first commit

backend/internal/service/device_service_test.go

@@ -0,0 +1,58 @@
+package service
+
+import (
+	"testing"
+
+	"filefast/backend/internal/model"
+	"filefast/backend/internal/store"
+)
+
+func TestRegisterReusesKnownDeviceOnlyWithValidToken(t *testing.T) {
+	memStore := store.NewMemoryStore(model.RuntimeConfig{})
+	deviceService := NewDeviceService(memStore, nil, nil)
+
+	device, session := deviceService.Register(RegisterDeviceInput{
+		DeviceID: "known-device",
+		Name:     "Alpha",
+		Type:     "desktop",
+	}, "ua/1.0", "")
+
+	if device.ID != "known-device" {
+		t.Fatalf("expected first registration to keep requested device id, got %q", device.ID)
+	}
+	if !deviceService.ValidateSession(device.ID, session.Token) {
+		t.Fatal("expected issued device token to validate")
+	}
+
+	hijacked, hijackedSession := deviceService.Register(RegisterDeviceInput{
+		DeviceID: "known-device",
+		Name:     "Mallory",
+		Type:     "desktop",
+	}, "ua/1.0", "")
+
+	if hijacked.ID == device.ID {
+		t.Fatal("expected registration without token to receive a new device id")
+	}
+	if !deviceService.ValidateSession(hijacked.ID, hijackedSession.Token) {
+		t.Fatal("expected replacement device token to validate")
+	}
+
+	restored, rotatedSession := deviceService.Register(RegisterDeviceInput{
+		DeviceID: "known-device",
+		Name:     "Alpha",
+		Type:     "desktop",
+	}, "ua/1.0", session.Token)
+
+	if restored.ID != device.ID {
+		t.Fatalf("expected valid token to reclaim original device id, got %q", restored.ID)
+	}
+	if rotatedSession.Token == session.Token {
+		t.Fatal("expected registration to rotate the device token")
+	}
+	if deviceService.ValidateSession(restored.ID, session.Token) {
+		t.Fatal("expected rotated token to invalidate the old token")
+	}
+	if !deviceService.ValidateSession(restored.ID, rotatedSession.Token) {
+		t.Fatal("expected rotated device token to validate")
+	}
+}