(t *testing.T)
| 1469 | } |
| 1470 | |
| 1471 | func TestMCPServerUserTokens(t *testing.T) { |
| 1472 | t.Parallel() |
| 1473 | ctx := context.Background() |
| 1474 | |
| 1475 | const ( |
| 1476 | accessToken = "access-token-value" |
| 1477 | refreshToken = "refresh-token-value" |
| 1478 | ) |
| 1479 | |
| 1480 | // insertConfigAndToken creates a user, an MCP server config, and a |
| 1481 | // user token through the encrypted store. |
| 1482 | insertConfigAndToken := func( |
| 1483 | t *testing.T, |
| 1484 | crypt *dbCrypt, |
| 1485 | ciphers []Cipher, |
| 1486 | ) (database.MCPServerConfig, database.MCPServerUserToken) { |
| 1487 | t.Helper() |
| 1488 | user := dbgen.User(t, crypt, database.User{}) |
| 1489 | cfg := dbgen.MCPServerConfig(t, crypt, database.MCPServerConfig{ |
| 1490 | DisplayName: "Token Test MCP", |
| 1491 | AuthType: "oauth2", |
| 1492 | CreatedBy: uuid.NullUUID{UUID: user.ID, Valid: true}, |
| 1493 | UpdatedBy: uuid.NullUUID{UUID: user.ID, Valid: true}, |
| 1494 | }) |
| 1495 | |
| 1496 | tok, err := crypt.UpsertMCPServerUserToken(ctx, database.UpsertMCPServerUserTokenParams{ |
| 1497 | MCPServerConfigID: cfg.ID, |
| 1498 | UserID: user.ID, |
| 1499 | AccessToken: accessToken, |
| 1500 | RefreshToken: refreshToken, |
| 1501 | TokenType: "Bearer", |
| 1502 | }) |
| 1503 | require.NoError(t, err) |
| 1504 | require.Equal(t, accessToken, tok.AccessToken) |
| 1505 | require.Equal(t, refreshToken, tok.RefreshToken) |
| 1506 | require.Equal(t, ciphers[0].HexDigest(), tok.AccessTokenKeyID.String) |
| 1507 | require.Equal(t, ciphers[0].HexDigest(), tok.RefreshTokenKeyID.String) |
| 1508 | return cfg, tok |
| 1509 | } |
| 1510 | |
| 1511 | t.Run("UpsertMCPServerUserToken", func(t *testing.T) { |
| 1512 | t.Parallel() |
| 1513 | db, crypt, ciphers := setup(t) |
| 1514 | cfg, tok := insertConfigAndToken(t, crypt, ciphers) |
| 1515 | |
| 1516 | // Verify the raw DB values are encrypted. |
| 1517 | rawTok, err := db.GetMCPServerUserToken(ctx, database.GetMCPServerUserTokenParams{ |
| 1518 | MCPServerConfigID: cfg.ID, |
| 1519 | UserID: tok.UserID, |
| 1520 | }) |
| 1521 | require.NoError(t, err) |
| 1522 | requireEncryptedEquals(t, ciphers[0], rawTok.AccessToken, accessToken) |
| 1523 | requireEncryptedEquals(t, ciphers[0], rawTok.RefreshToken, refreshToken) |
| 1524 | }) |
| 1525 | |
| 1526 | t.Run("GetMCPServerUserToken", func(t *testing.T) { |
| 1527 | t.Parallel() |
| 1528 | db, crypt, ciphers := setup(t) |
nothing calls this directly
no test coverage detected