@@ -11,6 +11,7 @@ use keybroker::{
1111} ;
1212use must_let:: must_let;
1313use runtime:: testing:: TestRuntime ;
14+
1415use crate :: test_helpers:: UdfTest ;
1516
1617#[ convex_macro:: test_runtime]
@@ -21,79 +22,101 @@ async fn test_get_user_identity_debug_with_plaintext_user(rt: TestRuntime) -> an
2122 let ( result, outcome) = t
2223 . query_outcome ( "auth:getUserIdentityDebug" , assert_obj ! ( ) , identity. clone ( ) )
2324 . await ?;
24-
25+
2526 // Should return the user identity, not an error
2627 must_let ! ( let ConvexValue :: Object ( obj) = result) ;
2728 assert ! ( obj. get( "name" ) . is_some( ) ) ;
2829 assert ! ( outcome. observed_identity) ;
29-
30+
3031 // Test with PlaintextUser identity - should return null (no JWT to debug)
3132 let plaintext_identity = Identity :: PlaintextUser ( "test-plaintext-token" . to_string ( ) ) ;
3233 let ( result, outcome) = t
33- . query_outcome ( "auth:getUserIdentityDebug" , assert_obj ! ( ) , plaintext_identity)
34+ . query_outcome (
35+ "auth:getUserIdentityDebug" ,
36+ assert_obj ! ( ) ,
37+ plaintext_identity,
38+ )
3439 . await ?;
35-
40+
3641 assert_eq ! ( result, ConvexValue :: Null ) ;
3742 assert ! ( outcome. observed_identity) ;
38-
43+
3944 Ok ( ( ) )
4045 } )
4146 . await
4247}
4348
4449#[ convex_macro:: test_runtime]
45- async fn test_get_user_identity_insecure_with_different_identities ( rt : TestRuntime ) -> anyhow:: Result < ( ) > {
50+ async fn test_get_user_identity_insecure_with_different_identities (
51+ rt : TestRuntime ,
52+ ) -> anyhow:: Result < ( ) > {
4653 UdfTest :: run_test_with_isolate2 ( rt, async move |t| {
4754 // Test with PlaintextUser identity - should return the plaintext token
4855 let plaintext_token = "my-test-plaintext-token-12345" ;
4956 let plaintext_identity = Identity :: PlaintextUser ( plaintext_token. to_string ( ) ) ;
5057 let ( result, outcome) = t
51- . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , plaintext_identity)
58+ . query_outcome (
59+ "auth:getUserIdentityInsecure" ,
60+ assert_obj ! ( ) ,
61+ plaintext_identity,
62+ )
5263 . await ?;
53-
64+
5465 must_let ! ( let ConvexValue :: String ( token) = result) ;
5566 assert_eq ! ( & * token, plaintext_token) ;
5667 assert ! ( outcome. observed_identity == false ) ;
57-
68+
5869 // Test with regular User identity - should return null
5970 let user_identity = Identity :: user ( UserIdentity :: test ( ) ) ;
6071 let ( result, outcome) = t
6172 . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , user_identity)
6273 . await ?;
63-
74+
6475 assert_eq ! ( result, ConvexValue :: Null ) ;
6576 assert ! ( outcome. observed_identity == false ) ;
66-
77+
6778 // Test with System identity - should return null
6879 let system_identity = Identity :: system ( ) ;
6980 let ( result, outcome) = t
70- . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , system_identity)
81+ . query_outcome (
82+ "auth:getUserIdentityInsecure" ,
83+ assert_obj ! ( ) ,
84+ system_identity,
85+ )
7186 . await ?;
72-
87+
7388 assert_eq ! ( result, ConvexValue :: Null ) ;
7489 assert ! ( outcome. observed_identity == false ) ;
75-
90+
7691 // Test with Admin identity - should return null
7792 let admin_identity = Identity :: InstanceAdmin ( AdminIdentity :: new_for_test_only (
7893 "test-admin-key" . to_string ( ) ,
7994 MemberId ( 1 ) ,
8095 ) ) ;
8196 let ( result, outcome) = t
82- . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , admin_identity)
97+ . query_outcome (
98+ "auth:getUserIdentityInsecure" ,
99+ assert_obj ! ( ) ,
100+ admin_identity,
101+ )
83102 . await ?;
84-
103+
85104 assert_eq ! ( result, ConvexValue :: Null ) ;
86105 assert ! ( outcome. observed_identity == false ) ;
87-
106+
88107 // Test with Unknown identity - should return null
89108 let unknown_identity = Identity :: Unknown ( None ) ;
90109 let ( result, outcome) = t
91- . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , unknown_identity)
110+ . query_outcome (
111+ "auth:getUserIdentityInsecure" ,
112+ assert_obj ! ( ) ,
113+ unknown_identity,
114+ )
92115 . await ?;
93-
116+
94117 assert_eq ! ( result, ConvexValue :: Null ) ;
95118 assert ! ( outcome. observed_identity == false ) ;
96-
119+
97120 Ok ( ( ) )
98121 } )
99122 . await
@@ -104,33 +127,43 @@ async fn test_plaintext_user_admin_access_restriction(rt: TestRuntime) -> anyhow
104127 UdfTest :: run_test_with_isolate2 ( rt, async move |t| {
105128 // Test that PlaintextUser identity cannot access admin-protected functions
106129 let plaintext_identity = Identity :: PlaintextUser ( "admin-wannabe-token" . to_string ( ) ) ;
107-
130+
108131 // This test would verify that PlaintextUser identities are properly rejected
109132 // by the must_be_admin_internal function changes
110133 let ( outcome, _token) = t
111- . raw_query ( "auth:testAdminAccess" , vec ! [ ConvexValue :: Object ( assert_obj!( ) ) ] , plaintext_identity, None )
134+ . raw_query (
135+ "auth:testAdminAccess" ,
136+ vec ! [ ConvexValue :: Object ( assert_obj!( ) ) ] ,
137+ plaintext_identity,
138+ None ,
139+ )
112140 . await ?;
113-
141+
114142 // Should fail with admin access error
115143 assert ! ( outcome. result. is_err( ) ) ;
116144 let error = outcome. result . unwrap_err ( ) ;
117145 let error_str = error. to_string ( ) ;
118146 assert ! ( error_str. contains( "BadDeployKey" ) || error_str. contains( "invalid" ) ) ;
119-
147+
120148 // Compare with regular admin identity which should succeed
121149 let admin_identity = Identity :: InstanceAdmin ( AdminIdentity :: new_for_test_only (
122150 "valid-admin-key" . to_string ( ) ,
123151 MemberId ( 1 ) ,
124152 ) ) ;
125-
153+
126154 // This should succeed for admin identities
127155 let ( admin_outcome, _token) = t
128- . raw_query ( "auth:testAdminAccess" , vec ! [ ConvexValue :: Object ( assert_obj!( ) ) ] , admin_identity, None )
156+ . raw_query (
157+ "auth:testAdminAccess" ,
158+ vec ! [ ConvexValue :: Object ( assert_obj!( ) ) ] ,
159+ admin_identity,
160+ None ,
161+ )
129162 . await ?;
130-
163+
131164 // Admin should have access
132165 assert ! ( admin_outcome. result. is_ok( ) ) ;
133-
166+
134167 Ok ( ( ) )
135168 } )
136169 . await
@@ -141,25 +174,33 @@ async fn test_plaintext_user_identity_creation_and_handling(rt: TestRuntime) ->
141174 UdfTest :: run_test_with_isolate2 ( rt, async move |t| {
142175 let test_token = "test-plaintext-auth-token-xyz" ;
143176 let plaintext_identity = Identity :: PlaintextUser ( test_token. to_string ( ) ) ;
144-
177+
145178 // Test that PlaintextUser identity is properly handled in queries
146179 let ( result, outcome) = t
147- . query_outcome ( "auth:getIdentityType" , assert_obj ! ( ) , plaintext_identity. clone ( ) )
180+ . query_outcome (
181+ "auth:getIdentityType" ,
182+ assert_obj ! ( ) ,
183+ plaintext_identity. clone ( ) ,
184+ )
148185 . await ?;
149-
186+
150187 // Should indicate it's a PlaintextUser identity
151188 must_let ! ( let ConvexValue :: String ( identity_type) = result) ;
152189 assert_eq ! ( & * identity_type, "PlaintextUser" ) ;
153190 assert ! ( outcome. observed_identity) ;
154-
191+
155192 // Test that getUserIdentityInsecure returns the correct token
156193 let ( token_result, _) = t
157- . query_outcome ( "auth:getUserIdentityInsecure" , assert_obj ! ( ) , plaintext_identity)
194+ . query_outcome (
195+ "auth:getUserIdentityInsecure" ,
196+ assert_obj ! ( ) ,
197+ plaintext_identity,
198+ )
158199 . await ?;
159-
200+
160201 must_let ! ( let ConvexValue :: String ( returned_token) = token_result) ;
161202 assert_eq ! ( & * returned_token, test_token) ;
162-
203+
163204 Ok ( ( ) )
164205 } )
165206 . await
@@ -171,30 +212,34 @@ async fn test_get_user_identity_debug_error_scenarios(rt: TestRuntime) -> anyhow
171212 // Test getUserIdentityDebug with Unknown identity containing error
172213 let error_message = "JWT validation failed: token expired" ;
173214 let unknown_identity_with_error = Identity :: Unknown ( Some (
174- errors:: ErrorMetadata :: bad_request ( "InvalidJWT" , error_message)
215+ errors:: ErrorMetadata :: bad_request ( "InvalidJWT" , error_message) ,
175216 ) ) ;
176-
217+
177218 let ( result, outcome) = t
178- . query_outcome ( "auth:getUserIdentityDebug" , assert_obj ! ( ) , unknown_identity_with_error)
219+ . query_outcome (
220+ "auth:getUserIdentityDebug" ,
221+ assert_obj ! ( ) ,
222+ unknown_identity_with_error,
223+ )
179224 . await ?;
180-
225+
181226 // Should return structured error information
182227 must_let ! ( let ConvexValue :: Object ( error_obj) = result) ;
183228 assert ! ( error_obj. get( "error" ) . is_some( ) ) ;
184229 must_let ! ( let ConvexValue :: Object ( error_obj_inner) = error_obj. get( "error" ) . unwrap( ) ) ;
185230 assert ! ( error_obj_inner. get( "code" ) . is_some( ) ) ;
186231 assert ! ( error_obj_inner. get( "message" ) . is_some( ) ) ;
187232 assert ! ( outcome. observed_identity) ;
188-
233+
189234 // Test with Unknown identity without error - should return null
190235 let unknown_identity = Identity :: Unknown ( None ) ;
191236 let ( result, outcome) = t
192237 . query_outcome ( "auth:getUserIdentityDebug" , assert_obj ! ( ) , unknown_identity)
193238 . await ?;
194-
239+
195240 assert_eq ! ( result, ConvexValue :: Null ) ;
196241 assert ! ( outcome. observed_identity) ;
197-
242+
198243 Ok ( ( ) )
199244 } )
200245 . await
0 commit comments