mirror of
https://github.com/SamyRai/tercul-backend.git
synced 2025-12-27 05:11:34 +00:00
24d48396ca
* Fix workflow triggers to use 'main' branch instead of 'master' * Switch to semantic version tags for GitHub Actions instead of SHAs for better maintainability * Fix golangci-lint by adding go mod tidy and specifying paths ./... for linting * feat: Restructure workflows following Single Responsibility Principle - Remove old monolithic workflows (ci.yml, ci-cd.yml, cd.yml) - Add focused workflows: lint.yml, test.yml, build.yml, security.yml, docker-build.yml, deploy.yml - Each workflow has a single, clear responsibility - Follow 2025 best practices with semantic versioning, OIDC auth, build attestations - Add comprehensive README.md with workflow documentation - Configure Dependabot for automated dependency updates Workflows now run independently and can be triggered separately for better CI/CD control. * fix: Resolve CI/CD workflow failures and GraphQL integration test issues - Fix Application struct mismatch in application_builder.go - Add global config.Cfg variable and BleveIndexPath field - Regenerate GraphQL code to fix ProcessArgField errors - Add search.InitBleve() call in main.go - Fix all errcheck issues (12 total) in main.go files and test files - Fix staticcheck issues (deprecated handler.NewDefaultServer, tagged switch) - Remove all unused code (50 unused items including mock implementations) - Fix GraphQL 'transport not supported' error in integration tests - Add comprehensive database cleanup for integration tests - Update GraphQL server setup with proper error presenter * feat: Complete backend CI/CD workflow setup - Add comprehensive GitHub Actions workflows for Go backend - Build workflow with binary compilation and attestation - Test workflow with coverage reporting and race detection - Lint workflow with golangci-lint and security scanning - Docker build workflow with multi-architecture support - Deploy workflow for production deployment - Security workflow with vulnerability scanning - All workflows follow Single Responsibility Principle - Use semantic versioning and latest action versions - Enable security features: OIDC auth, attestations, minimal permissions * fix: correct Go build path to ./cmd/api - Fix build workflow to target ./cmd/api instead of ./cmd - The main.go file is located in cmd/api/ subdirectory * fix: correct Dockerfile build path to ./cmd/api - Fix Docker build to target ./cmd/api instead of root directory - The main.go file is located in cmd/api/ subdirectory
117 lines
3.3 KiB
Go
117 lines
3.3 KiB
Go
package graphql_test
|
|
|
|
import (
|
|
"context"
|
|
"os"
|
|
"tercul/internal/adapters/graphql"
|
|
"tercul/internal/app"
|
|
"tercul/internal/app/auth"
|
|
"tercul/internal/domain"
|
|
platform_auth "tercul/internal/platform/auth"
|
|
"tercul/internal/testutil"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/suite"
|
|
)
|
|
|
|
type AuthMutationTestSuite struct {
|
|
testutil.IntegrationTestSuite
|
|
App *app.Application
|
|
resolver graphql.MutationResolver
|
|
}
|
|
|
|
func TestAuthMutations(t *testing.T) {
|
|
suite.Run(t, new(AuthMutationTestSuite))
|
|
}
|
|
|
|
func (s *AuthMutationTestSuite) SetupSuite() {
|
|
s.IntegrationTestSuite.SetupSuite(&testutil.TestConfig{
|
|
DBPath: "auth_mutations_test.db",
|
|
})
|
|
s.App = s.IntegrationTestSuite.App
|
|
}
|
|
|
|
func (s *AuthMutationTestSuite) TearDownSuite() {
|
|
s.IntegrationTestSuite.TearDownSuite()
|
|
_ = os.Remove("auth_mutations_test.db")
|
|
}
|
|
|
|
func (s *AuthMutationTestSuite) SetupTest() {
|
|
s.IntegrationTestSuite.SetupTest()
|
|
s.resolver = (&graphql.Resolver{App: s.App}).Mutation()
|
|
}
|
|
|
|
func (s *AuthMutationTestSuite) TestChangePassword() {
|
|
// Helper to create a user for tests
|
|
createUser := func(username, email, password string) *domain.User {
|
|
resp, err := s.App.Auth.Commands.Register(context.Background(), auth.RegisterInput{
|
|
Username: username,
|
|
Email: email,
|
|
Password: password,
|
|
})
|
|
s.Require().NoError(err)
|
|
return resp.User
|
|
}
|
|
|
|
// Helper to create a context with JWT claims
|
|
contextWithClaims := func(user *domain.User) context.Context {
|
|
return testutil.ContextWithClaims(context.Background(), &platform_auth.Claims{
|
|
UserID: user.ID,
|
|
Role: string(user.Role),
|
|
})
|
|
}
|
|
|
|
s.Run("Success", func() {
|
|
// Arrange
|
|
initialPassword := "password123"
|
|
newPassword := "newPassword456"
|
|
user := createUser("testuser-changepw", "testuser.changepw@test.com", initialPassword)
|
|
ctx := contextWithClaims(user)
|
|
|
|
// Act
|
|
success, err := s.resolver.ChangePassword(ctx, initialPassword, newPassword)
|
|
|
|
// Assert
|
|
s.Require().NoError(err)
|
|
s.True(success)
|
|
|
|
// Verify the password change by trying to log in with the new and old passwords
|
|
_, err = s.App.Auth.Commands.Login(context.Background(), auth.LoginInput{Email: user.Email, Password: newPassword})
|
|
s.NoError(err, "Login with new password should succeed")
|
|
|
|
_, err = s.App.Auth.Commands.Login(context.Background(), auth.LoginInput{Email: user.Email, Password: initialPassword})
|
|
s.Error(err, "Login with old password should fail")
|
|
s.ErrorIs(err, auth.ErrInvalidCredentials)
|
|
})
|
|
|
|
s.Run("Incorrect current password", func() {
|
|
// Arrange
|
|
initialPassword := "password123"
|
|
newPassword := "newPassword456"
|
|
user := createUser("testuser-wrongpw", "testuser.wrongpw@test.com", initialPassword)
|
|
ctx := contextWithClaims(user)
|
|
|
|
// Act
|
|
success, err := s.resolver.ChangePassword(ctx, "wrong-password", newPassword)
|
|
|
|
// Assert
|
|
s.Require().Error(err)
|
|
s.False(success)
|
|
s.ErrorIs(err, auth.ErrInvalidCredentials)
|
|
|
|
// Verify the password was not changed
|
|
_, loginErr := s.App.Auth.Commands.Login(context.Background(), auth.LoginInput{Email: user.Email, Password: initialPassword})
|
|
s.NoError(loginErr, "Login with original password should still succeed")
|
|
})
|
|
|
|
s.Run("Unauthenticated user", func() {
|
|
// Act
|
|
success, err := s.resolver.ChangePassword(context.Background(), "any-password", "any-new-password")
|
|
|
|
// Assert
|
|
s.Require().Error(err)
|
|
s.False(success)
|
|
s.ErrorIs(err, domain.ErrUnauthorized)
|
|
})
|
|
}
|