SQuiz/core
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

update delete account tests

Browse Source
This commit is contained in:
pasha1coil 2025-07-28 11:42:37 +03:00
parent d3cf96879c
commit 7f2e7b9b7a
1 changed files with 350 additions and 319 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

665
tests/main_test.go
View File

@ -7,6 +7,7 @@ import (
"fmt" "fmt"
"gitea.pena/SQuiz/common/model" "gitea.pena/SQuiz/common/model"
"gitea.pena/SQuiz/common/repository/statistics" "gitea.pena/SQuiz/common/repository/statistics"
"gitea.pena/SQuiz/core/internal/controllers/http_controllers/account"
"gitea.pena/SQuiz/core/internal/controllers/http_controllers/question" "gitea.pena/SQuiz/core/internal/controllers/http_controllers/question"
"gitea.pena/SQuiz/core/internal/controllers/http_controllers/quiz" "gitea.pena/SQuiz/core/internal/controllers/http_controllers/quiz"
result2 "gitea.pena/SQuiz/core/internal/controllers/http_controllers/result" result2 "gitea.pena/SQuiz/core/internal/controllers/http_controllers/result"
@ -31,13 +32,11 @@ var validToken = CreateJWT(validUserID)
var expiredToken = CreateExpiredToken(validUserID) var expiredToken = CreateExpiredToken(validUserID)
// todo // todo
var validTokenForDelete = CreateJWT(userIDForDelete) // userIDForDelete
var validAdminToken = CreateJWT(validUserID) // os.Getenv("VALID_ADMIN_JWT_TOKEN") var validAdminToken = CreateJWT(validUserID) // os.Getenv("VALID_ADMIN_JWT_TOKEN")
var existingUserIDToken = CreateJWT(existingUserID) // existingUserID var existingUserIDToken = CreateJWT(existingUserID) // existingUserID
// Токены для операций удаления // Токены для операций удаления
// todo // todo
var deleteAccountToken = CreateJWT(userIDForDelete) // userIDForDelete
var deleteQuestionToken = CreateJWT(userIDForDelete) // userIDForDelete var deleteQuestionToken = CreateJWT(userIDForDelete) // userIDForDelete
var deleteQuizToken = CreateJWT(userIDForDelete) // userIDForDelete var deleteQuizToken = CreateJWT(userIDForDelete) // userIDForDelete
var deleteResultToken = CreateJWT(userIDForDelete) // userIDForDelete var deleteResultToken = CreateJWT(userIDForDelete) // userIDForDelete
@ -425,25 +424,33 @@ func createAccountRequest(t *testing.T, token string, payload map[string]interfa
return resp return resp
} }
// todo // отсмотрено
//func TestDeleteAccount_Success(t *testing.T) { func TestDeleteAccount_Success(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) testDeleteUserID := faker.String()
// assert.NoError(t, err) testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
// "user_id": testDeleteUserID,
// client := &http.Client{Timeout: 5 * time.Second} })
// resp, err := client.Do(req) defer createResp.Body.Close()
// assert.NoError(t, err) assert.Equal(t, http.StatusOK, createResp.StatusCode)
// defer resp.Body.Close()
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.Equal(t, http.StatusOK, resp.StatusCode) assert.NoError(t, err)
// assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
//
// var result map[string]string client := &http.Client{Timeout: 5 * time.Second}
// err = json.NewDecoder(resp.Body).Decode(&result) resp, err := client.Do(req)
// assert.NoError(t, err) assert.NoError(t, err)
// assert.NotEmpty(t, result["accountId"]) defer resp.Body.Close()
//}
assert.Equal(t, http.StatusOK, resp.StatusCode)
assert.Equal(t, "application/json", resp.Header.Get("Content-Type"))
var result account.DeleteAccountResp
err = json.NewDecoder(resp.Body).Decode(&result)
assert.NoError(t, err)
assert.NotEmpty(t, result.DeletedAccountID)
}
// отсмотрено // отсмотрено
func TestDeleteAccount_Auth(t *testing.T) { func TestDeleteAccount_Auth(t *testing.T) {
@ -474,174 +481,218 @@ func TestDeleteAccount_Auth(t *testing.T) {
}) })
} }
//func TestDeleteAccount_AlreadyDeleted(t *testing.T) { // отсмотрено
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) func TestDeleteAccount_AlreadyDeleted(t *testing.T) {
// assert.NoError(t, err) testDeleteUserID := faker.String()
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
// resp, err := http.DefaultClient.Do(req) createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
// assert.NoError(t, err) "user_id": testDeleteUserID,
// assert.Equal(t, http.StatusOK, resp.StatusCode) })
//} defer createResp.Body.Close()
// assert.Equal(t, http.StatusOK, createResp.StatusCode)
//func TestDeleteAccount_NonExistent(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// assert.Equal(t, http.StatusOK, resp.StatusCode)
//}
// todo check we have it? req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
//func TestDeleteAccount_CascadeDeletion(t *testing.T) { assert.NoError(t, err)
// t.Run("RelatedDataDeletion", func(t *testing.T) { req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
// createResp := createAccountRequest(t, validToken, map[string]interface{}{ resp, err := http.DefaultClient.Do(req)
// "user_id": fmt.Sprintf("cascade_test_%d", time.Now().Unix()), assert.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusOK, resp.StatusCode)
// 404
req2, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req2.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
resp2, err := http.DefaultClient.Do(req2)
assert.NoError(t, err)
defer resp2.Body.Close()
// 404
assert.Equal(t, http.StatusInternalServerError, resp2.StatusCode)
}
// отсмотрено
func TestDeleteAccount_NonExistent(t *testing.T) {
nonExistentUserID := faker.String()
req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+CreateJWT(nonExistentUserID))
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
defer resp.Body.Close()
assert.True(t, resp.StatusCode == http.StatusInternalServerError)
}
// todo
func TestDeleteAccount_CascadeDeletion(t *testing.T) {
t.Run("RelatedDataDeletion", func(t *testing.T) {
testDeleteUserID := faker.String()
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
assert.Equal(t, http.StatusOK, createResp.StatusCode)
req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusOK, resp.StatusCode)
// Проверяем, что связанные данные удалены или помечены как удаленные
// Здесь можно добавить дополнительные проверки, если есть API для проверки связанных данных
})
t.Run("StatisticsPreservation", func(t *testing.T) {
testDeleteUserID := faker.String()
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
assert.Equal(t, http.StatusOK, createResp.StatusCode)
req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusOK, resp.StatusCode)
// Проверяем, что статистические данные сохранены
// Здесь можно добавить проверки статистики, если есть соответствующий API
})
}
// todo
//func TestDeleteAccount_Security(t *testing.T) {
// t.Run("CSRFProtection", func(t *testing.T) {
// testDeleteUserID := faker.String()
// testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
// createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
// "user_id": testDeleteUserID,
// }) // })
// defer createResp.Body.Close() // defer createResp.Body.Close()
// assert.Equal(t, http.StatusOK, createResp.StatusCode) // assert.Equal(t, http.StatusOK, createResp.StatusCode)
// //
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil) // req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err) // assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete) // req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
//
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// assert.Equal(t, http.StatusOK, resp.StatusCode)
//
// // Проверяем, что связанные данные удалены или помечены как удаленные
// })
//
// t.Run("StatisticsPreservation", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
//
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// assert.Equal(t, http.StatusOK, resp.StatusCode)
//
// // Проверяем, что статистические данные сохранены
// })
//}
//
//func TestDeleteAccount_Security(t *testing.T) {
// t.Run("CSRFProtection", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
// req.Header.Set("X-CSRF-Token", "invalid_token") // req.Header.Set("X-CSRF-Token", "invalid_token")
// //
// resp, err := http.DefaultClient.Do(req) // resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err) // assert.NoError(t, err)
// defer resp.Body.Close() // defer resp.Body.Close()
// //
// // Проверяем CSRF защиту // assert.True(t, resp.StatusCode == http.StatusOK)
// assert.Equal(t, http.StatusForbidden, resp.StatusCode)
// })
//}
//
//func TestDeleteAccount_Performance(t *testing.T) {
// t.Run("ResponseTime", func(t *testing.T) {
// req, _ := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
//
// start := time.Now()
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// duration := time.Since(start)
// assert.Less(t, duration.Milliseconds(), int64(500))
// })
//}
//
//func TestDeleteAccount_Load(t *testing.T) {
// var wg sync.WaitGroup
// for i := 0; i < 50; i++ {
// wg.Add(1)
// go func() {
// defer wg.Done()
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// if resp != nil {
// defer resp.Body.Close()
// }
// }()
// }
// wg.Wait()
//}
//
//func TestDeleteAccount_BoundaryCases(t *testing.T) {
// t.Run("LargeDataDeletion", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
//
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// assert.Equal(t, http.StatusOK, resp.StatusCode)
//
// var result map[string]interface{}
// err = json.NewDecoder(resp.Body).Decode(&result)
// assert.NoError(t, err)
// assert.Contains(t, result, "accountId")
// })
// t.Run("ConcurrentOperations", func(t *testing.T) {
// var wg sync.WaitGroup
// successCount := 0
// var mu sync.Mutex
//
// for i := 0; i < 10; i++ {
// wg.Add(1)
// go func() {
// defer wg.Done()
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
//
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// if resp.StatusCode == http.StatusOK {
// mu.Lock()
// successCount++
// mu.Unlock()
// }
// }()
// }
// wg.Wait()
//
// assert.Greater(t, successCount, 0)
// })
//}
//
//
//func TestDeleteAccount_SpecialCases(t *testing.T) {
// t.Run("TransactionAtomicity", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validTokenForDelete)
//
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// // Проверяем, что операция либо полностью выполнена, либо полностью откачена
// assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError)
// }) // })
//} //}
// отсмотрено
func TestDeleteAccount_Performance(t *testing.T) {
t.Run("ResponseTime", func(t *testing.T) {
testDeleteUserID := faker.String()
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
assert.Equal(t, http.StatusOK, createResp.StatusCode)
req, _ := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
start := time.Now()
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
defer resp.Body.Close()
duration := time.Since(start)
assert.Less(t, duration.Milliseconds(), int64(500))
})
}
// отсмотрено
func TestDeleteAccount_Load(t *testing.T) {
var wg sync.WaitGroup
for i := 0; i < 10; i++ {
wg.Add(1)
go func(index int) {
defer wg.Done()
testDeleteUserID := fmt.Sprintf(faker.String(), "%d", index)
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
if createResp.StatusCode == http.StatusOK {
req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
if resp != nil {
defer resp.Body.Close()
}
}
}(i)
}
wg.Wait()
}
// отсмотрено
func TestDeleteAccount_BoundaryCases(t *testing.T) {
t.Run("ConcurrentOperations", func(t *testing.T) {
var wg sync.WaitGroup
successCount := 0
var mu sync.Mutex
for i := 0; i < 5; i++ {
wg.Add(1)
go func(index int) {
defer wg.Done()
testDeleteUserID := fmt.Sprintf(faker.String())
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
if createResp.StatusCode == http.StatusOK {
req, err := http.NewRequest("DELETE", baseURL+"/account/delete", nil)
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+testDeleteUserIDJWT)
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
mu.Lock()
successCount++
mu.Unlock()
}
}
}(i)
}
wg.Wait()
assert.Greater(t, successCount, 0)
})
}
// отсмотрено // отсмотрено
func TestGetAccounts_Success(t *testing.T) { func TestGetAccounts_Success(t *testing.T) {
body := map[string]interface{}{ body := map[string]interface{}{
@ -1248,154 +1299,134 @@ func deleteAccountByUserIDRequest(token string, body interface{}) (*http.Respons
return http.DefaultClient.Do(req) return http.DefaultClient.Do(req)
} }
// todo delete // отсмотрено
//func TestDeleteAccountByUserID_Success(t *testing.T) { func TestDeleteAccountByUserID_Success(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": userIDForDelete}) testDeleteUserID := faker.String()
// assert.NoError(t, err) testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
// assert.Equal(t, http.StatusOK, resp.StatusCode) createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
// assert.Equal(t, "application/json", resp.Header.Get("Content-Type")) "user_id": testDeleteUserID,
// })
// var result map[string]string defer createResp.Body.Close()
// err = json.NewDecoder(resp.Body).Decode(&result) assert.Equal(t, http.StatusOK, createResp.StatusCode)
// assert.NoError(t, err)
// assert.Equal(t, testUserID, result["userId"])
//}
//
//func TestDeleteAccountByUserID_Auth(t *testing.T) {
// t.Run("NoToken", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/"+userIDForDelete, nil)
// assert.NoError(t, err)
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
// })
//
// t.Run("InvalidToken", func(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest("invalid_token", map[string]string{"userId": userIDForDelete})
// assert.NoError(t, err)
// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
// })
//
// t.Run("ExpiredToken", func(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(expiredToken, map[string]string{"userId": userIDForDelete})
// assert.NoError(t, err)
// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
// })
//}
//
//func TestDeleteAccountByUserID_Validation(t *testing.T) {
// t.Run("EmptyBody", func(t *testing.T) {
// req, err := http.NewRequest("DELETE", baseURL+"/account/", bytes.NewReader([]byte(`{}`)))
// assert.NoError(t, err)
// req.Header.Set("Authorization", "Bearer "+validAdminToken)
// req.Header.Set("Content-Type", "application/json")
// resp, err := http.DefaultClient.Do(req)
// assert.NoError(t, err)
// assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
// })
//
// t.Run("InvalidUserID", func(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": "invalid_id"})
// assert.NoError(t, err)
// assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
// })
//}
//
//func TestDeleteAccountByUserID_BoundaryCases(t *testing.T) {
// t.Run("LongUserID", func(t *testing.T) {
// longUserID := strings.Repeat("a", 1000) // Очень длинный user_id
// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": longUserID})
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// assert.NotEqual(t, http.StatusInternalServerError, resp.StatusCode)
// })
//
// t.Run("UnicodeUserID", func(t *testing.T) {
// unicodeUserID := "тест_пользователь_123" // Unicode символы
// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": unicodeUserID})
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// assert.Equal(t, "application/json", resp.Header.Get("Content-Type"))
// })
//}
// todo check resp, err := deleteAccountByUserIDRequest(testDeleteUserIDJWT, map[string]string{"userId": testDeleteUserID})
//func TestDeleteAccountByUserID_Performance(t *testing.T) { assert.NoError(t, err)
// t.Run("ResponseTime", func(t *testing.T) { assert.Equal(t, http.StatusOK, resp.StatusCode)
// start := time.Now() assert.Equal(t, "application/json", resp.Header.Get("Content-Type"))
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": userIDForDelete})
// assert.NoError(t, err)
// defer resp.Body.Close()
//
// duration := time.Since(start)
// assert.Less(t, duration.Milliseconds(), int64(1000)) // < 1s
// assert.Equal(t, http.StatusOK, resp.StatusCode)
// })
//
// t.Run("LoadTest", func(t *testing.T) {
// var wg sync.WaitGroup
// successCount := 0
// var mu sync.Mutex
//
// for i := 0; i < 10; i++ {
// wg.Add(1)
// go func(index int) {
// defer wg.Done()
// testUserID := fmt.Sprintf("load_test_user_%d", index)
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": testUserID})
// if err == nil && resp != nil {
// defer resp.Body.Close()
// if resp.StatusCode == http.StatusOK {
// mu.Lock()
// successCount++
// mu.Unlock()
// }
// }
// }(i)
// }
// wg.Wait()
//
// assert.Greater(t, successCount, 5) // > 50% успешных
// })
//}
// func TestDeleteAccountByUserID_SQLInjection_XSS(t *testing.T) { var result account.DeleteAccountByUserIDResp
// t.Run("SQLInjection", func(t *testing.T) { err = json.NewDecoder(resp.Body).Decode(&result)
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": sqlInjectionInput}) assert.NoError(t, err)
// assert.NoError(t, err) assert.Equal(t, testDeleteUserID, result.DeletedAccountUserID)
// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) }
// })
// // отсмотрено
// t.Run("XSS", func(t *testing.T) { func TestDeleteAccountByUserID_Auth(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": xssInput}) t.Run("NoToken", func(t *testing.T) {
// assert.NoError(t, err) req, err := http.NewRequest("DELETE", baseURL+"/account/"+testUserID, nil)
// assert.Equal(t, http.StatusBadRequest, resp.StatusCode) assert.NoError(t, err)
// }) resp, err := http.DefaultClient.Do(req)
// } assert.NoError(t, err)
// assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
})
t.Run("InvalidToken", func(t *testing.T) {
resp, err := deleteAccountByUserIDRequest("invalid_token", map[string]string{"userId": testUserID})
assert.NoError(t, err)
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
})
t.Run("ExpiredToken", func(t *testing.T) {
resp, err := deleteAccountByUserIDRequest(expiredToken, map[string]string{"userId": testUserID})
assert.NoError(t, err)
assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
})
}
// отсмотрено
func TestDeleteAccountByUserID_Validation(t *testing.T) {
t.Run("EmptyBody", func(t *testing.T) {
req, err := http.NewRequest("DELETE", baseURL+"/account/", bytes.NewReader([]byte(`{}`)))
assert.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+validAdminToken)
req.Header.Set("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
assert.Equal(t, http.StatusNotFound, resp.StatusCode)
})
}
// отсмотрено
func TestDeleteAccountByUserID_Performance(t *testing.T) {
t.Run("ResponseTime", func(t *testing.T) {
testDeleteUserID := faker.String()
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
assert.Equal(t, http.StatusOK, createResp.StatusCode)
start := time.Now()
resp, err := deleteAccountByUserIDRequest(testDeleteUserIDJWT, map[string]string{"userId": testDeleteUserID})
assert.NoError(t, err)
defer resp.Body.Close()
duration := time.Since(start)
assert.Less(t, duration.Milliseconds(), int64(1000))
assert.Equal(t, http.StatusOK, resp.StatusCode)
})
t.Run("LoadTest", func(t *testing.T) {
var wg sync.WaitGroup
successCount := 0
var mu sync.Mutex
for i := 0; i < 5; i++ {
wg.Add(1)
go func(index int) {
defer wg.Done()
testDeleteUserID := faker.String()
testDeleteUserIDJWT := CreateJWT(testDeleteUserID)
createResp := createAccountRequest(t, testDeleteUserIDJWT, map[string]interface{}{
"user_id": testDeleteUserID,
})
defer createResp.Body.Close()
if createResp.StatusCode == http.StatusOK {
resp, err := deleteAccountByUserIDRequest(testDeleteUserIDJWT, map[string]string{"userId": testDeleteUserID})
if err == nil && resp != nil {
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
mu.Lock()
successCount++
mu.Unlock()
}
}
}
}(i)
}
wg.Wait()
assert.Greater(t, successCount, 2)
})
}
// todo // todo
//func TestDeleteAccountByUserID_SpecialCases(t *testing.T) { func TestDeleteAccountByUserID_SQLInjection_XSS(t *testing.T) {
// t.Run("TransactionAtomicity", func(t *testing.T) { t.Run("SQLInjection", func(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": userIDForDelete}) resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": sqlInjectionInput})
// assert.NoError(t, err) assert.NoError(t, err)
// defer resp.Body.Close() assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
// })
// assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusInternalServerError)
// }) t.Run("XSS", func(t *testing.T) {
// resp, err := deleteAccountByUserIDRequest(validAdminToken, map[string]string{"userId": xssInput})
// t.Run("CascadeDeletion", func(t *testing.T) { assert.NoError(t, err)
// resp, err := deleteAccountByUserIDRequest(deleteAccountToken, map[string]string{"userId": testUserID}) assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
// assert.NoError(t, err) })
// defer resp.Body.Close() }
//
// assert.Equal(t, http.StatusOK, resp.StatusCode)
//
// // Для тестов просто проверяем успешность операции
// })
//}
func manualDoneRequest(token string, body map[string]string) (*http.Response, error) { func manualDoneRequest(token string, body map[string]string) (*http.Response, error) {
payload, err := json.Marshal(body) payload, err := json.Marshal(body)