Files
wehub-resource-sync 4cddfcf2f3
Backend Tests / Tests (other) (push) Failing after 1s
Backend Tests / Static Checks (push) Failing after 2s
Backend Tests / Tests (internal) (push) Failing after 2s
Backend Tests / Tests (server) (push) Failing after 1s
Backend Tests / Tests (store) (push) Failing after 1s
Build Canary Image / build-frontend (push) Failing after 1s
Frontend Tests / Lint (push) Failing after 1s
Build Canary Image / build-push (linux/amd64) (push) Has been skipped
Build Canary Image / build-push (linux/arm64) (push) Has been skipped
Build Canary Image / merge (push) Has been skipped
Frontend Tests / Build (push) Failing after 1s
Release Please / release-please (push) Failing after 0s
Proto Linter / Lint Protos (push) Failing after 2s
chore: import upstream snapshot with attribution
2026-07-13 12:02:24 +08:00

35 lines
1.2 KiB
Go

package auth
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
)
// TestAuthenticateNoCredentials covers the store-free paths: absent or malformed
// credentials must resolve to "unauthenticated" without touching the store.
// Token-valid paths are exercised by the API/fileserver integration tests.
func TestAuthenticateNoCredentials(t *testing.T) {
ctx := context.Background()
a := &Authenticator{secret: "test-secret"} // nil store: these paths never reach it.
t.Run("Authenticate returns nil without an Authorization header", func(t *testing.T) {
assert.Nil(t, a.Authenticate(ctx, ""))
})
t.Run("Authenticate returns nil for a malformed bearer token", func(t *testing.T) {
assert.Nil(t, a.Authenticate(ctx, "Bearer not-a-valid-jwt"))
})
t.Run("AuthenticateToUser returns nil without any credentials", func(t *testing.T) {
user, err := a.AuthenticateToUser(ctx, "", "")
assert.NoError(t, err)
assert.Nil(t, user)
})
t.Run("AuthenticateToUser returns nil for a malformed bearer and no cookie", func(t *testing.T) {
user, err := a.AuthenticateToUser(ctx, "Bearer not-a-valid-jwt", "")
assert.NoError(t, err)
assert.Nil(t, user)
})
}