auth/internal/config/config_test.go

package config

import (
	"encoding/base64"
	"testing"

	"github.com/rjnemo/auth/internal/driver/logging"
)

func TestNewDefaults(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", base64.StdEncoding.EncodeToString(bytesOfLength(32)))
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	cfg, err := New()
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if cfg.ListenAddr != ":8000" {
		t.Fatalf("expected default listen addr, got %s", cfg.ListenAddr)
	}
	if cfg.LogMode != logging.ModeText {
		t.Fatalf("expected default log mode text, got %s", cfg.LogMode)
	}
	if cfg.Environment != "development" {
		t.Fatalf("expected default environment, got %s", cfg.Environment)
	}
	if got := len(cfg.SessionSecret); got != 32 {
		t.Fatalf("expected secret length 32, got %d", got)
	}
}

func TestNewOverrides(t *testing.T) {
	secret := base64.StdEncoding.EncodeToString(bytesOfLength(40))
	t.Setenv("AUTH_SESSION_SECRET", secret)
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	t.Setenv("AUTH_LISTEN_ADDR", "127.0.0.1:9000")
	t.Setenv("AUTH_LOG_MODE", "json")
	t.Setenv("AUTH_ENV", "production")

	cfg, err := New()
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if cfg.ListenAddr != "127.0.0.1:9000" {
		t.Fatalf("expected overridden listen addr, got %s", cfg.ListenAddr)
	}
	if cfg.LogMode != logging.ModeJSON {
		t.Fatalf("expected json mode, got %s", cfg.LogMode)
	}
	if cfg.Environment != "production" {
		t.Fatalf("expected environment production, got %s", cfg.Environment)
	}
	if len(cfg.SessionSecret) != 40 {
		t.Fatalf("expected secret length 40, got %d", len(cfg.SessionSecret))
	}
}

func TestNewMissingSecret(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", "")
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	if _, err := New(); err == nil {
		t.Fatalf("expected error for missing secret")
	}
}

func TestNewInvalidSecret(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", "not-base64")
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	if _, err := New(); err == nil {
		t.Fatalf("expected error for invalid secret")
	}
}

func TestNewShortSecretAccepted(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", base64.StdEncoding.EncodeToString(bytesOfLength(16)))
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	if _, err := New(); err != nil {
		t.Fatalf("expected short secret to pass config load, got %v", err)
	}
}

func TestNewGoogleOAuthPartialConfiguration(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", base64.StdEncoding.EncodeToString(bytesOfLength(32)))
	t.Setenv("AUTH_GOOGLE_CLIENT_ID", "client")
	t.Setenv("AUTH_GOOGLE_CLIENT_SECRET", "")
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")
	if _, err := New(); err == nil {
		t.Fatalf("expected error for partial google oauth config")
	}
}

func TestNewGoogleOAuthConfigured(t *testing.T) {
	t.Setenv("AUTH_SESSION_SECRET", base64.StdEncoding.EncodeToString(bytesOfLength(32)))
	t.Setenv("AUTH_GOOGLE_CLIENT_ID", "client")
	t.Setenv("AUTH_GOOGLE_CLIENT_SECRET", "secret")
	t.Setenv("AUTH_GOOGLE_REDIRECT_URL", "http://localhost:8000/login/google/callback")
	t.Setenv("AUTH_DATABASE_URL", "postgres://localhost/auth_test?sslmode=disable")

	cfg, err := New()
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if !cfg.GoogleOAuth.Enabled() {
		t.Fatalf("expected google oauth to be enabled")
	}
	if cfg.GoogleOAuth.ClientID != "client" {
		t.Fatalf("expected client id to match, got %q", cfg.GoogleOAuth.ClientID)
	}
}

func bytesOfLength(n int) []byte {
	b := make([]byte, n)
	for i := range b {
		b[i] = byte(i % 255)
	}
	return b
}