ultisuite-backend/internal/authentik/flow_executor_test.go

package authentik

import (
	"context"
	"net/http/httptest"
	"testing"
)

func TestFlowExecutorGetChallenge(t *testing.T) {
	t.Parallel()
	// Smoke test structure only — integration tests hit real Authentik.
	fe, err := NewFlowExecutor("http://localhost:9000", "test-flow")
	if err != nil {
		t.Fatal(err)
	}
	if fe.slug != "test-flow" {
		t.Fatalf("slug = %q", fe.slug)
	}
}

func TestFlowDone(t *testing.T) {
	t.Parallel()
	done, denied := FlowDone(FlowChallenge{"component": "xak-flow-redirect"})
	if !done || denied {
		t.Fatalf("redirect: done=%v denied=%v", done, denied)
	}
	done, denied = FlowDone(FlowChallenge{"component": "ak-stage-access-denied"})
	if !done || !denied {
		t.Fatalf("denied: done=%v denied=%v", done, denied)
	}
	done, denied = FlowDone(FlowChallenge{"component": "ak-stage-prompt"})
	if done || denied {
		t.Fatalf("prompt: done=%v denied=%v", done, denied)
	}
}

func TestFlowSessionStoreLifecycle(t *testing.T) {
	t.Parallel()
	store := NewFlowSessionStore("http://127.0.0.1:1")
	_, err := store.Respond(context.Background(), "missing", "ulti-enrollment", "", map[string]any{"component": "x"})
	if err != ErrFlowSessionNotFound {
		t.Fatalf("expected ErrFlowSessionNotFound, got %v", err)
	}
	_ = httptest.NewRecorder()
}