mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-05-14 00:49:52 +00:00
64d4ac7919
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Kyle Mendell <kmendell@ofkm.us> Co-authored-by: Elias Schneider <login@eliasschneider.com>
104 lines
2.8 KiB
Go
104 lines
2.8 KiB
Go
package dto
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestValidateUsername(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
expected bool
|
|
}{
|
|
{"valid simple", "user123", true},
|
|
{"valid with dot", "user.name", true},
|
|
{"valid with underscore", "user_name", true},
|
|
{"valid with hyphen", "user-name", true},
|
|
{"valid with at", "user@name", true},
|
|
{"starts with symbol", ".username", false},
|
|
{"ends with non-alphanumeric", "username-", false},
|
|
{"contains space", "user name", false},
|
|
{"valid single char", "a", true},
|
|
{"empty", "", false},
|
|
{"only special chars", "-._@", false},
|
|
{"valid long", "a1234567890_b.c-d@e", true},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assert.Equal(t, tt.expected, ValidateUsername(tt.input))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestValidateClientID(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
expected bool
|
|
}{
|
|
{"valid simple", "client123", true},
|
|
{"valid with dot", "client.id", true},
|
|
{"valid with underscore", "client_id", true},
|
|
{"valid with hyphen", "client-id", true},
|
|
{"valid with all", "client.id-123_abc", true},
|
|
{"contains space", "client id", false},
|
|
{"contains at", "client@id", false},
|
|
{"empty", "", false},
|
|
{"only special chars", "-._", true},
|
|
{"invalid char", "client!id", false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assert.Equal(t, tt.expected, ValidateClientID(tt.input))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestValidateResponseMode(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
expected bool
|
|
}{
|
|
{"valid form_post", "form_post", true},
|
|
{"valid query", "query", true},
|
|
{"valid empty", "", true},
|
|
{"invalid fragment", "fragment", false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assert.Equal(t, tt.expected, ValidateResponseMode(tt.input))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestValidateCallbackURL(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
expected bool
|
|
}{
|
|
{"valid https URL", "https://example.com/callback", true},
|
|
{"valid loopback URL", "http://127.0.0.1:49813/callback", true},
|
|
{"empty scheme", "//127.0.0.1:49813/callback", true},
|
|
{"valid custom scheme", "pocketid://callback", true},
|
|
{"invalid malformed URL", "http://[::1", false},
|
|
{"invalid missing scheme separator", "://example.com/callback", false},
|
|
{"rejects javascript scheme", "javascript:alert(1)", false},
|
|
{"rejects mixed case javascript scheme", "JavaScript:alert(1)", false},
|
|
{"rejects data scheme", "data:text/html;base64,PGgxPkhlbGxvPC9oMT4=", false},
|
|
{"rejects mixed case data scheme", "DaTa:text/html;base64,PGgxPkhlbGxvPC9oMT4=", false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assert.Equal(t, tt.expected, ValidateCallbackURL(tt.input))
|
|
})
|
|
}
|
|
}
|