package authclient import ( "context" "encoding/json" "net/http" "net/http/httptest" "testing" "git.threesix.ai/jordan/sp4-debug-1770477266/pkg/httpclient" "git.threesix.ai/jordan/sp4-debug-1770477266/pkg/logging" ) func TestClient_Validate_Success(t *testing.T) { // Create a mock auth-svc server server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/api/auth-svc/validate" { t.Errorf("unexpected path: %s", r.URL.Path) } if r.Method != http.MethodPost { t.Errorf("unexpected method: %s", r.Method) } authHeader := r.Header.Get("Authorization") if authHeader != "Bearer valid-token" { w.WriteHeader(http.StatusUnauthorized) json.NewEncoder(w).Encode(map[string]any{"error": "invalid token"}) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(ValidateResponse{ Data: ValidateData{ UserID: "user-123", Email: "test@example.com", Roles: []string{"admin"}, Scopes: []string{"read"}, }, }) })) defer server.Close() client := &Client{ baseURL: server.URL, httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}), logger: logging.Nop(), } user, err := client.Validate(context.Background(), "valid-token") if err != nil { t.Fatalf("unexpected error: %v", err) } if user.ID != "user-123" { t.Errorf("expected user ID 'user-123', got '%s'", user.ID) } if user.Email != "test@example.com" { t.Errorf("expected email 'test@example.com', got '%s'", user.Email) } if len(user.Roles) != 1 || user.Roles[0] != "admin" { t.Errorf("expected roles [admin], got %v", user.Roles) } } func TestClient_Validate_InvalidToken(t *testing.T) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusUnauthorized) w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]any{"error": "invalid token"}) })) defer server.Close() client := &Client{ baseURL: server.URL, httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}), logger: logging.Nop(), } _, err := client.Validate(context.Background(), "bad-token") if err == nil { t.Fatal("expected error for invalid token") } } func TestClient_Validate_ServerError(t *testing.T) { server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusInternalServerError) })) defer server.Close() client := &Client{ baseURL: server.URL, httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}), logger: logging.Nop(), } _, err := client.Validate(context.Background(), "some-token") if err == nil { t.Fatal("expected error for server error") } } func TestClient_Validate_BearerTokenPassedCorrectly(t *testing.T) { var receivedAuth string server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { receivedAuth = r.Header.Get("Authorization") w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(ValidateResponse{ Data: ValidateData{UserID: "user-1"}, }) })) defer server.Close() client := &Client{ baseURL: server.URL, httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}), logger: logging.Nop(), } _, err := client.Validate(context.Background(), "my-token-123") if err != nil { t.Fatalf("unexpected error: %v", err) } if receivedAuth != "Bearer my-token-123" { t.Errorf("expected 'Bearer my-token-123', got '%s'", receivedAuth) } }