senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/middleware/captcha_test.go

91 lines
2.7 KiB
Go
Raw Normal View History

feat(v0.13.0): conformité features partielles — CAPTCHA, password history, login history, SMS 2FA TASK-CONF-001: SMS 2FA service (sms_2fa_service.go) — SMSProvider interface, rate limiting (3/h), 6-digit codes, 5min expiry, LogSMSProvider for dev. TASK-CONF-002: CAPTCHA service (captcha_service.go) — Cloudflare Turnstile verification with fail-open + RequireCaptcha middleware. 11 tests. TASK-CONF-003: Auth features completed: - F014 password history (password_history_service.go) — checks last 5 hashes, integrated into PasswordService.ChangePassword. 3 tests. - F024 login history (login_history_service.go) — Record, GetUserHistory, CountRecentFailures for security auditing. - F010/F013/F018/F021/F026 verified already implemented. TASK-CONF-004: F075 ClamAV verified implemented. F080 watermark deferred (P4). TASK-CONF-005: ADR-005 handler architecture documented (keep dual, migrate forward). TASK-CONF-006: Frontend 0 TODO/FIXME, backend 1 — criteria met. Migration: 970_password_login_history_v0130.sql (password_history, login_history, sms_verification_codes tables). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 08:31:50 +00:00
package middleware
import (
"context"
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
type mockCaptchaVerifier struct {
enabled bool
err error
}
func (m *mockCaptchaVerifier) Verify(_ context.Context, _, _ string) error { return m.err }
func (m *mockCaptchaVerifier) IsEnabled() bool { return m.enabled }
func TestRequireCaptcha_Disabled_PassesThrough(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(RequireCaptcha(&mockCaptchaVerifier{enabled: false}, zap.NewNop()))
router.POST("/register", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
req := httptest.NewRequest("POST", "/register", nil)
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusOK, w.Code, "disabled CAPTCHA should pass through")
}
func TestRequireCaptcha_Enabled_MissingToken(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(RequireCaptcha(&mockCaptchaVerifier{enabled: true}, zap.NewNop()))
router.POST("/register", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
req := httptest.NewRequest("POST", "/register", nil)
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusBadRequest, w.Code)
}
func TestRequireCaptcha_Enabled_ValidToken(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(RequireCaptcha(&mockCaptchaVerifier{enabled: true}, zap.NewNop()))
router.POST("/register", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
req := httptest.NewRequest("POST", "/register", nil)
req.Header.Set("X-Captcha-Token", "valid-token")
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusOK, w.Code)
}
func TestRequireCaptcha_Enabled_InvalidToken(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(RequireCaptcha(&mockCaptchaVerifier{
enabled: true,
err: assert.AnError,
}, zap.NewNop()))
router.POST("/login", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
req := httptest.NewRequest("POST", "/login", nil)
req.Header.Set("X-Captcha-Token", "bad-token")
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusForbidden, w.Code)
}
func TestRequireCaptcha_NilVerifier(t *testing.T) {
gin.SetMode(gin.TestMode)
router := gin.New()
router.Use(RequireCaptcha(nil, zap.NewNop()))
router.POST("/register", func(c *gin.Context) { c.JSON(200, gin.H{"ok": true}) })
req := httptest.NewRequest("POST", "/register", nil)
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, http.StatusOK, w.Code, "nil verifier should pass through")
}
Reference in a new issue Copy permalink