template-monorepo/test/e2e/auth_test.go

//go:build e2e

package e2e

import (
	"encoding/json"
	"net/http"
	"testing"

	"github.com/stretchr/testify/require"
)

// TestZZZ_AuthTokenRefreshAndLogout runs last (separate go test invocation).
// It uses an isolated refresh so seed tokens used by member/permission stay valid.
func TestZZZ_AuthTokenRefreshAndLogout(t *testing.T) {
	c := isolatedAuthClient(t)

	refreshEnv := c.DoExpectOK(t, http.MethodPost, "/api/v1/auth/token/refresh", map[string]string{
		"refresh_token": c.Fixture.RefreshToken,
	}, false)
	var pair struct {
		AccessToken  string `json:"access_token"`
		RefreshToken string `json:"refresh_token"`
		UID          string `json:"uid"`
	}
	require.NoError(t, json.Unmarshal(refreshEnv.Data, &pair))
	require.Equal(t, c.Fixture.UID, pair.UID)

	c.Fixture.AccessToken = pair.AccessToken
	c.Fixture.RefreshToken = pair.RefreshToken

	c.DoExpectOK(t, http.MethodGet, "/api/v1/members/me", nil, true)
	c.DoExpectOK(t, http.MethodPost, "/api/v1/auth/logout", nil, true)

	resp, env := c.Do(t, http.MethodGet, "/api/v1/members/me", nil, true)
	require.Equal(t, http.StatusUnauthorized, resp.StatusCode)
	require.NotEqual(t, int64(successCode), env.Code)
}

func TestAuth_MissingBearer_401(t *testing.T) {
	c := NewClient(t)
	resp, env := c.Do(t, http.MethodGet, "/api/v1/members/me", nil, false)
	require.Equal(t, http.StatusUnauthorized, resp.StatusCode)
	require.NotEqual(t, int64(successCode), env.Code)
}

func TestAuth_PublicValidationErrors(t *testing.T) {
	c := NewClient(t)

	cases := []struct {
		name string
		path string
		body any
	}{
		{
			name: "register missing required fields",
			path: "/api/v1/auth/register",
			body: map[string]any{},
		},
		{
			name: "login invalid email and password",
			path: "/api/v1/auth/login",
			body: map[string]any{
				"tenant_slug": c.Fixture.TenantSlug,
				"email":       "not-an-email",
				"password":    "short",
			},
		},
		{
			name: "token refresh missing token",
			path: "/api/v1/auth/token/refresh",
			body: map[string]any{},
		},
		{
			name: "social login invalid provider",
			path: "/api/v1/auth/login/social/start",
			body: map[string]any{
				"tenant_slug":  c.Fixture.TenantSlug,
				"provider":     "github",
				"redirect_uri": "http://127.0.0.1/callback",
			},
		},
	}

	for _, tc := range cases {
		t.Run(tc.name, func(t *testing.T) {
			env := c.DoExpectHTTP(t, http.MethodPost, tc.path, tc.body, false, http.StatusBadRequest)
			require.NotEqual(t, int64(successCode), env.Code)
		})
	}
}
add member totp 2026-05-21 23:52:39 +00:00			`//go:build e2e`

			`package e2e`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`)`

			`// TestZZZ_AuthTokenRefreshAndLogout runs last (separate go test invocation).`
			`// It uses an isolated refresh so seed tokens used by member/permission stay valid.`
			`func TestZZZ_AuthTokenRefreshAndLogout(t *testing.T) {`
			`c := isolatedAuthClient(t)`

			`refreshEnv := c.DoExpectOK(t, http.MethodPost, "/api/v1/auth/token/refresh", map[string]string{`
			`"refresh_token": c.Fixture.RefreshToken,`
			`}, false)`
			`var pair struct {`
			AccessToken string `json:"access_token"`
			RefreshToken string `json:"refresh_token"`
			UID string `json:"uid"`
			`}`
			`require.NoError(t, json.Unmarshal(refreshEnv.Data, &pair))`
			`require.Equal(t, c.Fixture.UID, pair.UID)`

			`c.Fixture.AccessToken = pair.AccessToken`
			`c.Fixture.RefreshToken = pair.RefreshToken`

			`c.DoExpectOK(t, http.MethodGet, "/api/v1/members/me", nil, true)`
			`c.DoExpectOK(t, http.MethodPost, "/api/v1/auth/logout", nil, true)`

			`resp, env := c.Do(t, http.MethodGet, "/api/v1/members/me", nil, true)`
			`require.Equal(t, http.StatusUnauthorized, resp.StatusCode)`
			`require.NotEqual(t, int64(successCode), env.Code)`
			`}`

			`func TestAuth_MissingBearer_401(t *testing.T) {`
			`c := NewClient(t)`
			`resp, env := c.Do(t, http.MethodGet, "/api/v1/members/me", nil, false)`
			`require.Equal(t, http.StatusUnauthorized, resp.StatusCode)`
			`require.NotEqual(t, int64(successCode), env.Code)`
			`}`

			`func TestAuth_PublicValidationErrors(t *testing.T) {`
			`c := NewClient(t)`

			`cases := []struct {`
			`name string`
			`path string`
			`body any`
			`}{`
			`{`
			`name: "register missing required fields",`
			`path: "/api/v1/auth/register",`
			`body: map[string]any{},`
			`},`
			`{`
			`name: "login invalid email and password",`
			`path: "/api/v1/auth/login",`
			`body: map[string]any{`
			`"tenant_slug": c.Fixture.TenantSlug,`
			`"email": "not-an-email",`
			`"password": "short",`
			`},`
			`},`
			`{`
			`name: "token refresh missing token",`
			`path: "/api/v1/auth/token/refresh",`
			`body: map[string]any{},`
			`},`
			`{`
			`name: "social login invalid provider",`
			`path: "/api/v1/auth/login/social/start",`
			`body: map[string]any{`
			`"tenant_slug": c.Fixture.TenantSlug,`
			`"provider": "github",`
			`"redirect_uri": "http://127.0.0.1/callback",`
			`},`
			`},`
			`}`

			`for _, tc := range cases {`
			`t.Run(tc.name, func(t *testing.T) {`
			`env := c.DoExpectHTTP(t, http.MethodPost, tc.path, tc.body, false, http.StatusBadRequest)`
			`require.NotEqual(t, int64(successCode), env.Code)`
			`})`
			`}`
			`}`