🧪 test: implement per-scenario state isolation and enhance validate-test-suite.sh
- Add pkg/bdd/steps/scenario_state.go with thread-safe per-scenario state manager - Update auth_steps.go, jwt_retention_steps.go to use per-scenario state accessors - Add LastSecret and LastError fields to ScenarioState for JWT retention testing - Update steps.go with SetScenarioKeyForAllSteps function - Update suite.go to generate scenario keys and clear state properly - Mark config hot-reload scenarios as @flaky (timing-sensitive) - Fix validate-test-suite.sh: add -p 1 flag for sequential execution, filter JSON logs, add --count flag - Add CONFIG_SCHEMA.md documenting configuration architecture - Split greet tests into v1/v2 sub-tests with explicit v2 enable/disable Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
This commit is contained in:
@@ -13,16 +13,27 @@ import (
|
||||
|
||||
// AuthSteps holds authentication-related step definitions
|
||||
type AuthSteps struct {
|
||||
client *testserver.Client
|
||||
lastToken string
|
||||
firstToken string // Store the first token for rotation testing
|
||||
lastUserID uint
|
||||
client *testserver.Client
|
||||
scenarioKey string // Track current scenario for state isolation
|
||||
}
|
||||
|
||||
func NewAuthSteps(client *testserver.Client) *AuthSteps {
|
||||
return &AuthSteps{client: client}
|
||||
}
|
||||
|
||||
// SetScenarioKey sets the current scenario key for state isolation
|
||||
func (s *AuthSteps) SetScenarioKey(key string) {
|
||||
s.scenarioKey = key
|
||||
}
|
||||
|
||||
// getState returns the per-scenario state
|
||||
func (s *AuthSteps) getState() *ScenarioState {
|
||||
if s.scenarioKey == "" {
|
||||
s.scenarioKey = "default"
|
||||
}
|
||||
return GetScenarioState(s.scenarioKey)
|
||||
}
|
||||
|
||||
// User Authentication Steps
|
||||
func (s *AuthSteps) aUserExistsWithPassword(username, password string) error {
|
||||
// Register the user first
|
||||
@@ -70,26 +81,28 @@ func (s *AuthSteps) iShouldReceiveAValidJWTToken() error {
|
||||
return fmt.Errorf("malformed token in response: %s", body)
|
||||
}
|
||||
|
||||
s.lastToken = body[startIdx : startIdx+endIdx]
|
||||
token := body[startIdx : startIdx+endIdx]
|
||||
state := s.getState()
|
||||
state.LastToken = token
|
||||
|
||||
// Parse the JWT to get user ID
|
||||
return s.parseAndStoreJWT()
|
||||
return s.parseAndStoreJWT(token)
|
||||
}
|
||||
|
||||
// parseAndStoreJWT parses the last token and stores the user ID
|
||||
func (s *AuthSteps) parseAndStoreJWT() error {
|
||||
if s.lastToken == "" {
|
||||
// parseAndStoreJWT parses the given token and stores the user ID in per-scenario state
|
||||
func (s *AuthSteps) parseAndStoreJWT(token string) error {
|
||||
if token == "" {
|
||||
return fmt.Errorf("no token to parse")
|
||||
}
|
||||
|
||||
// Parse the token without validation (we just want to extract claims)
|
||||
token, _, err := new(jwt.Parser).ParseUnverified(s.lastToken, jwt.MapClaims{})
|
||||
jwtToken, _, err := new(jwt.Parser).ParseUnverified(token, jwt.MapClaims{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse JWT: %w", err)
|
||||
}
|
||||
|
||||
// Get claims
|
||||
claims, ok := token.Claims.(jwt.MapClaims)
|
||||
claims, ok := jwtToken.Claims.(jwt.MapClaims)
|
||||
if !ok {
|
||||
return fmt.Errorf("invalid JWT claims")
|
||||
}
|
||||
@@ -100,7 +113,8 @@ func (s *AuthSteps) parseAndStoreJWT() error {
|
||||
return fmt.Errorf("invalid user ID in JWT claims")
|
||||
}
|
||||
|
||||
s.lastUserID = uint(userIDFloat)
|
||||
state := s.getState()
|
||||
state.LastUserID = uint(userIDFloat)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -140,7 +154,7 @@ func (s *AuthSteps) theTokenShouldContainAdminClaims() error {
|
||||
s.iShouldReceiveAValidJWTToken() // This will store the token and parse it
|
||||
|
||||
// Parse the token to verify admin claims
|
||||
token, _, err := new(jwt.Parser).ParseUnverified(s.lastToken, jwt.MapClaims{})
|
||||
token, _, err := new(jwt.Parser).ParseUnverified(s.getToken(), jwt.MapClaims{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse JWT for admin verification: %w", err)
|
||||
}
|
||||
@@ -350,11 +364,12 @@ func (s *AuthSteps) iUseAMalformedJWTTokenForAuthentication() error {
|
||||
// JWT Validation Steps
|
||||
func (s *AuthSteps) iValidateTheReceivedJWTToken() error {
|
||||
// Validate the received JWT token by sending it to the validation endpoint
|
||||
if s.lastToken == "" {
|
||||
token := s.getToken()
|
||||
if token == "" {
|
||||
return fmt.Errorf("no token to validate")
|
||||
}
|
||||
|
||||
return s.client.Request("POST", "/api/v1/auth/validate", map[string]string{"token": s.lastToken})
|
||||
return s.client.Request("POST", "/api/v1/auth/validate", map[string]string{"token": token})
|
||||
}
|
||||
|
||||
func (s *AuthSteps) theTokenShouldBeValid() error {
|
||||
@@ -381,6 +396,29 @@ func (s *AuthSteps) theTokenShouldBeValid() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// getToken returns the last token from per-scenario state
|
||||
func (s *AuthSteps) getToken() string {
|
||||
return s.getState().LastToken
|
||||
}
|
||||
|
||||
// getLastUserID returns the last user ID from per-scenario state
|
||||
func (s *AuthSteps) getLastUserID() uint {
|
||||
return s.getState().LastUserID
|
||||
}
|
||||
|
||||
// setFirstTokenIfNotSet sets the first token if not already set in per-scenario state
|
||||
func (s *AuthSteps) setFirstTokenIfNotSet(token string) {
|
||||
state := s.getState()
|
||||
if state.FirstToken == "" {
|
||||
state.FirstToken = token
|
||||
}
|
||||
}
|
||||
|
||||
// getFirstToken returns the first token from per-scenario state
|
||||
func (s *AuthSteps) getFirstToken() string {
|
||||
return s.getState().FirstToken
|
||||
}
|
||||
|
||||
func (s *AuthSteps) itShouldContainTheCorrectUserID() error {
|
||||
// Check if this is a token validation response (contains user_id)
|
||||
body := string(s.client.GetLastBody())
|
||||
@@ -410,14 +448,14 @@ func (s *AuthSteps) itShouldContainTheCorrectUserID() error {
|
||||
}
|
||||
|
||||
// Otherwise, verify that we have a stored user ID from the last token
|
||||
if s.lastUserID == 0 {
|
||||
if s.getLastUserID() == 0 {
|
||||
return fmt.Errorf("no user ID stored from previous token")
|
||||
}
|
||||
|
||||
// In a real scenario, we would compare this with the expected user ID
|
||||
// For now, we'll just verify that we successfully extracted a user ID
|
||||
if s.lastUserID <= 0 {
|
||||
return fmt.Errorf("invalid user ID extracted from JWT: %d", s.lastUserID)
|
||||
if s.getLastUserID() <= 0 {
|
||||
return fmt.Errorf("invalid user ID extracted from JWT: %d", s.getLastUserID())
|
||||
}
|
||||
|
||||
return nil
|
||||
@@ -451,11 +489,12 @@ func (s *AuthSteps) iShouldReceiveADifferentJWTToken() error {
|
||||
// Compare with previous token to ensure it's different
|
||||
// Note: In rapid consecutive authentications, tokens might be the same due to timing
|
||||
// This is acceptable for the test scenario
|
||||
if newToken != s.lastToken {
|
||||
state := s.getState()
|
||||
if newToken != state.LastToken {
|
||||
// Store the new token for future comparisons
|
||||
s.lastToken = newToken
|
||||
state.LastToken = newToken
|
||||
// Parse the new token to get user ID
|
||||
return s.parseAndStoreJWT()
|
||||
return s.parseAndStoreJWT(newToken)
|
||||
}
|
||||
|
||||
// If tokens are the same, that's acceptable for consecutive authentications
|
||||
@@ -502,9 +541,7 @@ func (s *AuthSteps) iShouldReceiveAValidJWTTokenSignedWithThePrimarySecret() err
|
||||
}
|
||||
|
||||
// Store this as the first token if not already set (for rotation testing)
|
||||
if s.firstToken == "" {
|
||||
s.firstToken = s.lastToken
|
||||
}
|
||||
s.setFirstTokenIfNotSet(s.getToken())
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -585,25 +622,27 @@ func (s *AuthSteps) iUseAJWTTokenSignedWithTheExpiredSecondarySecretForAuthentic
|
||||
|
||||
func (s *AuthSteps) iUseTheOldJWTTokenSignedWithPrimarySecret() error {
|
||||
// Use the actual token from the first authentication (stored in firstToken)
|
||||
if s.firstToken == "" {
|
||||
firstToken := s.getFirstToken()
|
||||
if firstToken == "" {
|
||||
return fmt.Errorf("no old token stored from first authentication")
|
||||
}
|
||||
|
||||
// Set the Authorization header with the old primary token
|
||||
req := map[string]string{"token": s.firstToken}
|
||||
req := map[string]string{"token": firstToken}
|
||||
return s.client.RequestWithHeader("POST", "/api/v1/auth/validate", req, map[string]string{
|
||||
"Authorization": "Bearer " + s.firstToken,
|
||||
"Authorization": "Bearer " + firstToken,
|
||||
})
|
||||
}
|
||||
|
||||
func (s *AuthSteps) iValidateTheOldJWTTokenSignedWithPrimarySecret() error {
|
||||
// Use the actual token from the first authentication (stored in firstToken)
|
||||
if s.firstToken == "" {
|
||||
firstToken := s.getFirstToken()
|
||||
if firstToken == "" {
|
||||
return fmt.Errorf("no old token stored from first authentication")
|
||||
}
|
||||
|
||||
return s.client.RequestWithHeader("POST", "/api/v1/auth/validate", map[string]string{"token": s.firstToken}, map[string]string{
|
||||
"Authorization": "Bearer " + s.firstToken,
|
||||
return s.client.RequestWithHeader("POST", "/api/v1/auth/validate", map[string]string{"token": firstToken}, map[string]string{
|
||||
"Authorization": "Bearer " + firstToken,
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user