From e5984f52051d2532100a3c8173e73e50bfc65994 Mon Sep 17 00:00:00 2001
From: Hein <hein@bitechsystems.co.za>
Date: Thu, 21 May 2026 09:51:30 +0200
Subject: [PATCH] feat(security): add cookie support for login and logout
 methods * Implement LoginWithCookie and LogoutWithCookie in
 stubAuthenticator, mockAuth, mockSecurityProvider, and MockAuthenticator *
 Update tests to use cookie-based authentication

---
 pkg/security/chain_test.go            | 8 ++++++++
 pkg/security/composite_test.go        | 8 ++++++++
 pkg/security/provider_test.go         | 8 ++++++++
 pkg/security/providers_test.go        | 6 +++++-
 pkg/security/totp_integration_test.go | 8 ++++++++
 5 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/pkg/security/chain_test.go b/pkg/security/chain_test.go
index fd27a60..5240fd7 100644
--- a/pkg/security/chain_test.go
+++ b/pkg/security/chain_test.go
@@ -25,10 +25,18 @@ func (s *stubAuthenticator) Login(_ context.Context, _ LoginRequest) (*LoginResp
 	return &LoginResponse{Token: "tok"}, nil
 }
 
+func (s *stubAuthenticator) LoginWithCookie(ctx context.Context, req LoginRequest, _ http.ResponseWriter) (*LoginResponse, error) {
+	return s.Login(ctx, req)
+}
+
 func (s *stubAuthenticator) Logout(_ context.Context, _ LogoutRequest) error {
 	return s.err
 }
 
+func (s *stubAuthenticator) LogoutWithCookie(ctx context.Context, req LogoutRequest, _ http.ResponseWriter) error {
+	return s.Logout(ctx, req)
+}
+
 func TestChainAuthenticator_Authenticate(t *testing.T) {
 	successCtx := &UserContext{UserID: 42, UserName: "alice"}
 	failStub := &stubAuthenticator{err: fmt.Errorf("no token")}
diff --git a/pkg/security/composite_test.go b/pkg/security/composite_test.go
index 8ee773f..c9a3ea2 100644
--- a/pkg/security/composite_test.go
+++ b/pkg/security/composite_test.go
@@ -23,10 +23,18 @@ func (m *mockAuth) Login(ctx context.Context, req LoginRequest) (*LoginResponse,
 	return m.loginResp, m.loginErr
 }
 
+func (m *mockAuth) LoginWithCookie(ctx context.Context, req LoginRequest, _ http.ResponseWriter) (*LoginResponse, error) {
+	return m.Login(ctx, req)
+}
+
 func (m *mockAuth) Logout(ctx context.Context, req LogoutRequest) error {
 	return m.logoutErr
 }
 
+func (m *mockAuth) LogoutWithCookie(ctx context.Context, req LogoutRequest, _ http.ResponseWriter) error {
+	return m.Logout(ctx, req)
+}
+
 func (m *mockAuth) Authenticate(r *http.Request) (*UserContext, error) {
 	return m.authUser, m.authErr
 }
diff --git a/pkg/security/provider_test.go b/pkg/security/provider_test.go
index e5a6baf..9c36beb 100644
--- a/pkg/security/provider_test.go
+++ b/pkg/security/provider_test.go
@@ -22,10 +22,18 @@ func (m *mockSecurityProvider) Login(ctx context.Context, req LoginRequest) (*Lo
 	return m.loginResponse, m.loginError
 }
 
+func (m *mockSecurityProvider) LoginWithCookie(ctx context.Context, req LoginRequest, _ http.ResponseWriter) (*LoginResponse, error) {
+	return m.Login(ctx, req)
+}
+
 func (m *mockSecurityProvider) Logout(ctx context.Context, req LogoutRequest) error {
 	return m.logoutError
 }
 
+func (m *mockSecurityProvider) LogoutWithCookie(ctx context.Context, req LogoutRequest, _ http.ResponseWriter) error {
+	return m.Logout(ctx, req)
+}
+
 func (m *mockSecurityProvider) Authenticate(r *http.Request) (*UserContext, error) {
 	return m.authUser, m.authError
 }
diff --git a/pkg/security/providers_test.go b/pkg/security/providers_test.go
index 9b50dfa..b44ccf3 100644
--- a/pkg/security/providers_test.go
+++ b/pkg/security/providers_test.go
@@ -511,6 +511,10 @@ func TestDatabaseAuthenticator(t *testing.T) {
 	})
 
 	t.Run("authenticate with cookie", func(t *testing.T) {
+		cookieAuth := NewDatabaseAuthenticatorWithOptions(db, DatabaseAuthenticatorOptions{
+			EnableCookieSession: true,
+		})
+
 		req := httptest.NewRequest("GET", "/test", nil)
 		req.AddCookie(&http.Cookie{
 			Name:  "session_token",
@@ -524,7 +528,7 @@ func TestDatabaseAuthenticator(t *testing.T) {
 			WithArgs("cookie-token-456", "cookie").
 			WillReturnRows(rows)
 
-		userCtx, err := auth.Authenticate(req)
+		userCtx, err := cookieAuth.Authenticate(req)
 		if err != nil {
 			t.Fatalf("expected no error, got %v", err)
 		}
diff --git a/pkg/security/totp_integration_test.go b/pkg/security/totp_integration_test.go
index b5418cb..189e277 100644
--- a/pkg/security/totp_integration_test.go
+++ b/pkg/security/totp_integration_test.go
@@ -43,10 +43,18 @@ func (m *MockAuthenticator) Login(ctx context.Context, req security.LoginRequest
 	}, nil
 }
 
+func (m *MockAuthenticator) LoginWithCookie(ctx context.Context, req security.LoginRequest, _ http.ResponseWriter) (*security.LoginResponse, error) {
+	return m.Login(ctx, req)
+}
+
 func (m *MockAuthenticator) Logout(ctx context.Context, req security.LogoutRequest) error {
 	return nil
 }
 
+func (m *MockAuthenticator) LogoutWithCookie(ctx context.Context, req security.LogoutRequest, _ http.ResponseWriter) error {
+	return m.Logout(ctx, req)
+}
+
 func (m *MockAuthenticator) Authenticate(r *http.Request) (*security.UserContext, error) {
 	return m.users["testuser"], nil
 }