1 files changed, 18 insertions, 0 deletions

diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go
index 9ed9081..314c24e 100644
--- a/internal/authz/middleware_test.go
+++ b/internal/authz/middleware_test.go
@@ -1,8 +1,11 @@
 package authz
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
+	"log"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -13,6 +16,10 @@ import (
 func junkTestHandler() http.HandlerFunc {
 	return func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(http.StatusOK)
+		_, err := rw.Write([]byte("Im a body"))
+		if err != nil {
+			log.Fatalf("couldn't write http body %s", err)
+		}
 	}
 }
 
@@ -89,18 +96,21 @@ func TestAuthorization(t *testing.T) {
 		user           string
 		expectedStatus int
 		description    string
+		body           []byte
 	}{
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url"),
 			user:           "uid:jack",
 			expectedStatus: 200,
 			description:    "an authorized action should yield a 200",
+			body:           []byte("Im a body"),
 		},
 		{
 			url:            fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"),
 			user:           "uid:chumba",
 			expectedStatus: 403,
 			description:    "an unauthorized action should yield a 403",
+			body:           []byte("Access denied\n"),
 		},
 	}
 	svcr := admin.NewService(
@@ -120,8 +130,16 @@ func TestAuthorization(t *testing.T) {
 		authHandler.ServeHTTP(recorder, req)
 		result := recorder.Result()
 		defer result.Body.Close()
+		body, err := io.ReadAll(result.Body)
+		if err != nil {
+			t.Fatal("couldn't read response body")
+		}
+
 		if result.StatusCode != tc.expectedStatus {
 			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.expectedStatus, result.StatusCode)
 		}
+		if !bytes.Equal(body, tc.body) {
+			t.Fatalf("Test Case %s failed Expected: %d Found: %d", tc.description, tc.body, body)
+		}
 	}
 }