[auth] Init Unit test using junit & jacoco for report coverage github#2

- Refactor TokenResponse attribute to camelCase

Author: rama

auth-service/src/test/java/com/example/auth/application/account/AccountCommandServiceTest.java

@@ -0,0 +1,64 @@
+package com.example.auth.application.account;
+
+import com.example.auth.domain.account.Account;
+import com.example.auth.domain.account.AccountRepository;
+import com.example.auth.domain.account.PasswordHasher;
+import com.example.auth.web.error.EmailAlreadyExistsException;
+import com.example.auth.web.error.UsernameAlreadyExistsException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+class AccountCommandServiceTest {
+
+	private AccountRepository repo;
+	private PasswordHasher hasher;
+	private AccountCommands service;
+
+	@BeforeEach
+	void setUp() {
+		repo = mock(AccountRepository.class);
+		hasher = mock(PasswordHasher.class);
+		service = new AccountCommandService(repo, hasher);
+	}
+
+	@Test
+	void register_success_savesEncodedPassword_andReturnsId() {
+		when(repo.findByUsername("alice")).thenReturn(Optional.empty());
+		when(repo.findByEmail("a@x.io")).thenReturn(Optional.empty());
+		when(hasher.encode("secret")).thenReturn("HASH");
+
+		var saved = Account.of(UUID.randomUUID(),"alice","a@x.io","HASH","ACTIVE",null);
+		when(repo.save(any())).thenReturn(saved);
+
+		var id = service.register("alice", "a@x.io", "secret");
+
+		assertThat(id).isEqualTo(saved.getId());
+
+		ArgumentCaptor<Account> cap = ArgumentCaptor.forClass(Account.class);
+		verify(repo).save(cap.capture());
+		assertThat(cap.getValue().getPasswordHash()).isEqualTo("HASH");
+	}
+
+	@Test
+	void register_usernameTaken_throwsApiException() {
+		when(repo.findByUsername("alice")).thenReturn(Optional.of(mock(Account.class)));
+		assertThatThrownBy(() -> service.register("alice","a@x.io","secret"))
+				.isInstanceOf(UsernameAlreadyExistsException.class);
+		verify(repo, never()).save(any());
+	}
+
+	@Test
+	void register_emailTaken_throwsApiException() {
+		when(repo.findByUsername("alice")).thenReturn(Optional.empty());
+		when(repo.findByEmail("a@x.io")).thenReturn(Optional.of(mock(Account.class)));
+		assertThatThrownBy(() -> service.register("alice","a@x.io","secret"))
+				.isInstanceOf(EmailAlreadyExistsException.class);
+	}
+}

auth-service/src/test/java/com/example/auth/application/auth/AuthCommandServiceLoginTest.java

@@ -0,0 +1,81 @@
+package com.example.auth.application.auth;
+
+import com.example.auth.application.auth.AuthCommands.TokenPair;
+import com.example.auth.domain.account.Account;
+import com.example.auth.domain.account.AccountRepository;
+import com.example.auth.domain.account.PasswordHasher;
+import com.example.auth.domain.entitlement.EntitlementClient;
+import com.example.auth.domain.entitlement.Entitlements;
+import com.example.auth.domain.token.RefreshToken;
+import com.example.auth.domain.token.RefreshTokenRepository;
+import com.example.auth.domain.token.jwt.JwtProvider;
+import com.example.auth.web.error.InvalidCredentialsException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.time.Instant;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+class AuthCommandServiceLoginTest {
+
+	private AccountRepository accRepo;
+	private PasswordHasher hasher;
+	private EntitlementClient iam;
+	private JwtProvider jwt;
+	private RefreshTokenRepository rt;
+	private AuthCommands svc;
+
+	@BeforeEach
+	void setUp() {
+		accRepo = mock(AccountRepository.class);
+		hasher = mock(PasswordHasher.class);
+		iam = mock(EntitlementClient.class);
+		jwt = mock(JwtProvider.class);
+		rt = mock(RefreshTokenRepository.class);
+		svc = new AuthCommandService(accRepo, hasher, iam, jwt, rt);
+	}
+
+	@Test
+	void login_success() {
+		var accId = UUID.randomUUID();
+		var acc = Account.of(accId,"alice","a@x.io","HASH","ACTIVE", OffsetDateTime.now(ZoneOffset.UTC));
+		when(accRepo.findByUsernameOrEmail("alice")).thenReturn(Optional.of(acc));
+		when(hasher.matches("secret","HASH")).thenReturn(true);
+
+		when(iam.fetchEntitlements(accId))
+				.thenReturn(Entitlements.of(accId, 4, List.of("ADMIN"), Instant.now()));
+		when(jwt.generateAccessToken(eq(accId), anyList(), eq(4), any()))
+				.thenReturn("jwt");
+		when(jwt.getAccessTtlSeconds()).thenReturn(900L);
+
+		var rotated = RefreshToken.of(UUID.randomUUID(), accId,
+				OffsetDateTime.now(ZoneOffset.UTC).plusDays(7), false);
+		when(rt.create(any(), eq(accId), any())).thenReturn(rotated);
+
+		TokenPair out = svc.login("alice", "secret");
+
+		assertThat(out.tokenType()).isEqualTo("Bearer");
+		assertThat(out.accessToken()).isEqualTo("jwt");
+		assertThat(out.expiresIn()).isEqualTo(900);
+		assertThat(out.refreshToken()).isEqualTo(rotated.getId().toString());
+	}
+
+	@Test
+	void login_wrongPassword_throws() {
+		var acc = Account.of(UUID.randomUUID(),"alice","a@x.io","HASH","ACTIVE", OffsetDateTime.now(ZoneOffset.UTC));
+		when(accRepo.findByUsernameOrEmail("alice")).thenReturn(Optional.of(acc));
+		when(hasher.matches("bad","HASH")).thenReturn(false);
+
+		assertThatThrownBy(() -> svc.login("alice","bad"))
+				.isInstanceOf(InvalidCredentialsException.class);
+
+		verifyNoInteractions(iam, jwt, rt);
+	}
+}

auth-service/src/test/java/com/example/auth/application/auth/AuthCommandServiceRefreshTest.java

@@ -0,0 +1,67 @@
+package com.example.auth.application.auth;
+
+import com.example.auth.application.auth.AuthCommands.TokenPair;
+import com.example.auth.domain.entitlement.EntitlementClient;
+import com.example.auth.domain.entitlement.Entitlements;
+import com.example.auth.domain.token.RefreshToken;
+import com.example.auth.domain.token.RefreshTokenRepository;
+import com.example.auth.domain.token.jwt.JwtProvider;
+import com.example.auth.web.error.RefreshTokenInvalidException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.time.Instant;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+class AuthCommandServiceRefreshTest {
+
+	private RefreshTokenRepository rt;
+	private EntitlementClient iam;
+	private JwtProvider jwt;
+	private AuthCommands svc;
+
+	@BeforeEach
+	void setUp() {
+		rt = mock(RefreshTokenRepository.class);
+		iam = mock(EntitlementClient.class);
+		jwt = mock(JwtProvider.class);
+		svc = new AuthCommandService(null, null, iam, jwt, rt);
+	}
+
+	@Test
+	void refresh_success_rotatesToken() {
+		var accId = UUID.randomUUID();
+		var cur = RefreshToken.of(UUID.randomUUID(), accId, OffsetDateTime.now(ZoneOffset.UTC).plusDays(5), false);
+		when(rt.findById(cur.getId())).thenReturn(Optional.of(cur));
+
+		var rotated = RefreshToken.of(UUID.randomUUID(), accId, OffsetDateTime.now(ZoneOffset.UTC).plusDays(7), false);
+		when(rt.create(any(), eq(accId), any())).thenReturn(rotated);
+
+		when(iam.fetchEntitlements(accId))
+				.thenReturn(Entitlements.of(accId, 4, List.of("ADMIN"), Instant.now()));
+		when(jwt.generateAccessToken(eq(accId), anyList(), eq(4), any()))
+				.thenReturn("newjwt");
+		when(jwt.getAccessTtlSeconds()).thenReturn(900L);
+
+		TokenPair out = svc.refresh(cur.getId().toString());
+
+		verify(rt).consume(cur.getId());
+		assertThat(out.refreshToken()).isEqualTo(rotated.getId().toString());
+		assertThat(out.accessToken()).isEqualTo("newjwt");
+	}
+
+	@Test
+	void refresh_invalidToken_throws() {
+		var id = UUID.randomUUID();
+		when(rt.findById(id)).thenReturn(Optional.empty());
+		assertThatThrownBy(() -> svc.refresh(id.toString()))
+				.isInstanceOf(RefreshTokenInvalidException.class);
+	}
+}

auth-service/src/test/java/com/example/auth/application/jwk/JwkQueryServiceTest.java

@@ -0,0 +1,19 @@
+package com.example.auth.application.jwk;
+
+import com.example.auth.domain.token.jwt.JwtProvider;
+import org.junit.jupiter.api.Test;
+
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.*;
+
+class JwkQueryServiceTest {
+	@Test
+	void handle_returnsProviderJwks() {
+		JwtProvider p = mock(JwtProvider.class);
+		when(p.currentJwks()).thenReturn(Map.of("keys", "test"));
+		JwkQueries q = new JwkQueryService(p);
+		assertThat(q.jwks()).containsEntry("keys", "test");
+	}
+}

auth-service/src/test/java/com/example/auth/domain/account/ValidationRulesTest.java

@@ -0,0 +1,23 @@
+package com.example.auth.domain.account;
+
+import com.example.auth.domain.shared.ValidationRules;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class ValidationRulesTest {
+
+	@Test
+	void usernameRegex_acceptsLettersDigitsUnderscoreDot_3to32() {
+		var r = ValidationRules.USERNAME_PATTERN;
+
+		assertThat(r.matcher("abc").matches()).isTrue();
+		assertThat(r.matcher("a_b.c1").matches()).isTrue();
+		assertThat(r.matcher("a".repeat(32)).matches()).isTrue();
+
+		assertThat(r.matcher("ab").matches()).isFalse();
+		assertThat(r.matcher("a".repeat(33)).matches()).isFalse();
+		assertThat(r.matcher("bad*char").matches()).isFalse();
+		assertThat(r.matcher(" space ").matches()).isFalse();
+	}
+}

auth-service/src/test/java/com/example/auth/domain/token/RefreshTokenValueObjectTest.java

@@ -0,0 +1,24 @@
+package com.example.auth.domain.token;
+
+import org.junit.jupiter.api.Test;
+
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class RefreshTokenValueObjectTest {
+	@Test
+	void of_setsFields() {
+		var id = UUID.randomUUID();
+		var acc = UUID.randomUUID();
+		var exp = OffsetDateTime.now(ZoneOffset.UTC).plusDays(7);
+
+		var rt = RefreshToken.of(id, acc, exp, false);
+
+		assertThat(rt.getId()).isEqualTo(id);
+		assertThat(rt.getAccountId()).isEqualTo(acc);
+		assertThat(rt.isRevoked()).isFalse();
+	}
+}

auth-service/src/test/java/com/example/auth/infrastructure/iam/IamEntitlementClientImplTest.java

@@ -0,0 +1,65 @@
+package com.example.auth.infrastructure.iam;
+
+import com.example.auth.domain.entitlement.Entitlements;
+import com.example.auth.web.error.IamUnavailableException;
+import com.github.tomakehurst.wiremock.WireMockServer;
+import org.junit.jupiter.api.*;
+import org.springframework.web.reactive.function.client.WebClient;
+
+import java.util.List;
+import java.util.UUID;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
+import static org.assertj.core.api.Assertions.*;
+
+class IamEntitlementClientImplTest {
+
+	WireMockServer wm;
+	IamEntitlementClientImpl client;
+
+	@BeforeEach
+	void setup() {
+		wm = new WireMockServer(0);
+		wm.start();
+		configureFor("localhost", wm.port());
+
+		WebClient webClient = WebClient.builder()
+				.baseUrl("http://localhost:" + wm.port())
+				.build();
+
+		client = new IamEntitlementClientImpl(webClient, 1000, "SVC-TOKEN");
+	}
+
+	@AfterEach
+	void tearDown() { wm.stop(); }
+
+	@Test
+	void fetchEntitlements_success_mergesScopesAndRoles() {
+		UUID id = UUID.randomUUID();
+
+		stubFor(get(urlEqualTo("/internal/v1/entitlements/" + id))
+				.withHeader("X-Internal-Token", equalTo("SVC-TOKEN"))
+				.willReturn(okJson("{\"perm_ver\":4,\"scopes\":[\"product:brand:read\"]}")));
+
+		stubFor(get(urlEqualTo("/internal/v1/users/" + id + "/roles"))
+				.withHeader("X-Internal-Token", equalTo("SVC-TOKEN"))
+				.willReturn(okJson("[\"ADMIN\"]")));
+
+		Entitlements ent = client.fetchEntitlements(id);
+
+		assertThat(ent.getPermVer()).isEqualTo(4);
+		assertThat(ent.getRoles()).isEqualTo(List.of("ADMIN"));
+	}
+
+	@Test
+	void fetchEntitlements_upstream4xx_throwsServiceUnavailableWithReason() {
+		UUID id = UUID.randomUUID();
+
+		stubFor(get(urlMatching("/internal/v1/.*"))
+				.willReturn(aResponse().withStatus(404)));
+
+		assertThatThrownBy(() -> client.fetchEntitlements(id))
+				.isInstanceOf(IamUnavailableException.class)
+				.hasMessageContaining("iam_unavailable");
+	}
+}