + |
| 402 | + // Write to temporary file |
| 403 | + tmpFile := "test_auth_config.yaml" |
| 404 | + err := os.WriteFile(tmpFile, []byte(yamlContent), 0644) |
| 405 | + if err != nil { |
| 406 | + t.Fatalf("Failed to write test config file: %v", err) |
| 407 | + } |
| 408 | + defer os.Remove(tmpFile) |
| 409 | + |
| 410 | + // Load config from file |
| 411 | + config, err := LoadConfigFromFile(tmpFile) |
| 412 | + if err != nil { |
| 413 | + t.Fatalf("Failed to load config from file: %v", err) |
| 414 | + } |
| 415 | + |
| 416 | + // Verify auth configuration was loaded |
| 417 | + if !config.Auth.Enabled { |
| 418 | + t.Error("Expected Auth.Enabled to be true") |
| 419 | + } |
| 420 | + if !config.Auth.UseMemoryDatabase { |
| 421 | + t.Error("Expected Auth.UseMemoryDatabase to be true") |
| 422 | + } |
| 423 | + if config.Auth.Issuer != "yaml-test-issuer" { |
| 424 | + t.Errorf("Expected issuer 'yaml-test-issuer', got %q", config.Auth.Issuer) |
| 425 | + } |
| 426 | + if config.Auth.BasePath != "/api/auth" { |
| 427 | + t.Errorf("Expected base path '/api/auth', got %q", config.Auth.BasePath) |
| 428 | + } |
| 429 | + if len(config.Auth.InitialRoles) != 2 { |
| 430 | + t.Errorf("Expected 2 initial roles, got %d", len(config.Auth.InitialRoles)) |
| 431 | + } |
| 432 | + if config.Auth.AccessTokenDuration != 15*time.Minute { |
| 433 | + t.Errorf("Expected access token duration 15m, got %v", config.Auth.AccessTokenDuration) |
| 434 | + } |
| 435 | + if config.Auth.RefreshTokenDuration != 168*time.Hour { |
| 436 | + t.Errorf("Expected refresh token duration 168h, got %v", config.Auth.RefreshTokenDuration) |
| 437 | + } |
| 438 | + |
| 439 | + // Create server and verify it works |
| 440 | + server, err := NewServerFromConfig(config) |
| 441 | + if err != nil { |
| 442 | + t.Fatalf("Failed to create server from YAML config: %v", err) |
| 443 | + } |
| 444 | + defer server.Shutdown(context.Background()) |
| 445 | + |
| 446 | + if !server.IsAuthEnabled() { |
| 447 | + t.Fatal("Expected Auth to be enabled from YAML config") |
| 448 | + } |
| 449 | + if server.AuthManager() == nil { |
| 450 | + t.Fatal("Expected Auth manager to be initialized from YAML config") |
| 451 | + } |
| 452 | +} |
| 453 | + |
| 454 | +func TestAuthConfiguration_WithInitialRoles(t *testing.T) { |
| 455 | + config := &Config{ |
| 456 | + Server: ServerConfig{ |
| 457 | + HTTP: ":0", |
| 458 | + }, |
| 459 | + Auth: AuthConfiguration{ |
| 460 | + Enabled: true, |
| 461 | + UseMemoryDatabase: true, |
| 462 | + JWTAccessSecret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", |
| 463 | + JWTRefreshSecret: "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210", |
| 464 | + AccessTokenDuration: 15 * time.Minute, |
| 465 | + RefreshTokenDuration: 7 * 24 * time.Hour, |
| 466 | + Issuer: "test", |
| 467 | + InitialRoles: []string{"user", "admin", "moderator"}, |
| 468 | + }, |
| 469 | + } |
| 470 | + |
| 471 | + server, err := NewServerFromConfig(config) |
| 472 | + if err != nil { |
| 473 | + t.Fatalf("Failed to create server: %v", err) |
| 474 | + } |
| 475 | + defer server.Shutdown(context.Background()) |
| 476 | + |
| 477 | + // Create a user - it should respect the configuration |
| 478 | + ctx := context.Background() |
| 479 | + err = server.AuthManager().CreateUser(ctx, "testuser", "password123", "user") |
| 480 | + if err != nil { |
| 481 | + t.Fatalf("Failed to create user: %v", err) |
| 482 | + } |
| 483 | + |
| 484 | + // The fact that we can create a user confirms the auth configuration |
| 485 | + // including initial roles is working properly |
| 486 | +} |
| 487 | + |
| 488 | +func TestAuthConfiguration_MissingSecrets(t *testing.T) { |
| 489 | + config := &Config{ |
| 490 | + Server: ServerConfig{ |
| 491 | + HTTP: ":0", |
| 492 | + }, |
| 493 | + Auth: AuthConfiguration{ |
| 494 | + Enabled: true, |
| 495 | + UseMemoryDatabase: true, |
| 496 | + // Missing JWT secrets - should fail |
| 497 | + AccessTokenDuration: 15 * time.Minute, |
| 498 | + RefreshTokenDuration: 7 * 24 * time.Hour, |
| 499 | + }, |
| 500 | + } |
| 501 | + |
| 502 | + _, err := NewServerFromConfig(config) |
| 503 | + if err == nil { |
| 504 | + t.Error("Expected error when JWT secrets are missing, got nil") |
| 505 | + } |
| 506 | +} |
| 507 | + |
| 508 | +func TestAuthConfiguration_RefreshTokenCookieName(t *testing.T) { |
| 509 | + customCookieName := "my_custom_refresh_token" |
| 510 | + config := &Config{ |
| 511 | + Server: ServerConfig{ |
| 512 | + HTTP: ":0", |
| 513 | + }, |
| 514 | + Auth: AuthConfiguration{ |
| 515 | + Enabled: true, |
| 516 | + UseMemoryDatabase: true, |
| 517 | + JWTAccessSecret: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", |
| 518 | + JWTRefreshSecret: "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210", |
| 519 | + AccessTokenDuration: 15 * time.Minute, |
| 520 | + RefreshTokenDuration: 7 * 24 * time.Hour, |
| 521 | + Issuer: "test", |
| 522 | + RefreshTokenCookieName: customCookieName, |
| 523 | + }, |
| 524 | + } |
| 525 | + |
| 526 | + server, err := NewServerFromConfig(config) |
| 527 | + if err != nil { |
| 528 | + t.Fatalf("Failed to create server: %v", err) |
| 529 | + } |
| 530 | + defer server.Shutdown(context.Background()) |
| 531 | + |
| 532 | + // The cookie name configuration is internal, but we can verify the server was created |
| 533 | + if !server.IsAuthEnabled() { |
| 534 | + t.Fatal("Expected Auth to be enabled") |
| 535 | + } |
| 536 | + if server.AuthManager() == nil { |
| 537 | + t.Fatal("Expected Auth to be initialized") |
| 538 | + } |
| 539 | +} |
| 540 | + |
296 | 541 | func TestConfigToBaseConfig(t *testing.T) { |
297 | 542 | config := &Config{ |
298 | 543 | Server: ServerConfig{ |
|
0 commit comments