cleanup

2026-06-05 04:52:59 +00:00 · 2026-05-05 09:48:07 +02:00
parent d854614a87
commit 48c3e15a38
295 changed files with 178381 additions and 1039 deletions
@@ -0,0 +1,88 @@
+package auth
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"bookra/apps/auth-service/internal/db"
+
+	"github.com/google/uuid"
+)
+
+func TestGenerateTokensProducesVerifiableAccessAndRefreshTokens(t *testing.T) {
+	service := NewService(nil, nil, "test-secret", "http://localhost:3000")
+	name := "Token Tester"
+	user := &db.User{
+		ID:    uuid.MustParse("019daeaa-bc14-7712-9224-e347a96bd5c3"),
+		Email: "tester@bookra.dev",
+		Name:  &name,
+	}
+
+	tokens, err := service.generateTokensAt(user, time.Now().UTC())
+	if err != nil {
+		t.Fatalf("generate tokens: %v", err)
+	}
+
+	accessClaims, err := service.VerifyToken(tokens.AccessToken)
+	if err != nil {
+		t.Fatalf("verify access token: %v", err)
+	}
+	if accessClaims.Type != "access" {
+		t.Fatalf("expected access type, got %s", accessClaims.Type)
+	}
+
+	refreshClaims, err := service.VerifyRefreshToken(tokens.RefreshToken)
+	if err != nil {
+		t.Fatalf("verify refresh token: %v", err)
+	}
+	if refreshClaims.Type != "refresh" {
+		t.Fatalf("expected refresh type, got %s", refreshClaims.Type)
+	}
+
+	if _, err := service.VerifyToken(tokens.RefreshToken); err == nil {
+		t.Fatal("expected refresh token to fail access verification")
+	}
+	if _, err := service.VerifyRefreshToken(tokens.AccessToken); err == nil {
+		t.Fatal("expected access token to fail refresh verification")
+	}
+}
+
+func TestRefreshTokensReturnsRotatedPair(t *testing.T) {
+	service := NewService(nil, nil, "test-secret", "http://localhost:3000")
+	user := &db.User{
+		ID:    uuid.MustParse("019daeaa-bc14-7712-9224-e347a96bd5c3"),
+		Email: "tester@bookra.dev",
+	}
+
+	original, err := service.generateTokens(user)
+	if err != nil {
+		t.Fatalf("generate tokens: %v", err)
+	}
+
+	refreshed, err := service.RefreshTokens(context.Background(), original.RefreshToken)
+	if err != nil {
+		t.Fatalf("refresh tokens: %v", err)
+	}
+
+	if refreshed.AccessToken == original.AccessToken {
+		t.Fatal("expected rotated access token")
+	}
+	if refreshed.RefreshToken == original.RefreshToken {
+		t.Fatal("expected rotated refresh token")
+	}
+	if _, err := service.VerifyToken(refreshed.AccessToken); err != nil {
+		t.Fatalf("verify refreshed access token: %v", err)
+	}
+	if _, err := service.VerifyRefreshToken(refreshed.RefreshToken); err != nil {
+		t.Fatalf("verify refreshed refresh token: %v", err)
+	}
+}
+
+func TestRefreshTokensRejectsInvalidToken(t *testing.T) {
+	service := NewService(nil, nil, "test-secret", "http://localhost:3000")
+
+	if _, err := service.RefreshTokens(context.Background(), "bad-token"); err == nil {
+		t.Fatal("expected invalid refresh token error")
+	}
+}