#![allow(clippy::unwrap_used, clippy::panic)] use serde_json::json;
#[test]
fn test_extract_tenant_from_jwt_claims() {
let claims = json!({
"sub": "user123",
"tenant_id": "acme-corp",
"email": "alice@acme.com",
"iat": 1_234_567_890,
"exp": 1_234_571_490
});
let tenant_id = claims
.get("tenant_id")
.and_then(|v| v.as_str())
.expect("tenant_id should be in claims");
assert_eq!(tenant_id, "acme-corp");
}
#[test]
fn test_missing_tenant_id_in_jwt() {
let claims = json!({
"sub": "user123",
"email": "alice@example.com",
"iat": 1_234_567_890
});
let tenant_id = claims.get("tenant_id").and_then(|v| v.as_str());
assert_eq!(tenant_id, None);
}
#[test]
fn test_invalid_tenant_id_type_in_jwt() {
let claims = json!({
"sub": "user123",
"tenant_id": 12345, "email": "alice@example.com"
});
let tenant_id = claims.get("tenant_id").and_then(|v| v.as_str());
assert_eq!(tenant_id, None);
}
#[test]
fn test_tenant_context_from_jwt_claims() {
let claims = json!({
"sub": "user123",
"tenant_id": "widgets-inc",
"email": "bob@widgets.com"
});
if let Some(tenant_id) = claims.get("tenant_id").and_then(|v| v.as_str()) {
let tenant_id_str = tenant_id.to_string();
assert_eq!(tenant_id_str, "widgets-inc");
} else {
panic!("tenant_id should be extractable from claims");
}
}
#[test]
fn test_uuid_tenant_id_from_jwt() {
let uuid_tenant = "550e8400-e29b-41d4-a716-446655440000";
let claims = json!({
"sub": "user123",
"tenant_id": uuid_tenant,
"email": "user@example.com"
});
let extracted = claims.get("tenant_id").and_then(|v| v.as_str()).unwrap();
assert_eq!(extracted, uuid_tenant);
}
#[test]
fn test_generate_tenant_filter_sql() {
let tenant_id = "acme-corp";
let sql_fragment = format!("tenant_id = '{}'", tenant_id);
assert_eq!(sql_fragment, "tenant_id = 'acme-corp'");
}
#[test]
fn test_tenant_filter_sql_injection_prevention() {
let malicious_tenant = "'; DROP TABLE users; --";
let sql_fragment = format!("tenant_id = '{}'", malicious_tenant);
assert!(sql_fragment.contains(malicious_tenant));
}
#[test]
fn test_tenant_filter_with_other_conditions() {
let tenant_id = "acme-corp";
let base_query = "SELECT * FROM users WHERE active = true";
let combined = format!("{} AND tenant_id = '{}'", base_query, tenant_id);
assert!(combined.contains("active = true"));
assert!(combined.contains("tenant_id = 'acme-corp'"));
assert!(combined.contains("AND"));
}
#[test]
fn test_tenant_filter_postgresql() {
let sql = "WHERE tenant_id = $1".to_string();
assert!(sql.contains("tenant_id"));
assert!(sql.contains("$1"));
}
#[test]
fn test_tenant_filter_mysql() {
let sql = "WHERE tenant_id = ?".to_string();
assert!(sql.contains("tenant_id"));
assert!(sql.contains('?'));
}
#[test]
fn test_tenant_filter_sqlite() {
let sql = "WHERE tenant_id = ?".to_string();
assert!(sql.contains("tenant_id"));
assert!(sql.contains('?'));
}
#[test]
fn test_cross_tenant_access_prevention() {
let user_tenant = "tenant_a";
let requested_data_tenant = "tenant_b";
assert_ne!(user_tenant, requested_data_tenant);
}
#[test]
fn test_admin_multi_tenant_query() {
let admin_tenant = "SYSTEM";
let query_tenants = ["tenant_a", "tenant_b", "tenant_c"];
assert_eq!(admin_tenant, "SYSTEM");
assert_eq!(query_tenants.len(), 3);
}
#[test]
fn test_empty_tenant_id_filtering() {
let tenant_id = "";
let filter = format!("tenant_id = '{}'", tenant_id);
assert!(filter.contains("''"));
}
#[test]
fn test_special_chars_tenant_id_filtering() {
let tenant_id = "company-123_corp.org";
let filter = format!("tenant_id = '{}'", tenant_id);
assert!(filter.contains("company-123_corp.org"));
}
#[test]
fn test_long_tenant_id_filtering() {
let long_id = "a".repeat(255);
let filter = format!("tenant_id = '{}'", &long_id);
assert!(filter.contains(&long_id));
}