pkg/datastore/auth_db_test.go

package datastore

import (
	"context"
	"testing"
	"time"
)

func TestUserAndSessionLifecycle(t *testing.T) {
	store := setupTestDB(t)
	defer store.DB.Close()

	_, err := store.DB.Exec(`
		CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT UNIQUE, full_name TEXT, password_hash TEXT, global_role TEXT, is_active BOOLEAN DEFAULT 1);
		CREATE TABLE sessions (session_token TEXT PRIMARY KEY, user_id INTEGER, expires_at DATETIME);
	`)

	ctx := context.Background()

	user, err := store.CreateUser(ctx, "admin@RiskRancher.com", "doc", "fake_bcrypt_hash", "Admin")
	if err != nil {
		t.Fatalf("Failed to create user: %v", err)
	}
	if user.ID == 0 {
		t.Errorf("Expected database to return a valid auto-incremented ID, got 0")
	}

	_, err = store.CreateUser(ctx, "admin@RiskRancher.com", "doc", "another_hash", "Analyst")
	if err == nil {
		t.Fatalf("Security Failure: Database allowed a duplicate email address!")
	}

	fetchedUser, err := store.GetUserByEmail(ctx, "admin@RiskRancher.com")
	if err != nil {
		t.Fatalf("Failed to fetch user by email: %v", err)
	}
	if fetchedUser.GlobalRole != "Admin" {
		t.Errorf("Expected role 'Admin', got '%s'", fetchedUser.GlobalRole)
	}

	expires := time.Now().Add(24 * time.Hour)
	err = store.CreateSession(ctx, "fake_secure_token", user.ID, expires)
	if err != nil {
		t.Fatalf("Failed to create session: %v", err)
	}

	session, err := store.GetSession(ctx, "fake_secure_token")
	if err != nil {
		t.Fatalf("Failed to retrieve session: %v", err)
	}
	if session.UserID != user.ID {
		t.Errorf("Session mapped to wrong user! Expected %d, got %d", user.ID, session.UserID)
	}

	userByID, err := store.GetUserByID(ctx, user.ID)
	if err != nil {
		t.Fatalf("Failed to fetch user by ID: %v", err)
	}
	if userByID.Email != user.Email {
		t.Errorf("GetUserByID returned wrong user. Expected %s, got %s", user.Email, userByID.Email)
	}

	newHash := "new_secure_bcrypt_hash_999"
	err = store.UpdateUserPassword(ctx, user.ID, newHash)
	if err != nil {
		t.Fatalf("Failed to update user password: %v", err)
	}

	updatedUser, _ := store.GetUserByID(ctx, user.ID)
	if updatedUser.PasswordHash != newHash {
		t.Errorf("Password hash did not update in the database")
	}
}
First release of open core 2026-04-02 10:57:36 -04:00			`package datastore`

			`import (`
			`"context"`
			`"testing"`
			`"time"`
			`)`

			`func TestUserAndSessionLifecycle(t *testing.T) {`
			`store := setupTestDB(t)`
			`defer store.DB.Close()`

			_, err := store.DB.Exec(`
			`CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT UNIQUE, full_name TEXT, password_hash TEXT, global_role TEXT, is_active BOOLEAN DEFAULT 1);`
			`CREATE TABLE sessions (session_token TEXT PRIMARY KEY, user_id INTEGER, expires_at DATETIME);`
			`)

			`ctx := context.Background()`

			`user, err := store.CreateUser(ctx, "admin@RiskRancher.com", "doc", "fake_bcrypt_hash", "Admin")`
			`if err != nil {`
			`t.Fatalf("Failed to create user: %v", err)`
			`}`
			`if user.ID == 0 {`
			`t.Errorf("Expected database to return a valid auto-incremented ID, got 0")`
			`}`

			`_, err = store.CreateUser(ctx, "admin@RiskRancher.com", "doc", "another_hash", "Analyst")`
			`if err == nil {`
			`t.Fatalf("Security Failure: Database allowed a duplicate email address!")`
			`}`

			`fetchedUser, err := store.GetUserByEmail(ctx, "admin@RiskRancher.com")`
			`if err != nil {`
			`t.Fatalf("Failed to fetch user by email: %v", err)`
			`}`
			`if fetchedUser.GlobalRole != "Admin" {`
			`t.Errorf("Expected role 'Admin', got '%s'", fetchedUser.GlobalRole)`
			`}`

			`expires := time.Now().Add(24 * time.Hour)`
			`err = store.CreateSession(ctx, "fake_secure_token", user.ID, expires)`
			`if err != nil {`
			`t.Fatalf("Failed to create session: %v", err)`
			`}`

			`session, err := store.GetSession(ctx, "fake_secure_token")`
			`if err != nil {`
			`t.Fatalf("Failed to retrieve session: %v", err)`
			`}`
			`if session.UserID != user.ID {`
			`t.Errorf("Session mapped to wrong user! Expected %d, got %d", user.ID, session.UserID)`
			`}`

			`userByID, err := store.GetUserByID(ctx, user.ID)`
			`if err != nil {`
			`t.Fatalf("Failed to fetch user by ID: %v", err)`
			`}`
			`if userByID.Email != user.Email {`
			`t.Errorf("GetUserByID returned wrong user. Expected %s, got %s", user.Email, userByID.Email)`
			`}`

			`newHash := "new_secure_bcrypt_hash_999"`
			`err = store.UpdateUserPassword(ctx, user.ID, newHash)`
			`if err != nil {`
			`t.Fatalf("Failed to update user password: %v", err)`
			`}`

			`updatedUser, _ := store.GetUserByID(ctx, user.ID)`
			`if updatedUser.PasswordHash != newHash {`
			`t.Errorf("Password hash did not update in the database")`
			`}`
			`}`