| 386 | } |
| 387 | |
| 388 | func TestEmbedAuthSessionTokenMismatch(t *testing.T) { |
| 389 | gin.SetMode(gin.TestMode) |
| 390 | |
| 391 | const channelID = "ch-1" |
| 392 | svc := &fakeEmbedChannelService{ |
| 393 | sessions: map[string]string{ |
| 394 | "ems_other": "other-channel", |
| 395 | }, |
| 396 | } |
| 397 | handler := EmbedAuth(svc, &fakeTenantService{tenant: &types.Tenant{ID: 1}}, nil) |
| 398 | w := httptest.NewRecorder() |
| 399 | c, _ := gin.CreateTestContext(w) |
| 400 | c.Request = httptest.NewRequest(http.MethodGet, "/api/v1/embed/"+channelID+"/config", nil) |
| 401 | c.Request.Header.Set("Authorization", "Embed ems_other") |
| 402 | c.Params = gin.Params{{Key: "channel_id", Value: channelID}} |
| 403 | handler(c) |
| 404 | |
| 405 | if w.Code != http.StatusUnauthorized { |
| 406 | t.Fatalf("status = %d, want %d, body = %s", w.Code, http.StatusUnauthorized, w.Body.String()) |
| 407 | } |
| 408 | } |