Code cleanup and testing.

2025-04-20 11:16:18 -04:00 · 2025-04-20 11:16:18 -04:00 · 47ed381b64
commit 47ed381b64
parent 5245c9484b
9 changed files with 65 additions and 32 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -15,7 +15,7 @@ import (
 	"github.com/labstack/echo/v4"
 )

-// LoadAuthenticatedUser loads the authenticated user, if one, and stores in context
+// LoadAuthenticatedUser loads the authenticated user, if one, and stores in context.
 func LoadAuthenticatedUser(authClient *services.AuthClient) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@ -41,7 +41,7 @@ func LoadAuthenticatedUser(authClient *services.AuthClient) echo.MiddlewareFunc
 // LoadValidPasswordToken loads a valid password token entity that matches the user and token
 // provided in path parameters
 // If the token is invalid, the user will be redirected to the forgot password route
-// This requires that the user owning the token is loaded in to context
+// This requires that the user owning the token is loaded in to context.
 func LoadValidPasswordToken(authClient *services.AuthClient) echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
@ -51,13 +51,13 @@ func LoadValidPasswordToken(authClient *services.AuthClient) echo.MiddlewareFunc
 			}
 			usr := c.Get(context.UserKey).(*ent.User)

-			// Extract the token ID
+			// Extract the token ID.
 			tokenID, err := strconv.Atoi(c.Param("password_token"))
 			if err != nil {
 				return echo.NewHTTPError(http.StatusNotFound)
 			}

-			// Attempt to load a valid password token
+			// Attempt to load a valid password token.
 			token, err := authClient.GetValidPasswordToken(
 				c,
 				usr.ID,
@ -82,7 +82,7 @@ func LoadValidPasswordToken(authClient *services.AuthClient) echo.MiddlewareFunc
 	}
 }

-// RequireAuthentication requires that the user be authenticated in order to proceed
+// RequireAuthentication requires that the user be authenticated in order to proceed.
 func RequireAuthentication(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		if u := c.Get(context.AuthenticatedUserKey); u == nil {
@ -93,7 +93,7 @@ func RequireAuthentication(next echo.HandlerFunc) echo.HandlerFunc {
 	}
 }

-// RequireNoAuthentication requires that the user not be authenticated in order to proceed
+// RequireNoAuthentication requires that the user not be authenticated in order to proceed.
 func RequireNoAuthentication(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		if u := c.Get(context.AuthenticatedUserKey); u != nil {
@ -104,13 +104,12 @@ func RequireNoAuthentication(next echo.HandlerFunc) echo.HandlerFunc {
 	}
 }

-// RequireAdmin requires that the user be an admin in order to proceed.
+// RequireAdmin requires that the authenticated user be an admin in order to proceed.
 func RequireAdmin(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		if u := c.Get(context.AuthenticatedUserKey); u != nil {
 			if user, ok := u.(*ent.User); ok {
 				if user.Admin {
-					// TODO tests
 					return next(c)
 				}
 			}
--- a/pkg/middleware/auth_test.go
+++ b/pkg/middleware/auth_test.go
@ -1,6 +1,7 @@
 package middleware

 import (
+	goctx "context"
 	"fmt"
 	"net/http"
 	"testing"
@ -40,7 +41,7 @@ func TestRequireAuthentication(t *testing.T) {
 	tests.InitSession(ctx)

 	// Not logged in
-	err := tests.ExecuteMiddleware(ctx, RequireAuthentication())
+	err := tests.ExecuteMiddleware(ctx, RequireAuthentication)
 	tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)

 	// Login
@ -49,7 +50,7 @@ func TestRequireAuthentication(t *testing.T) {
 	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))

 	// Logged in
-	err = tests.ExecuteMiddleware(ctx, RequireAuthentication())
+	err = tests.ExecuteMiddleware(ctx, RequireAuthentication)
 	assert.Nil(t, err)
 }

@ -58,7 +59,7 @@ func TestRequireNoAuthentication(t *testing.T) {
 	tests.InitSession(ctx)

 	// Not logged in
-	err := tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
+	err := tests.ExecuteMiddleware(ctx, RequireNoAuthentication)
 	assert.Nil(t, err)

 	// Login
@ -67,7 +68,7 @@ func TestRequireNoAuthentication(t *testing.T) {
 	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))

 	// Logged in
-	err = tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
+	err = tests.ExecuteMiddleware(ctx, RequireNoAuthentication)
 	tests.AssertHTTPErrorCode(t, err, http.StatusForbidden)
 }

@ -109,3 +110,36 @@ func TestLoadValidPasswordToken(t *testing.T) {
 	require.True(t, ok)
 	assert.Equal(t, pt.ID, ctxPt.ID)
 }
+
+func TestRequireAdmin(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	tests.InitSession(ctx)
+
+	// Not logged in
+	err := tests.ExecuteMiddleware(ctx, RequireAdmin)
+	tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)
+
+	// Login as a non-admin
+	err = c.Auth.Login(ctx, usr.ID)
+	require.NoError(t, err)
+	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))
+
+	// Logged in as a non-admin
+	err = tests.ExecuteMiddleware(ctx, RequireAdmin)
+	tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)
+
+	// Create an admin and login
+	adm, err := tests.CreateUser(c.ORM)
+	require.NoError(t, err)
+	err = c.ORM.User.Update().
+		SetAdmin(true).
+		Exec(goctx.Background())
+	require.NoError(t, err)
+	err = c.Auth.Login(ctx, adm.ID)
+	require.NoError(t, err)
+	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))
+
+	// Logged in as an admin
+	err = tests.ExecuteMiddleware(ctx, RequireAdmin)
+	assert.Nil(t, err)
+}