diff --git a/tests/main_test.go b/tests/main_test.go index ea794ec..7352449 100644 --- a/tests/main_test.go +++ b/tests/main_test.go @@ -14,16 +14,30 @@ import ( "time" ) -// todo нужно прочекать все запросы на удаление, придумать с токенами что то - var baseURL = os.Getenv("API_BASE_URL") var validToken = os.Getenv("VALID_JWT_TOKEN") var expiredToken = os.Getenv("EXPIRED_JWT_TOKEN") + +//todo var validTokenForDelete = os.Getenv("VALID_JWT_TOKEN_FOR_DELETE") + var validAdminToken = os.Getenv("VALID_ADMIN_JWT_TOKEN") var existingUserIDToken = os.Getenv("EXISTING_USER_ID_JWT_TOKEN") +// Токены для операций удаления +// todo +var deleteAccountToken = os.Getenv("DELETE_ACCOUNT_TOKEN") + +var deleteQuestionToken = os.Getenv("DELETE_QUESTION_TOKEN") +var deleteQuizToken = os.Getenv("DELETE_QUIZ_TOKEN") +var deleteResultToken = os.Getenv("DELETE_RESULT_TOKEN") +var deleteLeadTargetToken = os.Getenv("DELETE_LEAD_TARGET_TOKEN") +var deletedAccountToken = os.Getenv("DELETED_ACCOUNT_TOKEN") +var AccountWithOutPrivilegeToken = os.Getenv("ACCOUNT_WITH_PRIVILEGE_TOKEN") + +//todo var userIDForDelete = os.Getenv("USER_ID_FOR_DELETE") + var existingUserID = os.Getenv("EXISTING_USER_ID") var testUserID = os.Getenv("TEST_USER_ID") var userWithoutPrivileges = os.Getenv("USER_NO_PRIVILEGES") @@ -82,7 +96,7 @@ func TestGetAccount_NotFound(t *testing.T) { t.Run("DeletedAccount", func(t *testing.T) { req, err := http.NewRequest("GET", baseURL+"/account/get", nil) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+os.Getenv("DELETED_ACCOUNT_TOKEN")) + req.Header.Set("Authorization", "Bearer "+deletedAccountToken) resp, err := http.DefaultClient.Do(req) assert.NoError(t, err) assert.Equal(t, http.StatusNotFound, resp.StatusCode) @@ -93,7 +107,7 @@ func TestGetAccount_Privileges(t *testing.T) { t.Run("NoPrivileges", func(t *testing.T) { req, err := http.NewRequest("GET", baseURL+"/account/get", nil) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+os.Getenv("NO_PRIVILEGES_TOKEN")) + req.Header.Set("Authorization", "Bearer "+AccountWithOutPrivilegeToken) resp, err := http.DefaultClient.Do(req) assert.NoError(t, err) defer resp.Body.Close() @@ -109,7 +123,7 @@ func TestGetAccount_Privileges(t *testing.T) { t.Run("MultiplePrivileges", func(t *testing.T) { req, err := http.NewRequest("GET", baseURL+"/account/get", nil) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+os.Getenv("MULTI_PRIVILEGES_TOKEN")) + req.Header.Set("Authorization", "Bearer "+validAdminToken) resp, err := http.DefaultClient.Do(req) assert.NoError(t, err) defer resp.Body.Close() @@ -424,24 +438,25 @@ func createAccountRequest(t *testing.T, token string, payload map[string]interfa return resp } -func TestDeleteAccount_Success(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - client := &http.Client{Timeout: 5 * time.Second} - resp, err := client.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, http.StatusOK, resp.StatusCode) - assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) - - var result map[string]string - err = json.NewDecoder(resp.Body).Decode(&result) - assert.NoError(t, err) - assert.NotEmpty(t, result["accountId"]) -} +// todo +//func TestDeleteAccount_Success(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// client := &http.Client{Timeout: 5 * time.Second} +// resp, err := client.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) +// +// var result map[string]string +// err = json.NewDecoder(resp.Body).Decode(&result) +// assert.NoError(t, err) +// assert.NotEmpty(t, result["accountId"]) +//} func TestDeleteAccount_Auth(t *testing.T) { t.Run("NoToken", func(t *testing.T) { @@ -471,187 +486,186 @@ func TestDeleteAccount_Auth(t *testing.T) { }) } -func TestDeleteAccount_AlreadyDeleted(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - assert.Equal(t, http.StatusOK, resp.StatusCode) -} - -func TestDeleteAccount_NonExistent(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - assert.Equal(t, http.StatusOK, resp.StatusCode) -} +//func TestDeleteAccount_AlreadyDeleted(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusOK, resp.StatusCode) +//} +// +//func TestDeleteAccount_NonExistent(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusOK, resp.StatusCode) +//} // todo check we have it? -func TestDeleteAccount_CascadeDeletion(t *testing.T) { - t.Run("RelatedDataDeletion", func(t *testing.T) { - createResp := createAccountRequest(t, validToken, map[string]interface{}{ - "user_id": fmt.Sprintf("cascade_test_%d", time.Now().Unix()), - }) - defer createResp.Body.Close() - assert.Equal(t, http.StatusOK, createResp.StatusCode) - - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, http.StatusOK, resp.StatusCode) - - // Проверяем, что связанные данные удалены или помечены как удаленные - }) - - t.Run("StatisticsPreservation", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, http.StatusOK, resp.StatusCode) - - // Проверяем, что статистические данные сохранены - }) -} - -func TestDeleteAccount_Security(t *testing.T) { - t.Run("CSRFProtection", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - req.Header.Set("X-CSRF-Token", "invalid_token") - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - // Проверяем CSRF защиту - assert.Equal(t, http.StatusForbidden, resp.StatusCode) - }) -} - -func TestDeleteAccount_Performance(t *testing.T) { - t.Run("ResponseTime", func(t *testing.T) { - req, _ := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - start := time.Now() - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - duration := time.Since(start) - assert.Less(t, duration.Milliseconds(), int64(500)) - }) -} - -func TestDeleteAccount_Load(t *testing.T) { - var wg sync.WaitGroup - for i := 0; i < 50; i++ { - wg.Add(1) - go func() { - defer wg.Done() - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - if resp != nil { - defer resp.Body.Close() - } - }() - } - wg.Wait() -} - -func TestDeleteAccount_BoundaryCases(t *testing.T) { - t.Run("LargeDataDeletion", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, http.StatusOK, resp.StatusCode) - - var result map[string]interface{} - err = json.NewDecoder(resp.Body).Decode(&result) - assert.NoError(t, err) - assert.Contains(t, result, "accountId") - }) - // todo тут бы массив токенов на удаление передавать - t.Run("ConcurrentOperations", func(t *testing.T) { - var wg sync.WaitGroup - successCount := 0 - var mu sync.Mutex - - for i := 0; i < 10; i++ { - wg.Add(1) - go func() { - defer wg.Done() - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - if resp.StatusCode == http.StatusOK { - mu.Lock() - successCount++ - mu.Unlock() - } - }() - } - wg.Wait() - - assert.Greater(t, successCount, 0) - }) -} - -func TestDeleteAccount_ErrorHandling(t *testing.T) { - t.Run("TimeoutHandling", func(t *testing.T) { - client := &http.Client{Timeout: 1 * time.Millisecond} - - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - _, err = client.Do(req) - assert.Error(t, err) - assert.Contains(t, err.Error(), "timeout") - }) -} - -func TestDeleteAccount_SpecialCases(t *testing.T) { - t.Run("TransactionAtomicity", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validTokenForDelete) - - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - defer resp.Body.Close() - - // Проверяем, что операция либо полностью выполнена, либо полностью откачена - assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError) - }) -} +//func TestDeleteAccount_CascadeDeletion(t *testing.T) { +// t.Run("RelatedDataDeletion", func(t *testing.T) { +// createResp := createAccountRequest(t, validToken, map[string]interface{}{ +// "user_id": fmt.Sprintf("cascade_test_%d", time.Now().Unix()), +// }) +// defer createResp.Body.Close() +// assert.Equal(t, http.StatusOK, createResp.StatusCode) +// +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// +// // Проверяем, что связанные данные удалены или помечены как удаленные +// }) +// +// t.Run("StatisticsPreservation", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// +// // Проверяем, что статистические данные сохранены +// }) +//} +// +//func TestDeleteAccount_Security(t *testing.T) { +// t.Run("CSRFProtection", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// req.Header.Set("X-CSRF-Token", "invalid_token") +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// // Проверяем CSRF защиту +// assert.Equal(t, http.StatusForbidden, resp.StatusCode) +// }) +//} +// +//func TestDeleteAccount_Performance(t *testing.T) { +// t.Run("ResponseTime", func(t *testing.T) { +// req, _ := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// start := time.Now() +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// duration := time.Since(start) +// assert.Less(t, duration.Milliseconds(), int64(500)) +// }) +//} +// +//func TestDeleteAccount_Load(t *testing.T) { +// var wg sync.WaitGroup +// for i := 0; i < 50; i++ { +// wg.Add(1) +// go func() { +// defer wg.Done() +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// if resp != nil { +// defer resp.Body.Close() +// } +// }() +// } +// wg.Wait() +//} +// +//func TestDeleteAccount_BoundaryCases(t *testing.T) { +// t.Run("LargeDataDeletion", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// +// var result map[string]interface{} +// err = json.NewDecoder(resp.Body).Decode(&result) +// assert.NoError(t, err) +// assert.Contains(t, result, "accountId") +// }) +// t.Run("ConcurrentOperations", func(t *testing.T) { +// var wg sync.WaitGroup +// successCount := 0 +// var mu sync.Mutex +// +// for i := 0; i < 10; i++ { +// wg.Add(1) +// go func() { +// defer wg.Done() +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// if resp.StatusCode == http.StatusOK { +// mu.Lock() +// successCount++ +// mu.Unlock() +// } +// }() +// } +// wg.Wait() +// +// assert.Greater(t, successCount, 0) +// }) +//} +// +//func TestDeleteAccount_ErrorHandling(t *testing.T) { +// t.Run("TimeoutHandling", func(t *testing.T) { +// client := &http.Client{Timeout: 1 * time.Millisecond} +// +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// _, err = client.Do(req) +// assert.Error(t, err) +// assert.Contains(t, err.Error(), "timeout") +// }) +//} +// +//func TestDeleteAccount_SpecialCases(t *testing.T) { +// t.Run("TransactionAtomicity", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) +// +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// // Проверяем, что операция либо полностью выполнена, либо полностью откачена +// assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError) +// }) +//} func TestGetAccounts_Success(t *testing.T) { body := map[string]interface{}{ @@ -1288,169 +1302,172 @@ func deleteAccountByUserIDRequest(token string, body interface{}) (*http.Respons return http.DefaultClient.Do(req) } -func TestDeleteAccountByUserID_Success(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - assert.Equal(t, http.StatusOK, resp.StatusCode) - assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) +// todo delete +//func TestDeleteAccountByUserID_Success(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) +// +// var result map[string]string +// err = json.NewDecoder(resp.Body).Decode(&result) +// assert.NoError(t, err) +// assert.Equal(t, testUserID, result["userId"]) +//} +// +//func TestDeleteAccountByUserID_Auth(t *testing.T) { +// t.Run("NoToken", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/"+userIDForDelete, nil) +// assert.NoError(t, err) +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) +// }) +// +// t.Run("InvalidToken", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest("invalid_token", map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) +// }) +// +// t.Run("ExpiredToken", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(expiredToken, map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) +// }) +//} +// +//func TestDeleteAccountByUserID_Validation(t *testing.T) { +// t.Run("EmptyBody", func(t *testing.T) { +// req, err := http.NewRequest("DELETE", baseURL+"/account/", bytes.NewReader([]byte(`{}`))) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validAdminToken) +// req.Header.Set("Content-Type", "application/json") +// resp, err := http.DefaultClient.Do(req) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) +// }) +// +// t.Run("InvalidUserID", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": "invalid_id"}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) +// }) +//} +// +//func TestDeleteAccountByUserID_BoundaryCases(t *testing.T) { +// t.Run("LongUserID", func(t *testing.T) { +// longUserID := strings.Repeat("a", 1000) // Очень длинный user_id +// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": longUserID}) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.NotEqual(t, http.StatusInternalServerError, resp.StatusCode) +// }) +// +// t.Run("UnicodeUserID", func(t *testing.T) { +// unicodeUserID := "тест_пользователь_123" // Unicode символы +// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": unicodeUserID}) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) +// }) +//} - var result map[string]string - err = json.NewDecoder(resp.Body).Decode(&result) - assert.NoError(t, err) - assert.Equal(t, testUserID, result["userId"]) -} +// todo check +//func TestDeleteAccountByUserID_Performance(t *testing.T) { +// t.Run("ResponseTime", func(t *testing.T) { +// start := time.Now() +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// duration := time.Since(start) +// assert.Less(t, duration.Milliseconds(), int64(1000)) // < 1s +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// }) +// +// t.Run("LoadTest", func(t *testing.T) { +// var wg sync.WaitGroup +// successCount := 0 +// var mu sync.Mutex +// +// for i := 0; i < 10; i++ { +// wg.Add(1) +// go func(index int) { +// defer wg.Done() +// testUserID := fmt.Sprintf("load_test_user_%d", index) +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": testUserID}) +// if err == nil && resp != nil { +// defer resp.Body.Close() +// if resp.StatusCode == http.StatusOK { +// mu.Lock() +// successCount++ +// mu.Unlock() +// } +// } +// }(i) +// } +// wg.Wait() +// +// assert.Greater(t, successCount, 5) // > 50% успешных +// }) +//} -func TestDeleteAccountByUserID_Auth(t *testing.T) { - t.Run("NoToken", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/"+userIDForDelete, nil) - assert.NoError(t, err) - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) - }) +// func TestDeleteAccountByUserID_SQLInjection_XSS(t *testing.T) { +// t.Run("SQLInjection", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": sqlInjectionInput}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) +// }) +// +// t.Run("XSS", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": xssInput}) +// assert.NoError(t, err) +// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) +// }) +// } +// +// todo +//func TestDeleteAccountByUserID_ErrorHandling(t *testing.T) { +// t.Run("TimeoutHandling", func(t *testing.T) { +// client := &http.Client{Timeout: 1 * time.Millisecond} +// +// body, err := json.Marshal(map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// +// req, err := http.NewRequest("DELETE", baseURL+"/account/"+userIDForDelete, bytes.NewBuffer(body)) +// assert.NoError(t, err) +// req.Header.Set("Authorization", "Bearer "+validAdminToken) +// req.Header.Set("Content-Type", "application/json") +// +// _, err = client.Do(req) +// assert.Error(t, err) +// assert.Contains(t, err.Error(), "timeout") +// }) +//} - t.Run("InvalidToken", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest("invalid_token", map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) - }) - - t.Run("ExpiredToken", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(expiredToken, map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) - }) -} - -func TestDeleteAccountByUserID_Validation(t *testing.T) { - t.Run("EmptyBody", func(t *testing.T) { - req, err := http.NewRequest("DELETE", baseURL+"/account/", bytes.NewReader([]byte(`{}`))) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validAdminToken) - req.Header.Set("Content-Type", "application/json") - resp, err := http.DefaultClient.Do(req) - assert.NoError(t, err) - assert.Equal(t, http.StatusBadRequest, resp.StatusCode) - }) - - t.Run("InvalidUserID", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": "invalid_id"}) - assert.NoError(t, err) - assert.Equal(t, http.StatusBadRequest, resp.StatusCode) - }) -} - -func TestDeleteAccountByUserID_BoundaryCases(t *testing.T) { - t.Run("LongUserID", func(t *testing.T) { - longUserID := strings.Repeat("a", 1000) // Очень длинный user_id - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": longUserID}) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.NotEqual(t, http.StatusInternalServerError, resp.StatusCode) - }) - - t.Run("UnicodeUserID", func(t *testing.T) { - unicodeUserID := "тест_пользователь_123" // Unicode символы - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": unicodeUserID}) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) - }) -} - -func TestDeleteAccountByUserID_Performance(t *testing.T) { - t.Run("ResponseTime", func(t *testing.T) { - start := time.Now() - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - defer resp.Body.Close() - - duration := time.Since(start) - assert.Less(t, duration.Milliseconds(), int64(1000)) // < 1s - assert.Equal(t, http.StatusOK, resp.StatusCode) - }) - - t.Run("LoadTest", func(t *testing.T) { - var wg sync.WaitGroup - successCount := 0 - var mu sync.Mutex - - for i := 0; i < 10; i++ { - wg.Add(1) - go func(index int) { - defer wg.Done() - // todo нужно придумать - testUserID := fmt.Sprintf("load_test_user_%d", index) - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": testUserID}) - if err == nil && resp != nil { - defer resp.Body.Close() - if resp.StatusCode == http.StatusOK { - mu.Lock() - successCount++ - mu.Unlock() - } - } - }(i) - } - wg.Wait() - - assert.Greater(t, successCount, 5) // > 50% успешных - }) -} - -func TestDeleteAccountByUserID_SQLInjection_XSS(t *testing.T) { - t.Run("SQLInjection", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": sqlInjectionInput}) - assert.NoError(t, err) - assert.Equal(t, http.StatusBadRequest, resp.StatusCode) - }) - - t.Run("XSS", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": xssInput}) - assert.NoError(t, err) - assert.Equal(t, http.StatusBadRequest, resp.StatusCode) - }) -} - -func TestDeleteAccountByUserID_ErrorHandling(t *testing.T) { - t.Run("TimeoutHandling", func(t *testing.T) { - client := &http.Client{Timeout: 1 * time.Millisecond} - - body, err := json.Marshal(map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - - req, err := http.NewRequest("DELETE", baseURL+"/account/"+userIDForDelete, bytes.NewBuffer(body)) - assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validAdminToken) - req.Header.Set("Content-Type", "application/json") - - _, err = client.Do(req) - assert.Error(t, err) - assert.Contains(t, err.Error(), "timeout") - }) -} - -func TestDeleteAccountByUserID_SpecialCases(t *testing.T) { - t.Run("TransactionAtomicity", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": userIDForDelete}) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError) - }) - - t.Run("CascadeDeletion", func(t *testing.T) { - resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": testUserID}) - assert.NoError(t, err) - defer resp.Body.Close() - - assert.Equal(t, http.StatusOK, resp.StatusCode) - - // Для тестов просто проверяем успешность операции - }) -} +// todo +//func TestDeleteAccountByUserID_SpecialCases(t *testing.T) { +// t.Run("TransactionAtomicity", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": userIDForDelete}) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError) +// }) +// +// t.Run("CascadeDeletion", func(t *testing.T) { +// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": testUserID}) +// assert.NoError(t, err) +// defer resp.Body.Close() +// +// assert.Equal(t, http.StatusOK, resp.StatusCode) +// +// // Для тестов просто проверяем успешность операции +// }) +//} func manualDoneRequest(token string, body map[string]string) (*http.Response, error) { payload, err := json.Marshal(body) @@ -2165,7 +2182,7 @@ func TestDeleteLeadTarget_ErrorHandling(t *testing.T) { req, err := http.NewRequest("DELETE", baseURL+"/account/leadtarget/123", nil) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validToken) + req.Header.Set("Authorization", "Bearer "+deleteLeadTargetToken) _, err = client.Do(req) assert.Error(t, err) @@ -2175,7 +2192,7 @@ func TestDeleteLeadTarget_ErrorHandling(t *testing.T) { func TestDeleteLeadTarget_SpecialCases(t *testing.T) { t.Run("TransactionAtomicity", func(t *testing.T) { - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 123, "target": "atomic@mail.com", @@ -2206,7 +2223,7 @@ func deleteLeadTargetRequest(token string, targetID string) (*http.Response, err } func TestDeleteLeadTarget_Success(t *testing.T) { - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 123, "target": "delete@mail.com", @@ -2219,7 +2236,7 @@ func TestDeleteLeadTarget_Success(t *testing.T) { assert.NoError(t, err) targetID := fmt.Sprintf("%v", createResult["id"]) - resp, err := deleteLeadTargetRequest(validToken, targetID) + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) assert.NoError(t, err) defer resp.Body.Close() @@ -2256,7 +2273,7 @@ func TestDeleteLeadTarget_Auth(t *testing.T) { func TestDeleteLeadTarget_InputValidation(t *testing.T) { t.Run("InvalidID", func(t *testing.T) { - resp, err := deleteLeadTargetRequest(validToken, "invalid_id") + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, "invalid_id") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) @@ -2265,14 +2282,14 @@ func TestDeleteLeadTarget_InputValidation(t *testing.T) { t.Run("EmptyID", func(t *testing.T) { req, err := http.NewRequest("DELETE", baseURL+"/account/leadtarget/", nil) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validToken) + req.Header.Set("Authorization", "Bearer "+deleteLeadTargetToken) resp, err := http.DefaultClient.Do(req) assert.NoError(t, err) assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("NonExistentID", func(t *testing.T) { - resp, err := deleteLeadTargetRequest(validToken, "999999") + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, "999999") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusOK, resp.StatusCode) @@ -2281,14 +2298,14 @@ func TestDeleteLeadTarget_InputValidation(t *testing.T) { func TestDeleteLeadTarget_Security(t *testing.T) { t.Run("SQLInjection", func(t *testing.T) { - resp, err := deleteLeadTargetRequest(validToken, "1' OR '1'='1") + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, "1' OR '1'='1") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("XSSAttack", func(t *testing.T) { - resp, err := deleteLeadTargetRequest(validToken, xssInput) + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, xssInput) assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) @@ -2297,7 +2314,7 @@ func TestDeleteLeadTarget_Security(t *testing.T) { func TestDeleteLeadTarget_Performance(t *testing.T) { t.Run("ResponseTime", func(t *testing.T) { - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 456, "target": "perf_delete@mail.com", @@ -2311,7 +2328,7 @@ func TestDeleteLeadTarget_Performance(t *testing.T) { targetID := fmt.Sprintf("%v", createResult["id"]) start := time.Now() - resp, err := deleteLeadTargetRequest(validToken, targetID) + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) duration := time.Since(start) assert.NoError(t, err) @@ -2325,7 +2342,7 @@ func TestDeleteLeadTarget_Performance(t *testing.T) { wg.Add(1) go func(index int) { defer wg.Done() - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 2000 + index, "target": fmt.Sprintf("load_delete%d@mail.com", index), @@ -2342,7 +2359,7 @@ func TestDeleteLeadTarget_Performance(t *testing.T) { } targetID := fmt.Sprintf("%v", createResult["id"]) - resp, err := deleteLeadTargetRequest(validToken, targetID) + resp, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) if err == nil && resp != nil { resp.Body.Close() } @@ -2353,7 +2370,7 @@ func TestDeleteLeadTarget_Performance(t *testing.T) { } func TestDeleteLeadTarget_AlreadyDeleted(t *testing.T) { - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 789, "target": "already_deleted@mail.com", @@ -2366,11 +2383,11 @@ func TestDeleteLeadTarget_AlreadyDeleted(t *testing.T) { assert.NoError(t, err) targetID := fmt.Sprintf("%v", createResult["id"]) - resp1, err := deleteLeadTargetRequest(validToken, targetID) + resp1, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) assert.NoError(t, err) resp1.Body.Close() - resp2, err := deleteLeadTargetRequest(validToken, targetID) + resp2, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) assert.NoError(t, err) defer resp2.Body.Close() assert.Equal(t, http.StatusOK, resp2.StatusCode) @@ -2535,7 +2552,7 @@ func TestGetLeadTargetByQuizID_Performance(t *testing.T) { } func TestGetLeadTargetByQuizID_DeletedTarget(t *testing.T) { - createResp, err := createLeadTargetRequest(validToken, map[string]interface{}{ + createResp, err := createLeadTargetRequest(deleteLeadTargetToken, map[string]interface{}{ "type": "mail", "quizID": 999, "target": "deleted@mail.com", @@ -2548,11 +2565,11 @@ func TestGetLeadTargetByQuizID_DeletedTarget(t *testing.T) { assert.NoError(t, err) targetID := fmt.Sprintf("%v", createResult["id"]) - deleteResp, err := deleteLeadTargetRequest(validToken, targetID) + deleteResp, err := deleteLeadTargetRequest(deleteLeadTargetToken, targetID) assert.NoError(t, err) deleteResp.Body.Close() - resp, err := getLeadTargetByQuizIDRequest(validToken, "999") + resp, err := getLeadTargetByQuizIDRequest(deleteLeadTargetToken, "999") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusNotFound, resp.StatusCode) @@ -4223,7 +4240,7 @@ func TestDeleteQuestion_ErrorHandling(t *testing.T) { assert.NoError(t, err) req, err := http.NewRequest("DELETE", baseURL+"/question/delete", bytes.NewReader(payload)) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validToken) + req.Header.Set("Authorization", "Bearer "+deleteQuestionToken) req.Header.Set("Content-Type", "application/json") _, err = client.Do(req) assert.Error(t, err) @@ -4246,7 +4263,7 @@ func deleteQuestionRequest(token string, body map[string]interface{}) (*http.Res } func TestDeleteQuestion_Success(t *testing.T) { - createResp, err := createQuestionRequest(validToken, map[string]interface{}{ + createResp, err := createQuestionRequest(deleteQuestionToken, map[string]interface{}{ "quiz_id": 12345, "title": "Question to Delete", "type": "variant", @@ -4259,7 +4276,7 @@ func TestDeleteQuestion_Success(t *testing.T) { assert.NoError(t, err) questionID := createResult["id"] - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionID, }) assert.NoError(t, err) @@ -4275,7 +4292,7 @@ func TestDeleteQuestion_Success(t *testing.T) { } func TestDeleteQuestion_Idempotency(t *testing.T) { - createResp, err := createQuestionRequest(validToken, map[string]interface{}{ + createResp, err := createQuestionRequest(deleteQuestionToken, map[string]interface{}{ "quiz_id": 12345, "title": "Question for Idempotency Test", "type": "variant", @@ -4288,14 +4305,14 @@ func TestDeleteQuestion_Idempotency(t *testing.T) { assert.NoError(t, err) questionID := createResult["id"] - resp1, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp1, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionID, }) assert.NoError(t, err) defer resp1.Body.Close() assert.Equal(t, http.StatusOK, resp1.StatusCode) - resp2, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp2, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionID, }) assert.NoError(t, err) @@ -4347,14 +4364,14 @@ func TestDeleteQuestion_Auth(t *testing.T) { func TestDeleteQuestion_InputValidation(t *testing.T) { t.Run("MissingID", func(t *testing.T) { - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{}) + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{}) assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("InvalidID", func(t *testing.T) { - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": "not_an_integer", }) assert.NoError(t, err) @@ -4363,7 +4380,7 @@ func TestDeleteQuestion_InputValidation(t *testing.T) { }) t.Run("NonExistentID", func(t *testing.T) { - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": 99999, }) assert.NoError(t, err) @@ -4373,7 +4390,7 @@ func TestDeleteQuestion_InputValidation(t *testing.T) { } func TestDeleteQuestion_AlreadyDeleted(t *testing.T) { - createResp, err := createQuestionRequest(validToken, map[string]interface{}{ + createResp, err := createQuestionRequest(deleteQuestionToken, map[string]interface{}{ "quiz_id": 12345, "title": "Question to Delete Twice", "type": "variant", @@ -4386,14 +4403,14 @@ func TestDeleteQuestion_AlreadyDeleted(t *testing.T) { assert.NoError(t, err) questionID := createResult["id"] - resp1, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp1, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionID, }) assert.NoError(t, err) defer resp1.Body.Close() assert.Equal(t, http.StatusOK, resp1.StatusCode) - resp2, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp2, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionID, }) assert.NoError(t, err) @@ -4413,7 +4430,7 @@ func TestDeleteQuestion_AlreadyDeleted(t *testing.T) { func TestDeleteQuestion_Performance(t *testing.T) { var questionIDs []interface{} for i := 0; i < 10; i++ { - createResp, err := createQuestionRequest(validToken, map[string]interface{}{ + createResp, err := createQuestionRequest(deleteQuestionToken, map[string]interface{}{ "quiz_id": 12345, "title": fmt.Sprintf("Performance Test Question %d", i), "type": "variant", @@ -4429,7 +4446,7 @@ func TestDeleteQuestion_Performance(t *testing.T) { t.Run("ResponseTime", func(t *testing.T) { start := time.Now() - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": questionIDs[0], }) duration := time.Since(start) @@ -4445,7 +4462,7 @@ func TestDeleteQuestion_Performance(t *testing.T) { wg.Add(1) go func(id interface{}) { defer wg.Done() - resp, err := deleteQuestionRequest(validToken, map[string]interface{}{ + resp, err := deleteQuestionRequest(deleteQuestionToken, map[string]interface{}{ "id": id, }) if err == nil && resp != nil { @@ -6020,7 +6037,7 @@ func TestDeleteQuiz_ErrorHandling(t *testing.T) { assert.NoError(t, err) req, err := http.NewRequest("DELETE", baseURL+"/quiz/delete", bytes.NewReader(payload)) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validToken) + req.Header.Set("Authorization", "Bearer "+deleteQuizToken) req.Header.Set("Content-Type", "application/json") _, err = client.Do(req) assert.Error(t, err) // Ожидаем ошибку таймаута @@ -6042,7 +6059,7 @@ func deleteQuizRequest(token string, body map[string]interface{}) (*http.Respons } func TestDeleteQuiz_Success(t *testing.T) { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteQuizToken, map[string]interface{}{ "name": "Квиз для удаления", "status": "draft", }) @@ -6053,7 +6070,7 @@ func TestDeleteQuiz_Success(t *testing.T) { assert.NoError(t, err) quizID := createResult["id"] - resp, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": quizID, }) assert.NoError(t, err) @@ -6069,7 +6086,7 @@ func TestDeleteQuiz_Success(t *testing.T) { } func TestDeleteQuiz_Idempotency(t *testing.T) { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteQuizToken, map[string]interface{}{ "name": "Квиз для идемпотентности", "status": "draft", }) @@ -6080,14 +6097,14 @@ func TestDeleteQuiz_Idempotency(t *testing.T) { assert.NoError(t, err) quizID := createResult["id"] - resp1, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp1, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": quizID, }) assert.NoError(t, err) defer resp1.Body.Close() assert.Equal(t, http.StatusOK, resp1.StatusCode) - resp2, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp2, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": quizID, }) assert.NoError(t, err) @@ -6139,14 +6156,14 @@ func TestDeleteQuiz_Auth(t *testing.T) { func TestDeleteQuiz_InputValidation(t *testing.T) { t.Run("MissingID", func(t *testing.T) { - resp, err := deleteQuizRequest(validToken, map[string]interface{}{}) + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{}) assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("InvalidID", func(t *testing.T) { - resp, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": "not_an_integer", }) assert.NoError(t, err) @@ -6155,7 +6172,7 @@ func TestDeleteQuiz_InputValidation(t *testing.T) { }) t.Run("NonExistentID", func(t *testing.T) { - resp, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": 99999, }) assert.NoError(t, err) @@ -6167,7 +6184,7 @@ func TestDeleteQuiz_InputValidation(t *testing.T) { func TestDeleteQuiz_Performance(t *testing.T) { var quizIDs []interface{} for i := 0; i < 10; i++ { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteQuizToken, map[string]interface{}{ "name": fmt.Sprintf("Квиз для удаления %d", i), "status": "draft", }) @@ -6182,7 +6199,7 @@ func TestDeleteQuiz_Performance(t *testing.T) { t.Run("ResponseTime", func(t *testing.T) { start := time.Now() - resp, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": quizIDs[0], }) duration := time.Since(start) @@ -6198,7 +6215,7 @@ func TestDeleteQuiz_Performance(t *testing.T) { wg.Add(1) go func(id interface{}) { defer wg.Done() - resp, err := deleteQuizRequest(validToken, map[string]interface{}{ + resp, err := deleteQuizRequest(deleteQuizToken, map[string]interface{}{ "id": id, }) if err == nil && resp != nil { @@ -6934,7 +6951,7 @@ func deleteResultRequest(token string, resultId string) (*http.Response, error) } func TestDeleteResult_Success(t *testing.T) { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteResultToken, map[string]interface{}{ "name": "Квиз для удаления результатов", "status": "start", }) @@ -6945,7 +6962,7 @@ func TestDeleteResult_Success(t *testing.T) { assert.NoError(t, err) quizID := createResult["id"] - getResultsResp, err := getResultsRequest(validToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ + getResultsResp, err := getResultsRequest(deleteResultToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ "Page": 1, "Limit": 10, }) @@ -6961,7 +6978,7 @@ func TestDeleteResult_Success(t *testing.T) { firstResult := results[0].(map[string]interface{}) resultID := fmt.Sprintf("%v", firstResult["id"]) - resp, err := deleteResultRequest(validToken, resultID) + resp, err := deleteResultRequest(deleteResultToken, resultID) assert.NoError(t, err) defer resp.Body.Close() @@ -6970,7 +6987,7 @@ func TestDeleteResult_Success(t *testing.T) { } func TestDeleteResult_Idempotency(t *testing.T) { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteResultToken, map[string]interface{}{ "name": "Квиз для идемпотентности удаления результатов", "status": "start", }) @@ -6981,7 +6998,7 @@ func TestDeleteResult_Idempotency(t *testing.T) { assert.NoError(t, err) quizID := createResult["id"] - getResultsResp, err := getResultsRequest(validToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ + getResultsResp, err := getResultsRequest(deleteResultToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ "Page": 1, "Limit": 5, }) @@ -6997,12 +7014,12 @@ func TestDeleteResult_Idempotency(t *testing.T) { firstResult := results[0].(map[string]interface{}) resultID := fmt.Sprintf("%v", firstResult["id"]) - resp1, err := deleteResultRequest(validToken, resultID) + resp1, err := deleteResultRequest(deleteResultToken, resultID) assert.NoError(t, err) defer resp1.Body.Close() assert.Equal(t, http.StatusOK, resp1.StatusCode) - resp2, err := deleteResultRequest(validToken, resultID) + resp2, err := deleteResultRequest(deleteResultToken, resultID) assert.NoError(t, err) defer resp2.Body.Close() assert.Equal(t, http.StatusOK, resp2.StatusCode) @@ -7029,14 +7046,14 @@ func TestDeleteResult_Auth(t *testing.T) { func TestDeleteResult_InputValidation(t *testing.T) { t.Run("InvalidResultID", func(t *testing.T) { - resp, err := deleteResultRequest(validToken, "not_a_number") + resp, err := deleteResultRequest(deleteResultToken, "not_a_number") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("NonExistentResultID", func(t *testing.T) { - resp, err := deleteResultRequest(validToken, "99999999") + resp, err := deleteResultRequest(deleteResultToken, "99999999") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusOK, resp.StatusCode) @@ -7044,7 +7061,7 @@ func TestDeleteResult_InputValidation(t *testing.T) { } func TestDeleteResult_Performance(t *testing.T) { - createResp, err := createQuizRequest(validToken, map[string]interface{}{ + createResp, err := createQuizRequest(deleteResultToken, map[string]interface{}{ "name": "Квиз для теста производительности удаления результатов", "status": "start", }) @@ -7055,7 +7072,7 @@ func TestDeleteResult_Performance(t *testing.T) { assert.NoError(t, err) quizID := createResult["id"] - getResultsResp, err := getResultsRequest(validToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ + getResultsResp, err := getResultsRequest(deleteResultToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ "Page": 1, "Limit": 10, }) @@ -7073,7 +7090,7 @@ func TestDeleteResult_Performance(t *testing.T) { t.Run("ResponseTime", func(t *testing.T) { start := time.Now() - resp, err := deleteResultRequest(validToken, resultID) + resp, err := deleteResultRequest(deleteResultToken, resultID) duration := time.Since(start) assert.NoError(t, err) @@ -7083,7 +7100,7 @@ func TestDeleteResult_Performance(t *testing.T) { } t.Run("BulkDelete", func(t *testing.T) { - getMoreResultsResp, err := getResultsRequest(validToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ + getMoreResultsResp, err := getResultsRequest(deleteResultToken, fmt.Sprintf("%v", quizID), map[string]interface{}{ "Page": 1, "Limit": 20, }) @@ -7102,7 +7119,7 @@ func TestDeleteResult_Performance(t *testing.T) { defer wg.Done() resultMap := result.(map[string]interface{}) resultID := fmt.Sprintf("%v", resultMap["id"]) - resp, err := deleteResultRequest(validToken, resultID) + resp, err := deleteResultRequest(deleteResultToken, resultID) if err == nil && resp != nil { resp.Body.Close() } @@ -7118,14 +7135,14 @@ func TestDeleteResult_BoundaryCases(t *testing.T) { for i := range longID { longID[i] = '1' } - resp, err := deleteResultRequest(validToken, string(longID)) + resp, err := deleteResultRequest(deleteResultToken, string(longID)) assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }) t.Run("NegativeResultID", func(t *testing.T) { - resp, err := deleteResultRequest(validToken, "-123") + resp, err := deleteResultRequest(deleteResultToken, "-123") assert.NoError(t, err) defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode) @@ -7136,7 +7153,7 @@ func TestDeleteResult_ErrorHandling(t *testing.T) { t.Run("MalformedRequest", func(t *testing.T) { req, err := http.NewRequest("DELETE", baseURL+"/results/invalid-id", bytes.NewReader([]byte("invalid_body"))) assert.NoError(t, err) - req.Header.Set("Authorization", "Bearer "+validToken) + req.Header.Set("Authorization", "Bearer "+deleteResultToken) req.Header.Set("Content-Type", "application/json") resp, err := http.DefaultClient.Do(req) assert.NoError(t, err) @@ -7145,7 +7162,7 @@ func TestDeleteResult_ErrorHandling(t *testing.T) { }) t.Run("ServerError", func(t *testing.T) { - resp, err := deleteResultRequest(validToken, "invalid-id") + resp, err := deleteResultRequest(deleteResultToken, "invalid-id") assert.NoError(t, err) defer resp.Body.Close() assert.NotEqual(t, http.StatusOK, resp.StatusCode)