molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

test(middleware): add last_used_at ExpectExec for WorkspaceAuth org-token tests

Browse Source 
orgtoken.Validate() runs a synchronous UPDATE org_api_tokens SET
last_used_at after every successful auth scan. Tests were missing the
sqlmock ExpectExec for this call — the code discards the error
(_, _ = ExecContext) so CI passed, but ExpectationsWereMet() could
not detect a regression where the UPDATE was accidentally removed.

Adds strict mock expectations for all four WorkspaceAuth+org-token
test cases: SetsOrgIDContext, OrgIDNULL_DoesNotSetContext,
DBRowScanError_DoesNotPanic, and SetsAllContextKeys.

Fixes: GH#1774

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Molecule AI Core Platform Lead 2026-04-24 13:01:42 +00:00
parent df51ddc45e
commit a053f67ddf
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
workspace-server/internal/middleware/wsauth_middleware_org_id_test.go
View File

@ -36,6 +36,11 @@ func TestWorkspaceAuth_ValidOrgToken_SetsOrgIDContext(t *testing.T) {
WillReturnRows(sqlmock.NewRows([]string{"id", "prefix", "org_id"}).
AddRow("tok-org-abc", "tok_test", "00000000-0000-0000-0000-000000000001"))
// Best-effort last_used_at update after Validate succeeds.
mock.ExpectExec("UPDATE org_api_tokens SET last_used_at").
WithArgs("tok-org-abc").
WillReturnResult(sqlmock.NewResult(0, 1))
r := gin.New()
r.GET("/workspaces/:id/secrets", WorkspaceAuth(mockDB), func(c *gin.Context) {
v, exists := c.Get("org_id")
@ -84,6 +89,11 @@ func TestWorkspaceAuth_ValidOrgToken_OrgIDNULL_DoesNotSetContext(t *testing.T) {
WillReturnRows(sqlmock.NewRows([]string{"id", "prefix", "org_id"}).
AddRow("tok-old-xyz", "tok_old_", nil))
// Best-effort last_used_at update after Validate succeeds (even for NULL org_id).
mock.ExpectExec("UPDATE org_api_tokens SET last_used_at").
WithArgs("tok-old-xyz").
WillReturnResult(sqlmock.NewResult(0, 1))
r := gin.New()
r.GET("/workspaces/:id/secrets", WorkspaceAuth(mockDB), func(c *gin.Context) {
_, exists := c.Get("org_id")
@ -216,6 +226,11 @@ func TestWorkspaceAuth_OrgToken_DBRowScanError_DoesNotPanic(t *testing.T) {
WillReturnRows(sqlmock.NewRows([]string{"id", "prefix", "org_id"}).
AddRow("tok-ok", "tok_tok_", "00000000-0000-0000-0000-000000000099"))
// Best-effort last_used_at update after Validate succeeds.
mock.ExpectExec("UPDATE org_api_tokens SET last_used_at").
WithArgs("tok-ok").
WillReturnResult(sqlmock.NewResult(0, 1))
r := gin.New()
r.GET("/workspaces/:id/secrets", WorkspaceAuth(mockDB), func(c *gin.Context) {
// org_id key may or may not be set — either is acceptable here.
@ -255,6 +270,11 @@ func TestWorkspaceAuth_OrgToken_SetsAllContextKeys(t *testing.T) {
WillReturnRows(sqlmock.NewRows([]string{"id", "prefix", "org_id"}).
AddRow("tok-full", "tok_fu_", expectedOrgID))
// Best-effort last_used_at update after Validate succeeds.
mock.ExpectExec("UPDATE org_api_tokens SET last_used_at").
WithArgs("tok-full").
WillReturnResult(sqlmock.NewResult(0, 1))
r := gin.New()
r.GET("/workspaces/:id/secrets", WorkspaceAuth(mockDB), func(c *gin.Context) {
id, ok := c.Get("org_token_id")