From 2026780e11e663ed11f13b6d42fc2377fdd24efd Mon Sep 17 00:00:00 2001 From: Evan Jarrett Date: Sat, 25 Oct 2025 01:17:35 -0500 Subject: [PATCH] fix test --- pkg/hold/pds/auth.go | 2 +- pkg/hold/pds/xrpc.go | 8 ++++---- pkg/hold/pds/xrpc_test.go | 29 ----------------------------- 3 files changed, 5 insertions(+), 34 deletions(-) diff --git a/pkg/hold/pds/auth.go b/pkg/hold/pds/auth.go index 6cfcac8..a8d5607 100644 --- a/pkg/hold/pds/auth.go +++ b/pkg/hold/pds/auth.go @@ -6,11 +6,11 @@ import ( "encoding/json" "fmt" "io" + "log" "net/http" "slices" "strings" "time" - "log" "atcr.io/pkg/atproto" "github.com/bluesky-social/indigo/atproto/atcrypto" diff --git a/pkg/hold/pds/xrpc.go b/pkg/hold/pds/xrpc.go index 139dfcb..bcce3c9 100644 --- a/pkg/hold/pds/xrpc.go +++ b/pkg/hold/pds/xrpc.go @@ -116,15 +116,15 @@ func (h *XRPCHandler) requireOwnerOrCrewAdmin(next http.Handler) http.Handler { }) } -// requireAuth middleware - validates DPoP authentication +// requireAuth middleware - validates service token authentication // Stores validated user in request context func (h *XRPCHandler) requireAuth(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Service token authentication - user, err := ValidateServiceToken(r, h.pds.did, h.httpClient) + user, err := ValidateServiceToken(r, h.pds.did, h.httpClient) if err != nil { - http.Error(w, fmt.Sprintf("unauthorized: %v", err), http.StatusForbidden) - return + http.Error(w, fmt.Sprintf("unauthorized: %v", err), http.StatusUnauthorized) + return } // Store user in context for handlers to access ctx := context.WithValue(r.Context(), contextKeyUser, user) diff --git a/pkg/hold/pds/xrpc_test.go b/pkg/hold/pds/xrpc_test.go index 837b7ae..80f8e70 100644 --- a/pkg/hold/pds/xrpc_test.go +++ b/pkg/hold/pds/xrpc_test.go @@ -2059,35 +2059,6 @@ func TestRequireOwnerOrCrewAdmin_Unauthorized(t *testing.T) { } } -// TestRequireAuth_ValidDPoP tests middleware allows valid DPoP token -func TestRequireAuth_ValidDPoP(t *testing.T) { - handler, _ := setupTestXRPCHandler(t) - - r := chi.NewRouter() - handler.RegisterHandlers(r) - - // requestCrew requires auth - dpopHelper, err := NewDPoPTestHelper("did:plc:newcrew123", "https://test.pds") - if err != nil { - t.Fatalf("Failed to create DPoP helper: %v", err) - } - - req := httptest.NewRequest("POST", atproto.HoldRequestCrew, bytes.NewReader([]byte("{}"))) - req.Header.Set("Content-Type", "application/json") - - if err := dpopHelper.AddDPoPToRequest(req); err != nil { - t.Fatalf("Failed to add DPoP: %v", err) - } - - w := httptest.NewRecorder() - r.ServeHTTP(w, req) - - // Should not get auth error (may get other errors like "crew not allowed") - if w.Code == http.StatusUnauthorized { - t.Errorf("Expected valid DPoP to not get 401, got %d: %s", w.Code, w.Body.String()) - } -} - // TestRequireAuth_MissingAuth tests middleware returns 401 without auth func TestRequireAuth_MissingAuth(t *testing.T) { handler, _ := setupTestXRPCHandler(t)