return 404 from unauthorized tenantsCreateHandler (and add a test)

briskt · Dec 9, 2023 · 31c4954 · 31c4954
1 parent cdc5cd1
commit 31c4954
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 27 deletions.
diff --git a/server/tenant.go b/server/tenant.go
@@ -12,7 +12,7 @@ import (
 func (s *Server) tenantsCreateHandler(c echo.Context) error {
 	user := app.CurrentUser(c)
 	if user.Role != app.UserRoleAdmin {
-		return echo.NewHTTPError(http.StatusUnauthorized, AuthError{Error: "not an authorized user"})
+		return echo.NewHTTPError(http.StatusNotFound, AuthError{Error: "not an authorized user"})
 	}
 
 	var input app.TenantCreateInput

diff --git a/server/tenant_test.go b/server/tenant_test.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"testing"
 
 	"github.com/labstack/echo/v4"
 
@@ -15,34 +16,65 @@ import (
 
 func (ts *TestSuite) Test_tenantsCreateHandler() {
 	f := ts.createUserFixture()
-	admin := f.Users[0]
+	userToken := f.Tokens[0]
+
+	f2 := ts.createUserFixture()
+	admin := f2.Users[0]
 	admin.Role = app.UserRoleAdmin
 	ts.NoError(db.Tx(ts.ctx).Save(&admin).Error)
-	token := f.Tokens[0]
-
-	input := app.TenantCreateInput{Name: "new tenant"}
-	j, _ := json.Marshal(&input)
-	req := httptest.NewRequest(http.MethodPost, "/api/tenants", bytes.NewReader(j))
-	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
-	req.Header.Set(echo.HeaderAuthorization, "Bearer "+token.PlainText)
-
-	res := httptest.NewRecorder()
-	ts.server.ServeHTTP(res, req)
-	body, err := io.ReadAll(res.Body)
-	ts.NoError(err)
-
-	// Assertions
-	ts.Equal(http.StatusOK, res.Code, "incorrect http status, body: \n%s", body)
-
-	var gotTenant app.Tenant
-	ts.NoError(json.Unmarshal(body, &gotTenant))
-	ts.Equal(input.Name, gotTenant.Name, "incorrect Tenant Name, body: \n%s", body)
-
-	dbTenant, err := db.FindTenantByID(ts.ctx, gotTenant.ID)
-	ts.NoError(err)
-	ts.Equal(input.Name, dbTenant.Name, "incorrect Tenant Name in db")
-
-	// TODO: test error response
+	adminToken := f2.Tokens[0]
+
+	tests := []struct {
+		name       string
+		token      string
+		wantStatus int
+	}{
+		{
+			name:       "not a valid token",
+			token:      "x",
+			wantStatus: http.StatusUnauthorized,
+		},
+		{
+			name:       "a user cannot create a tenant",
+			token:      userToken.PlainText,
+			wantStatus: http.StatusNotFound,
+		},
+		{
+			name:       "admin can create a tenant",
+			token:      adminToken.PlainText,
+			wantStatus: http.StatusOK,
+		},
+	}
+
+	for _, tt := range tests {
+		ts.T().Run(tt.name, func(t *testing.T) {
+			input := app.TenantCreateInput{Name: "new tenant"}
+			j, _ := json.Marshal(&input)
+			req := httptest.NewRequest(http.MethodPost, "/api/tenants", bytes.NewReader(j))
+			req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+			req.Header.Set(echo.HeaderAuthorization, "Bearer "+tt.token)
+
+			res := httptest.NewRecorder()
+			ts.server.ServeHTTP(res, req)
+			body, err := io.ReadAll(res.Body)
+			ts.NoError(err)
+
+			// Assertions
+			ts.Equal(tt.wantStatus, res.Code, "incorrect http status, body: \n%s", body)
+
+			if tt.wantStatus != http.StatusOK {
+				return
+			}
+
+			var gotTenant app.Tenant
+			ts.NoError(json.Unmarshal(body, &gotTenant))
+			ts.Equal(input.Name, gotTenant.Name, "incorrect Tenant Name, body: \n%s", body)
+
+			dbTenant, err := db.FindTenantByID(ts.ctx, gotTenant.ID)
+			ts.NoError(err)
+			ts.Equal(input.Name, dbTenant.Name, "incorrect Tenant Name in db")
+		})
+	}
 }
 
 func (ts *TestSuite) Test_tenantsGetHandler() {