fix(auth): серверная проверка длины пароля, loading-guard и различение ошибок на auth-страницах
This commit is contained in:
@@ -165,6 +165,42 @@ func TestAuthRegister_NormalizesEmail(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestAuthRegister_ShortPasswordReturns400 verifies the server-side password
|
||||
// length floor: the client's zod min(8) is UX only and can be bypassed with a
|
||||
// direct POST, so the handler itself must reject a password under 8 chars
|
||||
// before ever calling RegisterUser.
|
||||
func TestAuthRegister_ShortPasswordReturns400(t *testing.T) {
|
||||
a, authStore, _ := newTestAuthAPI()
|
||||
registerCalled := false
|
||||
authStore.registerUserFn = func(context.Context, string, string) (store.User, store.Project, error) {
|
||||
registerCalled = true
|
||||
return store.User{}, store.Project{}, nil
|
||||
}
|
||||
|
||||
router := NewRouter(a)
|
||||
body := `{"email":"alice@example.com","password":"short"}`
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/auth/register", strings.NewReader(body))
|
||||
w := httptest.NewRecorder()
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
if w.Code != http.StatusBadRequest {
|
||||
t.Fatalf("status %d, body %s", w.Code, w.Body.String())
|
||||
}
|
||||
var got map[string]string
|
||||
if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if got["error"] != "password must be at least 8 characters" {
|
||||
t.Fatalf(`expected error "password must be at least 8 characters", got %q`, got["error"])
|
||||
}
|
||||
if registerCalled {
|
||||
t.Fatal("expected RegisterUser not to be called for a too-short password")
|
||||
}
|
||||
if findCookie(w.Result(), sessionCookieName) != nil {
|
||||
t.Fatal("expected no session cookie on rejected register")
|
||||
}
|
||||
}
|
||||
|
||||
// TestAuthRegister_DuplicateEmailReturns409 verifies the fix for the
|
||||
// duplicate-registration gap: RegisterUser reporting store.ErrEmailTaken
|
||||
// must surface as 409, not a generic 500.
|
||||
|
||||
Reference in New Issue
Block a user