fix(auth): wiring Auth/Sessions, нормализация email, GetUserByID для /me, 409 на дубль, timing-guard логина
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -57,6 +58,41 @@ func TestGetUserByEmail_FindsRegisteredUser(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestRegisterUser_DuplicateEmailReturnsErrEmailTaken verifies the fix for
|
||||
// the duplicate-registration gap: a second RegisterUser call for an
|
||||
// already-taken email must fail with the ErrEmailTaken sentinel (mapped from
|
||||
// the UNIQUE constraint violation on users.email), not a generic pgx error.
|
||||
func TestRegisterUser_DuplicateEmailReturnsErrEmailTaken(t *testing.T) {
|
||||
s, ctx := newStore(t)
|
||||
|
||||
if _, _, err := s.RegisterUser(ctx, "dup@example.com", "argon2-hash"); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if _, _, err := s.RegisterUser(ctx, "dup@example.com", "argon2-hash"); !errors.Is(err, ErrEmailTaken) {
|
||||
t.Fatalf("expected ErrEmailTaken, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// TestGetUserByID_ReturnsUser verifies the fix for the /me gap: GetUserByID
|
||||
// returns the same user created by RegisterUser, including their real email.
|
||||
func TestGetUserByID_ReturnsUser(t *testing.T) {
|
||||
s, ctx := newStore(t)
|
||||
|
||||
u, _, err := s.RegisterUser(ctx, "gina@example.com", "argon2-hash")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
got, err := s.GetUserByID(ctx, u.ID)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if got.ID != u.ID || got.Email != "gina@example.com" {
|
||||
t.Fatalf("unexpected user: %+v", got)
|
||||
}
|
||||
}
|
||||
|
||||
// TestSessionLifecycle_CreateGetDelete verifies CreateSession + GetSessionUser
|
||||
// round-trips to the owning user ID, an expired session is excluded from
|
||||
// GetSessionUser, and DeleteSession removes the session.
|
||||
|
||||
Reference in New Issue
Block a user