visionA/visionA-backend/internal/api/auth_test.go

package api

import (
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"

	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"
)

// TestAuthLogin_OIDCMode_Returns410 驗證 POST /api/auth/login 在 OIDC 模式下回 410。
//
// OIDC 模式只接受 GET /api/auth/login（redirect flow），POST 一律 410 並指引使用者
// 改用 GET。完整 OIDC flow 測試見 oidc_auth_test.go。
func TestAuthLogin_OIDCMode_Returns410(t *testing.T) {
	r := gin.New()
	r.Use(RequestIDMiddleware())
	g := r.Group("/api")
	registerAuthRoutes(g, Deps{})

	body := strings.NewReader(`{"email":"foo","password":"bar"}`)
	w := httptest.NewRecorder()
	req := httptest.NewRequest(http.MethodPost, "/api/auth/login", body)
	req.Header.Set("Content-Type", "application/json")
	r.ServeHTTP(w, req)

	assert.Equal(t, http.StatusGone, w.Code, "POST /api/auth/login 應回 410 Gone")
	assert.Contains(t, w.Body.String(), "GET /api/auth/login")
}

// TestAuthRegister_Returns501 驗證雛形不做註冊（永遠 501）。
//
// OIDC 模式下註冊由 Member Center 負責，visionA 不接這條。
func TestAuthRegister_Returns501(t *testing.T) {
	r := gin.New()
	r.Use(RequestIDMiddleware())
	g := r.Group("/api")
	registerAuthRoutes(g, Deps{})

	w := httptest.NewRecorder()
	r.ServeHTTP(w, httptest.NewRequest(http.MethodPost, "/api/auth/register", nil))
	assert.Equal(t, http.StatusNotImplemented, w.Code)
	assert.Contains(t, w.Body.String(), "Member Center")
}