github.com/companieshouse/insolvency-api@v0.0.0-20231024103413-440c973d9e9b/interceptors/insolvency_permissions_interceptor_test.go (about) 1 package interceptors 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "testing" 7 8 "github.com/companieshouse/chs.go/authentication" 9 10 . "github.com/smartystreets/goconvey/convey" 11 ) 12 13 func setTokenHeader(req *http.Request, permissions string) { 14 req.Header.Set("ERIC-Authorised-Token-Permissions", permissions) 15 } 16 17 func TestUnitInsolvencyPermissionsIntercept(t *testing.T) { 18 Convey("Insolvency permissions intercept", t, func() { 19 20 Convey("Invalid token header", func() { 21 req, _ := http.NewRequest("GET", "", nil) 22 setTokenHeader(req, "invalid=invalid=invalid") 23 24 w := httptest.NewRecorder() 25 26 test := InsolvencyPermissionsIntercept(getTestHandler()) 27 test.ServeHTTP(w, req) 28 29 So(w.Code, ShouldEqual, http.StatusInternalServerError) 30 }) 31 32 Convey("Read request", func() { 33 req, _ := http.NewRequest("GET", "", nil) 34 setTokenHeader(req, authentication.PermissionKeyInsolvencyCases+"=read") 35 36 w := httptest.NewRecorder() 37 38 test := InsolvencyPermissionsIntercept(getTestHandler()) 39 test.ServeHTTP(w, req) 40 41 So(w.Code, ShouldEqual, http.StatusOK) 42 }) 43 44 Convey("Update request", func() { 45 req, _ := http.NewRequest("POST", "", nil) 46 setTokenHeader(req, authentication.PermissionKeyInsolvencyCases+"=update") 47 48 w := httptest.NewRecorder() 49 50 test := InsolvencyPermissionsIntercept(getTestHandler()) 51 test.ServeHTTP(w, req) 52 53 So(w.Code, ShouldEqual, http.StatusOK) 54 }) 55 56 Convey("Incorrect token permission", func() { 57 req, _ := http.NewRequest("POST", "", nil) 58 setTokenHeader(req, authentication.PermissionKeyInsolvencyCases+"=read") 59 60 w := httptest.NewRecorder() 61 62 test := InsolvencyPermissionsIntercept(getTestHandler()) 63 test.ServeHTTP(w, req) 64 65 So(w.Code, ShouldEqual, http.StatusUnauthorized) 66 }) 67 68 }) 69 }