From 2073898c1044d95c2dbf293939973d1f6355aca6 Mon Sep 17 00:00:00 2001
From: Steve Cliff <steve@devcloud.guru>
Date: Tue, 5 May 2026 09:10:26 +0100
Subject: [PATCH] =?UTF-8?q?http:=20test=20helpers=20=E2=80=94=20makeUser,?=
 =?UTF-8?q?=20loginAs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../server/http/users_test_helpers_test.go    | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 internal/server/http/users_test_helpers_test.go

diff --git a/internal/server/http/users_test_helpers_test.go b/internal/server/http/users_test_helpers_test.go
new file mode 100644
index 0000000..e3f3bf5
--- /dev/null
+++ b/internal/server/http/users_test_helpers_test.go
@@ -0,0 +1,58 @@
+package http
+
+import (
+	stdhttp "net/http"
+	"testing"
+	"time"
+
+	"github.com/oklog/ulid/v2"
+
+	"gitea.dcglab.co.uk/steve/restic-manager/internal/auth"
+	"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
+)
+
+// makeUser inserts a user with a known password ('test-password').
+// Returns the user id. Used by RBAC middleware tests + the
+// user-management handler tests.
+//
+//nolint:unused
+func makeUser(t *testing.T, srv *Server, username string, role store.Role) string {
+	t.Helper()
+	id := ulid.Make().String()
+	hash, err := auth.HashPassword("test-password")
+	if err != nil {
+		t.Fatalf("hash: %v", err)
+	}
+	if err := srv.deps.Store.CreateUser(t.Context(), store.User{
+		ID: id, Username: username, PasswordHash: hash,
+		Role: role, CreatedAt: time.Now().UTC(),
+	}); err != nil {
+		t.Fatalf("create user %s: %v", username, err)
+	}
+	return id
+}
+
+// loginAs gets a session cookie for the given user. Skips the real
+// /api/auth/login handler for speed and to keep these helpers usable
+// even when login validation is mid-flight elsewhere.
+//
+//nolint:unused
+func loginAs(t *testing.T, srv *Server, userID string) *stdhttp.Cookie {
+	t.Helper()
+	rawToken, err := auth.NewToken()
+	if err != nil {
+		t.Fatalf("token: %v", err)
+	}
+	hash := auth.HashToken(rawToken)
+	now := time.Now().UTC()
+	if err := srv.deps.Store.CreateSession(t.Context(), store.Session{
+		ID: hash, UserID: userID, CreatedAt: now,
+		ExpiresAt: now.Add(8 * time.Hour),
+	}, hash); err != nil {
+		t.Fatalf("session: %v", err)
+	}
+	return &stdhttp.Cookie{
+		Name:  sessionCookieName,
+		Value: rawToken,
+	}
+}