barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-30 02:17:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: add tests for resources controller

Browse Source
This commit is contained in:
Stavros
2026-03-28 20:34:38 +02:00
parent 39beed706b
commit 23e0da96a6
3 changed files with 87 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/controller/oidc_controller_test.go
View File

@@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"net/http/httptest" "net/http/httptest"
"net/url" "net/url"
"os"
"strings" "strings"
"testing" "testing"
@@ -457,4 +458,16 @@ func TestOIDCController(t *testing.T) {
test.run(t, router, recorder) test.run(t, router, recorder)
}) })
} }
err = db.Close()
assert.NoError(t, err)
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
err = os.Remove(oidcServiceCfg.PrivateKeyPath)
assert.NoError(t, err)
err = os.Remove(oidcServiceCfg.PublicKeyPath)
assert.NoError(t, err)
} }

105
internal/controller/resources_controller_test.go
View File

@@ -5,55 +5,84 @@ import (
"os" "os"
"testing" "testing"
"github.com/steveiliop56/tinyauth/internal/controller"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"gotest.tools/v3/assert" "github.com/steveiliop56/tinyauth/internal/controller"
"github.com/stretchr/testify/assert"
) )
func TestResourcesHandler(t *testing.T) { func TestResourcesController(t *testing.T) {
// Setup resourcesControllerCfg := controller.ResourcesControllerConfig{
gin.SetMode(gin.TestMode) Path: "/tmp/testfiles",
router := gin.New()
group := router.Group("/")
ctrl := controller.NewResourcesController(controller.ResourcesControllerConfig{
Path: "/tmp/tinyauth",
Enabled: true, Enabled: true,
}, group) }
ctrl.SetupRoutes()
// Create test data type testCase struct {
err := os.Mkdir("/tmp/tinyauth", 0755) description string
assert.NilError(t, err) run func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder)
defer os.RemoveAll("/tmp/tinyauth") }
file, err := os.Create("/tmp/tinyauth/test.txt") tests := []testCase{
assert.NilError(t, err) {
description: "Ensure resources endpoint returns 200 OK for existing file",
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
req := httptest.NewRequest("GET", "/resources/testfile.txt", nil)
router.ServeHTTP(recorder, req)
_, err = file.WriteString("This is a test file.") assert.Equal(t, 200, recorder.Code)
assert.NilError(t, err) assert.Equal(t, "This is a test file.", recorder.Body.String())
file.Close() },
},
{
description: "Ensure resources endpoint returns 404 Not Found for non-existing file",
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
req := httptest.NewRequest("GET", "/resources/nonexistent.txt", nil)
router.ServeHTTP(recorder, req)
// Test existing file assert.Equal(t, 404, recorder.Code)
req := httptest.NewRequest("GET", "/resources/test.txt", nil) },
recorder := httptest.NewRecorder() },
router.ServeHTTP(recorder, req) {
description: "Ensure resources controller denies path traversal",
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
req := httptest.NewRequest("GET", "/resources/../somefile.txt", nil)
router.ServeHTTP(recorder, req)
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 404, recorder.Code)
assert.Equal(t, "This is a test file.", recorder.Body.String()) },
},
}
// Test non-existing file err := os.MkdirAll(resourcesControllerCfg.Path, 0777)
req = httptest.NewRequest("GET", "/resources/nonexistent.txt", nil) assert.NoError(t, err)
recorder = httptest.NewRecorder()
router.ServeHTTP(recorder, req)
assert.Equal(t, 404, recorder.Code) testFilePath := resourcesControllerCfg.Path + "/testfile.txt"
err = os.WriteFile(testFilePath, []byte("This is a test file."), 0777)
assert.NoError(t, err)
// Test directory traversal attack testFilePathParent := resourcesControllerCfg.Path + "/../somefile.txt"
req = httptest.NewRequest("GET", "/resources/../etc/passwd", nil) err = os.WriteFile(testFilePathParent, []byte("This file should not be accessible."), 0777)
recorder = httptest.NewRecorder() assert.NoError(t, err)
router.ServeHTTP(recorder, req)
assert.Equal(t, 404, recorder.Code) for _, test := range tests {
t.Run(test.description, func(t *testing.T) {
router := gin.Default()
group := router.Group("/")
gin.SetMode(gin.TestMode)
resourcesController := controller.NewResourcesController(resourcesControllerCfg, group)
resourcesController.SetupRoutes()
recorder := httptest.NewRecorder()
test.run(t, router, recorder)
})
}
err = os.Remove(testFilePath)
assert.NoError(t, err)
err = os.Remove(testFilePathParent)
assert.NoError(t, err)
err = os.Remove(resourcesControllerCfg.Path)
assert.NoError(t, err)
} }

7
internal/controller/user_controller_test.go
View File

@@ -3,6 +3,7 @@ package controller_test
import ( import (
"encoding/json" "encoding/json"
"net/http/httptest" "net/http/httptest"
"os"
"slices" "slices"
"strings" "strings"
"testing" "testing"
@@ -344,4 +345,10 @@ func TestUserController(t *testing.T) {
test.run(t, router, recorder) test.run(t, router, recorder)
}) })
} }
err = db.Close()
assert.NoError(t, err)
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
} }