mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-06-25 04:40:15 +00:00
CodeRabbit Generated Unit Tests: Add unit tests
This commit is contained in:
coderabbitai[bot]
committed by
GitHub
GitHub
parent
c3461131f5
commit
bdc0a60116
@@ -8,7 +8,105 @@ import (
|
||||
"github.com/tinyauthapp/tinyauth/internal/utils/logger"
|
||||
)
|
||||
|
||||
func TestIsEmailWhitelistedUsesProviderSpecificList(t *testing.T) {
|
||||
func newTestAuthService(whitelist []string) *AuthService {
|
||||
log := logger.NewLogger().WithTestConfig()
|
||||
log.Init()
|
||||
return &AuthService{
|
||||
log: log,
|
||||
runtime: model.RuntimeConfig{
|
||||
OAuthWhitelist: whitelist,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsEmailWhitelisted(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
whitelist []string
|
||||
email string
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
name: "empty whitelist denies all",
|
||||
whitelist: []string{},
|
||||
email: "user@example.com",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "nil whitelist denies all",
|
||||
whitelist: nil,
|
||||
email: "user@example.com",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "matching email is allowed",
|
||||
whitelist: []string{"user@example.com"},
|
||||
email: "user@example.com",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "non-matching email is denied",
|
||||
whitelist: []string{"user@example.com"},
|
||||
email: "other@example.com",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "multiple entries, matching email is allowed",
|
||||
whitelist: []string{"alice@example.com", "bob@example.com"},
|
||||
email: "bob@example.com",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "multiple entries, non-matching email is denied",
|
||||
whitelist: []string{"alice@example.com", "bob@example.com"},
|
||||
email: "charlie@example.com",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "regex pattern matches email",
|
||||
whitelist: []string{"/@example\\.com$/"},
|
||||
email: "anyone@example.com",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "regex pattern does not match different domain",
|
||||
whitelist: []string{"/@example\\.com$/"},
|
||||
email: "anyone@other.com",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "wildcard domain pattern with regex",
|
||||
whitelist: []string{"/^.+@mycompany\\.org$/"},
|
||||
email: "employee@mycompany.org",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "only global whitelist is used, not any per-provider list",
|
||||
whitelist: []string{"global@example.com"},
|
||||
email: "global@example.com",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "whitespace-only entries are handled gracefully",
|
||||
whitelist: []string{" "},
|
||||
email: "user@example.com",
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
auth := newTestAuthService(tt.whitelist)
|
||||
result := auth.IsEmailWhitelisted(tt.email)
|
||||
assert.Equal(t, tt.expected, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestIsEmailWhitelistedNoPerProviderList verifies the new behaviour where
|
||||
// per-provider whitelist overrides are no longer applied; only the global
|
||||
// OAuthWhitelist is consulted regardless of which OAuth provider was used.
|
||||
func TestIsEmailWhitelistedNoPerProviderList(t *testing.T) {
|
||||
log := logger.NewLogger().WithTestConfig()
|
||||
log.Init()
|
||||
|
||||
@@ -16,24 +114,18 @@ func TestIsEmailWhitelistedUsesProviderSpecificList(t *testing.T) {
|
||||
log: log,
|
||||
runtime: model.RuntimeConfig{
|
||||
OAuthWhitelist: []string{"global@example.com"},
|
||||
// OAuthProviders still present but their Whitelist field has been removed
|
||||
OAuthProviders: map[string]model.OAuthServiceConfig{
|
||||
"github": {
|
||||
Whitelist: []string{"github@example.com"},
|
||||
},
|
||||
"pocketid": {
|
||||
Whitelist: []string{"pocket@example.com"},
|
||||
},
|
||||
"gitlab": {
|
||||
Whitelist: []string{},
|
||||
ClientID: "github-client-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
assert.True(t, auth.IsEmailWhitelisted("github", "github@example.com"))
|
||||
assert.False(t, auth.IsEmailWhitelisted("github", "pocket@example.com"))
|
||||
assert.True(t, auth.IsEmailWhitelisted("pocketid", "pocket@example.com"))
|
||||
assert.True(t, auth.IsEmailWhitelisted("google", "global@example.com"))
|
||||
assert.True(t, auth.IsEmailWhitelisted("gitlab", "global@example.com"))
|
||||
assert.False(t, auth.IsEmailWhitelisted("gitlab", "unknown@example.com"))
|
||||
// Global whitelist allows this email regardless of provider
|
||||
assert.True(t, auth.IsEmailWhitelisted("global@example.com"))
|
||||
// Global whitelist denies this email even though it was previously
|
||||
// allowed by a provider-specific list in the old implementation
|
||||
assert.False(t, auth.IsEmailWhitelisted("provider-only@example.com"))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user