diff --git a/internal/api/auth_scope_test.go b/internal/api/auth_scope_test.go index cc33be2..84aa705 100644 --- a/internal/api/auth_scope_test.go +++ b/internal/api/auth_scope_test.go @@ -1,6 +1,7 @@ package api import ( + "context" "net/http" "net/http/httptest" "testing" @@ -56,3 +57,46 @@ func TestRequireScopeAllowsMatchingScope(t *testing.T) { t.Fatalf("expected status 202 when scope present, got %d", rr.Code) } } + +func TestRespondMissingScopeNilWriter(t *testing.T) { + // Should not panic when called with nil writer + respondMissingScope(nil, "some-scope") +} + +func TestAttachAPITokenRecordNilRecord(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, "/", nil) + originalCtx := req.Context() + + // Should not panic and should not modify context when record is nil + attachAPITokenRecord(req, nil) + + // Context should remain unchanged + if req.Context() != originalCtx { + t.Fatal("context should not change when attaching nil record") + } +} + +func TestGetAPITokenRecordFromRequestWrongType(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, "/", nil) + + // Attach a value of wrong type to the context + ctx := req.Context() + ctx = context.WithValue(ctx, contextKeyAPIToken, "not-a-record") + req = req.WithContext(ctx) + + // Should return nil when type assertion fails + record := getAPITokenRecordFromRequest(req) + if record != nil { + t.Fatal("expected nil when context value is wrong type") + } +} + +func TestGetAPITokenRecordFromRequestNoValue(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, "/", nil) + + // No token attached - should return nil + record := getAPITokenRecordFromRequest(req) + if record != nil { + t.Fatal("expected nil when no token in context") + } +}