github.com/companieshouse/insolvency-api@v0.0.0-20231024103413-440c973d9e9b/service/efs_submission_service_test.go (about) 1 package service 2 3 import ( 4 "net/http" 5 "testing" 6 7 "github.com/companieshouse/insolvency-api/config" 8 "github.com/jarcoal/httpmock" 9 10 . "github.com/smartystreets/goconvey/convey" 11 ) 12 13 func TestUnitIsUserOnEfsAllowList(t *testing.T) { 14 // Function response is now dependent on config (EFS API call is bypassed if DISABLE_EFS_ALLOW_LIST_AUTH is set true) 15 cfg, _ := config.Get() 16 17 Convey("Email auth intercept - DISABLE_EFS_ALLOW_LIST_AUTH unset or false", t, func() { 18 httpmock.Activate() 19 defer httpmock.DeactivateAndReset() 20 21 Convey("Error communicating with EFS API", func() { 22 req, _ := http.NewRequest("GET", "", nil) 23 24 defer httpmock.Reset() 25 httpmock.RegisterResponder( 26 http.MethodGet, 27 "http://localhost:4001/efs-submission-api/company-authentication/allow-list/demo@ch.gov.uk", 28 httpmock.NewStringResponder(http.StatusInternalServerError, ""), 29 ) 30 31 userAllowed, err := IsUserOnEfsAllowList("demo@ch.gov.uk", req) 32 So(userAllowed, ShouldBeFalse) 33 So(err.Error(), ShouldEqual, "error communicating with the EFS submission api: [ch-api: got HTTP response code 500 with body: ]") 34 }) 35 36 Convey("user allowed because on EFS allow list", func() { 37 req, _ := http.NewRequest("GET", "", nil) 38 39 defer httpmock.Reset() 40 httpmock.RegisterResponder( 41 http.MethodGet, 42 "http://localhost:4001/efs-submission-api/company-authentication/allow-list/demo@ch.gov.uk", 43 httpmock.NewStringResponder(http.StatusOK, "true"), 44 ) 45 46 userAllowed, err := IsUserOnEfsAllowList("demo@ch.gov.uk", req) 47 So(userAllowed, ShouldBeTrue) 48 So(err, ShouldBeNil) 49 }) 50 51 Convey("user not allowed", func() { 52 req, _ := http.NewRequest("GET", "", nil) 53 54 defer httpmock.Reset() 55 httpmock.RegisterResponder( 56 http.MethodGet, 57 "http://localhost:4001/efs-submission-api/company-authentication/allow-list/demo@ch.gov.uk", 58 httpmock.NewStringResponder(http.StatusOK, "false"), 59 ) 60 61 userAllowed, err := IsUserOnEfsAllowList("demo@ch.gov.uk", req) 62 So(userAllowed, ShouldBeFalse) 63 So(err, ShouldBeNil) 64 }) 65 66 }) 67 68 Convey("Email auth intercept - DISABLE_EFS_ALLOW_LIST_AUTH set true", t, func() { 69 httpmock.Activate() 70 defer httpmock.DeactivateAndReset() 71 72 // Simulate DISABLE_EFS_ALLOW_LIST_AUTH feature toggle being enabled in the environment 73 cfg.IsEfsAllowListAuthDisabled = true 74 75 Convey("user allowed because email address contains magic string and DISABLE_EFS_ALLOW_LIST_AUTH is toggled on in environment", func() { 76 req, _ := http.NewRequest("GET", "", nil) 77 78 defer httpmock.Reset() 79 80 userAllowed, err := IsUserOnEfsAllowList("demo-ip-test@ch.gov.uk", req) 81 So(userAllowed, ShouldBeTrue) 82 So(err, ShouldBeNil) 83 }) 84 85 Convey("user not allowed because email address does not contain magic string (even though EFS endpoint mocked as true if function tried to call it)", func() { 86 req, _ := http.NewRequest("GET", "", nil) 87 88 defer httpmock.Reset() 89 httpmock.RegisterResponder( 90 http.MethodGet, 91 "http://localhost:4001/efs-submission-api/company-authentication/allow-list/demo@ch.gov.uk", 92 httpmock.NewStringResponder(http.StatusOK, "true"), 93 ) 94 95 userAllowed, err := IsUserOnEfsAllowList("demo-test@ch.gov.uk", req) 96 So(userAllowed, ShouldBeFalse) 97 So(err, ShouldBeNil) 98 }) 99 100 }) 101 }