Dragon-Knight/internal/csrf/csrf_test.go

package csrf

import (
	"testing"
	"time"

	"dk/internal/session"

	"github.com/valyala/fasthttp"
)

func TestGenerateToken(t *testing.T) {
	sess := &session.Session{
		ID:        "test-session",
		UserID:    1,
		Username:  "testuser",
		Email:     "test@example.com",
		CreatedAt: time.Now(),
		ExpiresAt: time.Now().Add(time.Hour),
		LastSeen:  time.Now(),
		Data:      make(map[string]any),
	}
	
	ctx := &fasthttp.RequestCtx{}
	ctx.SetUserValue(SessionCtxKey, sess)
	
	token := GenerateToken(ctx, nil)
	
	if token == "" {
		t.Error("Expected non-empty token")
	}
	
	storedToken := GetStoredToken(sess)
	if storedToken != token {
		t.Errorf("Expected stored token %s, got %s", token, storedToken)
	}
}

func TestValidateToken(t *testing.T) {
	sess := &session.Session{
		ID:       "test-session",
		UserID:   1,
		Username: "testuser",
		Email:    "test@example.com",
		Data:     map[string]any{SessionKey: "test-token"},
	}
	
	ctx := &fasthttp.RequestCtx{}
	ctx.SetUserValue(SessionCtxKey, sess)
	
	if !ValidateToken(ctx, nil, "test-token") {
		t.Error("Expected valid token to pass validation")
	}
	
	if ValidateToken(ctx, nil, "wrong-token") {
		t.Error("Expected invalid token to fail validation")
	}
	
	if ValidateToken(ctx, nil, "") {
		t.Error("Expected empty token to fail validation")
	}
}

func TestValidateTokenNoSession(t *testing.T) {
	ctx := &fasthttp.RequestCtx{}
	
	if ValidateToken(ctx, nil, "any-token") {
		t.Error("Expected validation to fail with no session")
	}
}

func TestHiddenField(t *testing.T) {
	sess := &session.Session{
		ID:       "test-session",
		UserID:   1,
		Username: "testuser", 
		Email:    "test@example.com",
		Data:     map[string]any{SessionKey: "test-token"},
	}
	
	ctx := &fasthttp.RequestCtx{}
	ctx.SetUserValue(SessionCtxKey, sess)
	
	field := HiddenField(ctx, nil)
	expected := `<input type="hidden" name="_csrf_token" value="test-token">`
	
	if field != expected {
		t.Errorf("Expected %s, got %s", expected, field)
	}
}

func TestHiddenFieldNoSession(t *testing.T) {
	ctx := &fasthttp.RequestCtx{}
	
	field := HiddenField(ctx, nil)
	if field == "" {
		t.Error("Expected non-empty field for guest user with cookie-based token")
	}
}

func TestTokenMeta(t *testing.T) {
	sess := &session.Session{
		ID:       "test-session",
		UserID:   1,
		Username: "testuser",
		Email:    "test@example.com", 
		Data:     map[string]any{SessionKey: "test-token"},
	}
	
	ctx := &fasthttp.RequestCtx{}
	ctx.SetUserValue(SessionCtxKey, sess)
	
	meta := TokenMeta(ctx, nil)
	expected := `<meta name="csrf-token" content="test-token">`
	
	if meta != expected {
		t.Errorf("Expected %s, got %s", expected, meta)
	}
}

func TestStoreAndGetToken(t *testing.T) {
	sess := &session.Session{
		Data: make(map[string]any),
	}
	
	token := "test-token"
	StoreToken(sess, token)
	
	retrieved := GetStoredToken(sess)
	if retrieved != token {
		t.Errorf("Expected %s, got %s", token, retrieved)
	}
}

func TestGetStoredTokenNoData(t *testing.T) {
	sess := &session.Session{}
	
	token := GetStoredToken(sess)
	if token != "" {
		t.Errorf("Expected empty token, got %s", token)
	}
}

func TestValidateFormToken(t *testing.T) {
	sess := &session.Session{
		ID:       "test-session",
		UserID:   1,
		Username: "testuser",
		Email:    "test@example.com",
		Data:     map[string]any{SessionKey: "test-token"},
	}
	
	ctx := &fasthttp.RequestCtx{}
	ctx.SetUserValue(SessionCtxKey, sess)
	
	ctx.PostArgs().Set(TokenFieldName, "test-token")
	
	if !ValidateFormToken(ctx, nil) {
		t.Error("Expected form token validation to pass")
	}
	
	ctx.PostArgs().Set(TokenFieldName, "wrong-token")
	
	if ValidateFormToken(ctx, nil) {
		t.Error("Expected form token validation to fail with wrong token")
	}
}