OneAuth/tests/auth_test.go

package tests

import (
	"encoding/json"
	"testing"
)

func TestAuth(t *testing.T) {
	// Ensure base users are created (Admin, User1, User2)
	ensureUsers(t)

	// Test Temp User Lifecycle
	tempUser := "temp_user"
	tempPass := "password123"
	tempEmail := "temp@test.com"

	// 1. Register Temp User
	t.Run("Register Temp User", func(t *testing.T) {
		resp := doRequest(t, "POST", "/api/auth/register", map[string]string{
			"username": tempUser,
			"password": tempPass,
			"email":    tempEmail,
		}, "")

		// If user exists from previous run, that's fine, but in clean run it should be 200
		if resp.Code != 200 {
			var r struct {
				Code int `json:"code"`
			}
			json.Unmarshal(resp.Body.Bytes(), &r)
			if r.Code != 40003 && r.Code != 40001 {
				t.Errorf("Expected 40003 or 40001, got %d", r.Code)
			}
		} else {
			assertStatus(t, resp, 200)
		}
	})

	// 2. Login Temp User
	var tempToken string
	var tempID string

	t.Run("Login Temp User", func(t *testing.T) {
		resp := doRequest(t, "POST", "/api/auth/login", map[string]string{
			"username": tempUser,
			"password": tempPass,
		}, "")
		assertStatus(t, resp, 200)
		t.Logf("Login Response: %s", resp.Body.String())

		var data LoginResp
		decodeResponse(t, resp, &data)
		tempToken = data.AccessToken
	})

	if tempToken == "" {
		t.Fatal("Failed to get temp token, skipping remaining auth tests")
	}

	// 3. Get User Info
	t.Run("Get Temp User Info", func(t *testing.T) {
		resp := doRequest(t, "GET", "/api/auth/me", nil, tempToken)
		assertStatus(t, resp, 200)

		var data UserResp
		decodeResponse(t, resp, &data)
		tempID = data.ID
	})

	// 4. Update User Info
	t.Run("Update Temp User Info", func(t *testing.T) {
		resp := doRequest(t, "PATCH", "/api/users/"+tempID, map[string]string{
			"nickname": "Temp Nickname",
		}, tempToken)
		assertStatus(t, resp, 200)
	})

	// 5. Logout
	t.Run("Logout Temp User", func(t *testing.T) {
		resp := doRequest(t, "POST", "/api/auth/logout", map[string]interface{}{}, tempToken)
		assertStatus(t, resp, 200)
	})

	// 6. Verify Token Invalid after Logout (Optional, depends on implementation)
	// If logout blacklist is implemented, this should fail with 401
}
refactor(test): restructure integration tests for auth and permissions - Move and split 'auth/auth_test.go' into the 'tests/' directory - Add 'tests/main_test.go' for global test suite setup - Add 'tests/helpers_test.go' for shared test utilities - Create separate test files for different auth scenarios ('auth_test.go', 'none_auth_test.go') - Add focused tests for org permissions and middleware ('org_permission_test.go', 'resource_perm_test.go', 'org_load_middleware_test.go') 1 week ago			`package tests`

			`import (`
			`"encoding/json"`
			`"testing"`
			`)`

			`func TestAuth(t *testing.T) {`
			`// Ensure base users are created (Admin, User1, User2)`
			`ensureUsers(t)`

			`// Test Temp User Lifecycle`
			`tempUser := "temp_user"`
			`tempPass := "password123"`
			`tempEmail := "temp@test.com"`

			`// 1. Register Temp User`
			`t.Run("Register Temp User", func(t *testing.T) {`
			`resp := doRequest(t, "POST", "/api/auth/register", map[string]string{`
			`"username": tempUser,`
			`"password": tempPass,`
			`"email": tempEmail,`
			`}, "")`

			`// If user exists from previous run, that's fine, but in clean run it should be 200`
			`if resp.Code != 200 {`
			`var r struct {`
			Code int `json:"code"`
			`}`
			`json.Unmarshal(resp.Body.Bytes(), &r)`
			`if r.Code != 40003 && r.Code != 40001 {`
			`t.Errorf("Expected 40003 or 40001, got %d", r.Code)`
			`}`
			`} else {`
			`assertStatus(t, resp, 200)`
			`}`
			`})`

			`// 2. Login Temp User`
			`var tempToken string`
			`var tempID string`

			`t.Run("Login Temp User", func(t *testing.T) {`
			`resp := doRequest(t, "POST", "/api/auth/login", map[string]string{`
			`"username": tempUser,`
			`"password": tempPass,`
			`}, "")`
			`assertStatus(t, resp, 200)`
			`t.Logf("Login Response: %s", resp.Body.String())`

			`var data LoginResp`
			`decodeResponse(t, resp, &data)`
			`tempToken = data.AccessToken`
			`})`

			`if tempToken == "" {`
			`t.Fatal("Failed to get temp token, skipping remaining auth tests")`
			`}`

			`// 3. Get User Info`
			`t.Run("Get Temp User Info", func(t *testing.T) {`
			`resp := doRequest(t, "GET", "/api/auth/me", nil, tempToken)`
			`assertStatus(t, resp, 200)`

			`var data UserResp`
			`decodeResponse(t, resp, &data)`
			`tempID = data.ID`
			`})`

			`// 4. Update User Info`
			`t.Run("Update Temp User Info", func(t *testing.T) {`
			`resp := doRequest(t, "PATCH", "/api/users/"+tempID, map[string]string{`
			`"nickname": "Temp Nickname",`
			`}, tempToken)`
			`assertStatus(t, resp, 200)`
			`})`

			`// 5. Logout`
			`t.Run("Logout Temp User", func(t *testing.T) {`
			`resp := doRequest(t, "POST", "/api/auth/logout", map[string]interface{}{}, tempToken)`
			`assertStatus(t, resp, 200)`
			`})`

			`// 6. Verify Token Invalid after Logout (Optional, depends on implementation)`
			`// If logout blacklist is implemented, this should fail with 401`
			`}`