package httphandlers_test import ( "errors" "net/http" "net/http/httptest" "strings" "testing" "github.com/fiskerinc/cloud-services/pkg/adminroles" "github.com/fiskerinc/cloud-services/pkg/common/authproviders" c "github.com/fiskerinc/cloud-services/pkg/common/context" "github.com/fiskerinc/cloud-services/pkg/db/queries/mocks" "github.com/fiskerinc/cloud-services/pkg/httphandlers" helper "github.com/fiskerinc/cloud-services/pkg/testhelper" ) const expectedOkBody = "OK" const jwk = `{"keys":[{"alg":"RS256","e":"AQAB","kid":"myV+Po4Lc8GbitC3nVnq6IYkBZi3+22fU2u87Bv5GoM=","kty":"RSA","n":"xdgJrIOrcgzzOwOllBpInSpWrctppXU7h1f_1SyaX64Qquv9m7y0cnYqST5Bh8hh4MjzmIPf6FPkfv4pjYODsuYwIn-B8u4cIzZd2ilH083pgZHGpWNxY6bnDVC3jmbIgmB3TrMnoaIn3WGfBcm4By2Z40L7jM01hrBP6-owhTrTTcyzo0UohOZpTHCNlz3UlGPJNvG6oiW62IRLX33ntT3peP9k9N6Z-QiGji1UPqwO7ZEtRPTutD-MhM6PZO7-lbQI-HMO_d0SkYW2196-l7T4hDWVPoLw4soV8j_t30RZOOMamdZs9eesFuwFLZhqLqixHt3TW4xi7XozzTlgIw","use":"sig"},{"alg":"RS256","e":"AQAB","kid":"/EJCGI0B0qp7xS3xj13V5gcVOFYQdw6iC7rw2zBPDHk=","kty":"RSA","n":"wvLouAaDuIBCVdGL8eFsRzD52ziTeldEszekWOW5qUjb0_4XZAR029TWqBm9cWzv_Axv-huTqFBArIF4LjSeDavBj3qwqcMFO5C_Bl8fKeD_1Az-c5Sk1c2F1UTqY3-xgBvxnx4htO__VFgPEPpS_uGCQvqrGCLQnx-YAO9JAGkQ-dDD2ewVLO9p6uBpzNyPrZf4wSVTwXtSMEMnc1YmiR-hZ7i-d--Og11VU0kgF--W0QF4G4a-JccSodwyszbGg72O7ybb_0YUAqrca-oTCm-6hdsxXhFCwUPdtT3AVqlxVF_EK9Ri3S3Q5-aRAVUxFYCh_KilCQAFdsxMOuw0mw","use":"sig"}]}` const jwkAftersales = `{"keys":[{"kty":"RSA","use":"sig","kid":"nOo3ZDrODXEK1jKWhXslHR_KXEg","x5t":"nOo3ZDrODXEK1jKWhXslHR_KXEg","n":"oaLLT9hkcSj2tGfZsjbu7Xz1Krs0qEicXPmEsJKOBQHauZ_kRM1HdEkgOJbUznUspE6xOuOSXjlzErqBxXAu4SCvcvVOCYG2v9G3-uIrLF5dstD0sYHBo1VomtKxzF90Vslrkn6rNQgUGIWgvuQTxm1uRklYFPEcTIRw0LnYknzJ06GC9ljKR617wABVrZNkBuDgQKj37qcyxoaxIGdxEcmVFZXJyrxDgdXh9owRmZn6LIJlGjZ9m59emfuwnBnsIQG7DirJwe9SXrLXnexRQWqyzCdkYaOqkpKrsjuxUj2-MHX31FqsdpJJsOAvYXGOYBKJRjhGrGdONVrZdUdTBQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQN33ROaIJ6bJBWDCxtmJEbjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIwMTIyMTIwNTAxN1oXDTI1MTIyMDIwNTAxN1owLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKGiy0/YZHEo9rRn2bI27u189Sq7NKhInFz5hLCSjgUB2rmf5ETNR3RJIDiW1M51LKROsTrjkl45cxK6gcVwLuEgr3L1TgmBtr/Rt/riKyxeXbLQ9LGBwaNVaJrSscxfdFbJa5J+qzUIFBiFoL7kE8ZtbkZJWBTxHEyEcNC52JJ8ydOhgvZYykete8AAVa2TZAbg4ECo9+6nMsaGsSBncRHJlRWVycq8Q4HV4faMEZmZ+iyCZRo2fZufXpn7sJwZ7CEBuw4qycHvUl6y153sUUFqsswnZGGjqpKSq7I7sVI9vjB199RarHaSSbDgL2FxjmASiUY4RqxnTjVa2XVHUwUCAwEAAaMhMB8wHQYDVR0OBBYEFI5mN5ftHloEDVNoIa8sQs7kJAeTMA0GCSqGSIb3DQEBCwUAA4IBAQBnaGnojxNgnV4+TCPZ9br4ox1nRn9tzY8b5pwKTW2McJTe0yEvrHyaItK8KbmeKJOBvASf+QwHkp+F2BAXzRiTl4Z+gNFQULPzsQWpmKlz6fIWhc7ksgpTkMK6AaTbwWYTfmpKnQw/KJm/6rboLDWYyKFpQcStu67RZ+aRvQz68Ev2ga5JsXlcOJ3gP/lE5WC1S0rjfabzdMOGP8qZQhXk4wBOgtFBaisDnbjV5pcIrjRPlhoCxvKgC/290nZ9/DLBH3TbHk8xwHXeBAnAjyAqOZij92uksAv7ZLq4MODcnQshVINXwsYshG1pQqOLwMertNaY5WtrubMRku44Dw7R"]},{"kty":"RSA","use":"sig","kid":"l3sQ-50cCH4xBVZLHTGwnSR7680","x5t":"l3sQ-50cCH4xBVZLHTGwnSR7680","n":"sfsXMXWuO-dniLaIELa3Pyqz9Y_rWff_AVrCAnFSdPHa8__Pmkbt_yq-6Z3u1o4gjRpKWnrjxIh8zDn1Z1RS26nkKcNg5xfWxR2K8CPbSbY8gMrp_4pZn7tgrEmoLMkwfgYaVC-4MiFEo1P2gd9mCdgIICaNeYkG1bIPTnaqquTM5KfT971MpuOVOdM1ysiejdcNDvEb7v284PYZkw2imwqiBY3FR0sVG7jgKUotFvhd7TR5WsA20GS_6ZIkUUlLUbG_rXWGl0YjZLS_Uf4q8Hbo7u-7MaFn8B69F6YaFdDlXm_A0SpedVFWQFGzMsp43_6vEzjfrFDJVAYkwb6xUQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQWPB1ofOpA7FFlOBk5iPaNTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIxMDIwNzE3MDAzOVoXDTI2MDIwNjE3MDAzOVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALH7FzF1rjvnZ4i2iBC2tz8qs/WP61n3/wFawgJxUnTx2vP/z5pG7f8qvumd7taOII0aSlp648SIfMw59WdUUtup5CnDYOcX1sUdivAj20m2PIDK6f+KWZ+7YKxJqCzJMH4GGlQvuDIhRKNT9oHfZgnYCCAmjXmJBtWyD052qqrkzOSn0/e9TKbjlTnTNcrIno3XDQ7xG+79vOD2GZMNopsKogWNxUdLFRu44ClKLRb4Xe00eVrANtBkv+mSJFFJS1Gxv611hpdGI2S0v1H+KvB26O7vuzGhZ/AevRemGhXQ5V5vwNEqXnVRVkBRszLKeN/+rxM436xQyVQGJMG+sVECAwEAAaMhMB8wHQYDVR0OBBYEFLlRBSxxgmNPObCFrl+hSsbcvRkcMA0GCSqGSIb3DQEBCwUAA4IBAQB+UQFTNs6BUY3AIGkS2ZRuZgJsNEr/ZEM4aCs2domd2Oqj7+5iWsnPh5CugFnI4nd+ZLgKVHSD6acQ27we+eNY6gxfpQCY1fiN/uKOOsA0If8IbPdBEhtPerRgPJFXLHaYVqD8UYDo5KNCcoB4Kh8nvCWRGPUUHPRqp7AnAcVrcbiXA/bmMCnFWuNNahcaAKiJTxYlKDaDIiPN35yECYbDj0PBWJUxobrvj5I275jbikkp8QSLYnSU/v7dMDUbxSLfZ7zsTuaF2Qx+L62PsYTwLzIFX3M8EMSQ6h68TupFTi5n0M2yIXQgoRoNEDWNJZ/aZMY/gqT02GQGBWrh+/vJ"]},{"kty":"RSA","use":"sig","kid":"Mr5-AUibfBii7Nd1jBebaxboXW0","x5t":"Mr5-AUibfBii7Nd1jBebaxboXW0","n":"yr3v1uETrFfT17zvOiy01w8nO-1t67cmiZLZxq2ISDdte9dw-IxCR7lPV2wezczIRgcWmYgFnsk2j6m10H4tKzcqZM0JJ_NigY29pFimxlL7_qXMB1PorFJdlAKvp5SgjSTwLrXjkr1AqWwbpzG2yZUNN3GE8GvmTeo4yweQbNCd-yO_Zpozx0J34wHBEMuaw-ZfCUk7mdKKsg-EcE4Zv0Xgl9wP2MpKPx0V8gLazxe6UQ9ShzNuruSOncpLYJN_oQ4aKf5ptOp1rsfDY2IK9frtmRTKOdQ-MEmSdjGL_88IQcvCs7jqVz53XKoXRlXB8tMIGOcg-ICer6yxe2itIQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQff8yrFO3CINPHUTT76tUsTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIxMTAyNDE3NDU1NloXDTI2MTAyNDE3NDU1NlowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMq979bhE6xX09e87zostNcPJzvtbeu3JomS2catiEg3bXvXcPiMQke5T1dsHs3MyEYHFpmIBZ7JNo+ptdB+LSs3KmTNCSfzYoGNvaRYpsZS+/6lzAdT6KxSXZQCr6eUoI0k8C6145K9QKlsG6cxtsmVDTdxhPBr5k3qOMsHkGzQnfsjv2aaM8dCd+MBwRDLmsPmXwlJO5nSirIPhHBOGb9F4JfcD9jKSj8dFfIC2s8XulEPUoczbq7kjp3KS2CTf6EOGin+abTqda7Hw2NiCvX67ZkUyjnUPjBJknYxi//PCEHLwrO46lc+d1yqF0ZVwfLTCBjnIPiAnq+ssXtorSECAwEAAaMhMB8wHQYDVR0OBBYEFDiZG6s5d9RvorpqbVdS2/MD8ZKhMA0GCSqGSIb3DQEBCwUAA4IBAQAQAPuqqKj2AgfC9ayx+qUu0vjzKYdZ6T+3ssJDOGwB1cLMXMTUVgFwj8bsX1ahDUJdzKpWtNj7bno+Ug85IyU7k89U0Ygr55zWU5h4wnnRrCu9QKvudUPnbiXoVuHPwcK8w1fdXZQB5Qq/kKzhNGY57cG1bwj3R/aIdCp+BjgFppOKjJpK7FKS8G2v70eIiCLMapK9lLEeQOxIvzctTsXy9EZ7wtaIiYky4ZSituphToJUkakHaQ6evbn82lTg6WZz1tmSmYnPqRdAff7aiQ1Sw9HpuzlZY/piTVqvd6AfKZqyxu/FhENE0Odv/0hlHzI15jKQWL1Ljc0Nm3y1skut"]},{"kty":"RSA","use":"sig","kid":"jS1Xo1OWDj_52vbwGNgvQO2VzMc","x5t":"jS1Xo1OWDj_52vbwGNgvQO2VzMc","n":"spvQcXWqYrMcvcqQmfSMYnbUC8U03YctnXyLIBe148OzhBrgdAOmPfMfJi_tUW8L9svVGpk5qG6dN0n669cRHKqU52GnG0tlyYXmzFC1hzHVgQz9ehve4tlJ7uw936XIUOAOxx3X20zdpx7gm4zHx4j2ZBlXskAj6U3adpHQNuwUE6kmngJWR-deWlEigMpRsvUVQ2O5h0-RSq8Wr_x7ud3K6GTtrzARamz9uk2IXatKYdnj5Jrk2jLY6nWt-GtxlA_l9XwIrOl6Sqa_pOGIpS01JKdxKvpBC9VdS8oXB-7P5qLksmv7tq-SbbiOec0cvU7WP7vURv104V4FiI_qoQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQHsetP+i8i6VIAmjmfVGv6jANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDEzMDIzMDYxNFoXDTI3MDEzMDIzMDYxNFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKb0HF1qmKzHL3KkJn0jGJ21AvFNN2HLZ18iyAXtePDs4Qa4HQDpj3zHyYv7VFvC/bL1RqZOahunTdJ+uvXERyqlOdhpxtLZcmF5sxQtYcx1YEM/Xob3uLZSe7sPd+lyFDgDscd19tM3ace4JuMx8eI9mQZV7JAI+lN2naR0DbsFBOpJp4CVkfnXlpRIoDKUbL1FUNjuYdPkUqvFq/8e7ndyuhk7a8wEWps/bpNiF2rSmHZ4+Sa5Noy2Op1rfhrcZQP5fV8CKzpekqmv6ThiKUtNSSncSr6QQvVXUvKFwfuz+ai5LJr+7avkm24jnnNHL1O1j+71Eb9dOFeBYiP6qECAwEAAaMhMB8wHQYDVR0OBBYEFGzVFjAbYpU/2en4ry4LMLUHJ3GjMA0GCSqGSIb3DQEBCwUAA4IBAQBU0YdNVfdByvpwsPfwNdD8m1PLeeCKmLHQnWRI5600yEHuoUvoAJd5dwe1ZU1bHHRRKWN7AktUzofP3yF61xtizhEbyPjHK1tnR+iPEviWxVvK37HtfEPzuh1Vqp08bqY15McYUtf77l2HXTpak+UWYRYJBi++2umIDKY5UMqU+LEZnvaXybLUKN3xG4iy2q1Ab8syGFaUP7J3nCtVrR7ip39BnvSTTZZNo/OC7fYXJ2X4sN1/2ZhR5EtnAgwi2RvlZl0aWPrczArUCxDBCbsKPL/Up/kID1ir1VO4LT09ryfv2nx3y6l0YvuL7ePz4nGYCWHcbMVcUrQUXquZ3XtI"]},{"kty":"RSA","use":"sig","kid":"2ZQpJ3UpbjAYXYGaXEJl8lV0TOI","x5t":"2ZQpJ3UpbjAYXYGaXEJl8lV0TOI","n":"wEMMJtj9yMQd8QS6Vnm538K5GN1Pr_I31_LUl9-OCYu-9_DrDvPGjViQK9kOiCjBfyqoAL-pBecn9-XXaS-C4xZTn1ZRw--GELabuo0u-U6r3TKj42xFDEP-_R5RpOGshoC95lrKiU5teuhn4fBM3XfR2GB0dVMcpzN3h4-0OMvBK__Zr9tkQCU_KzXTbNCjyA7ybtbr83NF9k3KjpTyOyY2S-qvFbY-AoqMhL9Rp8r2HBj_vrsr6RX6GeiSxxjbEzDFA2VIcSKbSHvbNBEeW2KjLXkz6QG2LjKz5XsYLp6kv_-k9lPQBy_V7Ci4ZkhAN-6j1S1Kcq58aLbp0wDNKQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD"]},{"kty":"RSA","use":"sig","kid":"-KI3Q9nNR7bRofxmeZoXqbHZGew","x5t":"-KI3Q9nNR7bRofxmeZoXqbHZGew","n":"tJL6Wr2JUsxLyNezPQh1J6zn6wSoDAhgRYSDkaMuEHy75VikiB8wg25WuR96gdMpookdlRvh7SnRvtjQN9b5m4zJCMpSRcJ5DuXl4mcd7Cg3Zp1C5-JmMq8J7m7OS9HpUQbA1yhtCHqP7XA4UnQI28J-TnGiAa3viPLlq0663Cq6hQw7jYo5yNjdJcV5-FS-xNV7UHR4zAMRruMUHxte1IZJzbJmxjKoEjJwDTtcd6DkI3yrkmYt8GdQmu0YBHTJSZiz-M10CY3LbvLzf-tbBNKQ_gfnGGKF7MvRCmPA_YF_APynrIG7p4vPDRXhpG3_CIt317NyvGoIwiv0At83kQ","e":"AQAB","x5c":["MIIDBTCCAe2gAwIBAgIQGQ6YG6NleJxJGDRAwAd/ZTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMTAwMjE4MDY0OVoXDTI3MTAwMjE4MDY0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSS+lq9iVLMS8jXsz0IdSes5+sEqAwIYEWEg5GjLhB8u+VYpIgfMINuVrkfeoHTKaKJHZUb4e0p0b7Y0DfW+ZuMyQjKUkXCeQ7l5eJnHewoN2adQufiZjKvCe5uzkvR6VEGwNcobQh6j+1wOFJ0CNvCfk5xogGt74jy5atOutwquoUMO42KOcjY3SXFefhUvsTVe1B0eMwDEa7jFB8bXtSGSc2yZsYyqBIycA07XHeg5CN8q5JmLfBnUJrtGAR0yUmYs/jNdAmNy27y83/rWwTSkP4H5xhihezL0QpjwP2BfwD8p6yBu6eLzw0V4aRt/wiLd9ezcrxqCMIr9ALfN5ECAwEAAaMhMB8wHQYDVR0OBBYEFJcSH+6Eaqucndn9DDu7Pym7OA8rMA0GCSqGSIb3DQEBCwUAA4IBAQADKkY0PIyslgWGmRDKpp/5PqzzM9+TNDhXzk6pw8aESWoLPJo90RgTJVf8uIj3YSic89m4ftZdmGFXwHcFC91aFe3PiDgCiteDkeH8KrrpZSve1pcM4SNjxwwmIKlJdrbcaJfWRsSoGFjzbFgOecISiVaJ9ZWpb89/+BeAz1Zpmu8DSyY22dG/K6ZDx5qNFg8pehdOUYY24oMamd4J2u2lUgkCKGBZMQgBZFwk+q7H86B/byGuTDEizLjGPTY/sMms1FAX55xBydxrADAer/pKrOF1v7Dq9C1Z9QVcm5D9G4DcenyWUdMyK43NXbVQLPxLOng51KO9icp2j4U7pwHP"]},{"kty":"RSA","use":"sig","kid":"DqUu8gf-nAgcyjP3-SuplNAXAnc","x5t":"DqUu8gf-nAgcyjP3-SuplNAXAnc","n":"1n7-nWSLeuWQzBRlYSbS8RjvWvkQeD7QL9fOWaGXbW73VNGH0YipZisPClFv6GzwfWECTWQp19WFe_lASka5-KEWkQVzCbEMaaafOIs7hC61P5cGgw7dhuW4s7f6ZYGZEzQ4F5rHE-YNRbvD51qirPNzKHk3nji1wrh0YtbPPIf--NbI98bCwLLh9avedOmqESzWOGECEMXv8LSM-B9SKg_4QuBtyBwwIakTuqo84swTBM5w8PdhpWZZDtPgH87Wz-_WjWvk99AjXl7l8pWPQJiKNujt_ck3NDFpzaLEppodhUsID0ptRA008eCU6l8T-ux19wZmb_yBnHcV3pFWhQ","e":"AQAB","x5c":["MIIC8TCCAdmgAwIBAgIQYVk/tJ1e4phISvVrAALNKTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMjAxMjIxMDAwMDAwWhcNMjUxMjIxMDAwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWfv6dZIt65ZDMFGVhJtLxGO9a+RB4PtAv185ZoZdtbvdU0YfRiKlmKw8KUW/obPB9YQJNZCnX1YV7+UBKRrn4oRaRBXMJsQxppp84izuELrU/lwaDDt2G5bizt/plgZkTNDgXmscT5g1Fu8PnWqKs83MoeTeeOLXCuHRi1s88h/741sj3xsLAsuH1q9506aoRLNY4YQIQxe/wtIz4H1IqD/hC4G3IHDAhqRO6qjzizBMEznDw92GlZlkO0+AfztbP79aNa+T30CNeXuXylY9AmIo26O39yTc0MWnNosSmmh2FSwgPSm1EDTTx4JTqXxP67HX3BmZv/IGcdxXekVaFAgMBAAGjITAfMB0GA1UdDgQWBBQ2r//lgTPcKughDkzmCtRlw+P9SzANBgkqhkiG9w0BAQsFAAOCAQEAsFdRyczNWh/qpYvcIZbDvWYzlrmFZc6blcUzns9zf7sUWtQZrZPu5DbetV2Gr2r3qtMDKXCUaR+pqoy3I2zxTX3x8bTNhZD9YAgAFlTLNSydTaK5RHyB/5kr6B7ZJeNIk3PRVhRGt6ybCJSjV/VYVkLR5fdLP+5GhvBESobAR/d0ntriTzp7/tLMb/oXx7w5Hu1m3I8rpMocoXfH2SH1GLmMXj6Mx1dtwCDYM6bsb3fhWRz9O9OMR6QNiTnq8q9wn1QzBAnRcswYzT1LKKBPNFSasCvLYOCPOZCL+W8N8jqa9ZRYNYKWXzmiSptgBEM24t3m5FUWzWqoLu9pIcnkPQ=="]},{"kty":"RSA","use":"sig","kid":"OzZ5Dbmcso9Qzt2ModGmihg30Bo","x5t":"OzZ5Dbmcso9Qzt2ModGmihg30Bo","n":"01re9a2BUTtNtdFzLNI-QEHW8XhDiDMDbGMkxHRIYXH41zBccsXwH9vMi0HuxXHpXOzwtUYKwl93ZR37tp6lpvwlU1HePNmZpJ9D-XAvU73x03YKoZEdaFB39VsVyLih3fuPv6DPE2qT-TNE3X5YdIWOGFrcMkcXLsjO-BCq4qcSdBH2lBgEQUuD6nqreLZsg-gPzSDhjVScIUZGiD8M2sKxADiIHo5KlaZIyu32t8JkavP9jM7ItSAjzig1W2yvVQzUQZA-xZqJo2jxB3g_fygdPUHK6UN-_cqkrfxn2-VWH1wMhlm90SpxTMD4HoYOViz1ggH8GCX2aBiX5OzQ6Q","e":"AQAB","x5c":["MIIC8TCCAdmgAwIBAgIQQrXPXIlUE4JMTMkVj+02YTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMjEwMzEwMDAwMDAwWhcNMjYwMzEwMDAwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTWt71rYFRO0210XMs0j5AQdbxeEOIMwNsYyTEdEhhcfjXMFxyxfAf28yLQe7Fcelc7PC1RgrCX3dlHfu2nqWm/CVTUd482Zmkn0P5cC9TvfHTdgqhkR1oUHf1WxXIuKHd+4+/oM8TapP5M0Tdflh0hY4YWtwyRxcuyM74EKripxJ0EfaUGARBS4Pqeqt4tmyD6A/NIOGNVJwhRkaIPwzawrEAOIgejkqVpkjK7fa3wmRq8/2Mzsi1ICPOKDVbbK9VDNRBkD7FmomjaPEHeD9/KB09QcrpQ379yqSt/Gfb5VYfXAyGWb3RKnFMwPgehg5WLPWCAfwYJfZoGJfk7NDpAgMBAAGjITAfMB0GA1UdDgQWBBTECjBRANDPLGrn1p7qtwswtBU7JzANBgkqhkiG9w0BAQsFAAOCAQEAq1Ib4ERvXG5kiVmhfLOpun2ElVOLY+XkvVlyVjq35rZmSIGxgfFc08QOQFVmrWQYrlss0LbboH0cIKiD6+rVoZTMWxGEicOcGNFzrkcG0ulu0cghKYID3GKDTftYKEPkvu2vQmueqa4t2tT3PlYF7Fi2dboR5Y96Ugs8zqNwdBMRm677N/tJBk53CsOf9NnBaxZ1EGArmEHHIb80vODStv35ueLrfMRtCF/HcgkGxy2U8kaCzYmmzHh4zYDkeCwM3Cq2bGkG+Efe9hFYfDHw13DzTR+h9pPqFFiAxnZ3ofT96NrZHdYjwbfmM8cw3ldg0xQzGcwZjtyYmwJ6sDdRvQ=="]}]}` const jwkManufacture = `{"keys":[{"alg":"RS256","e":"AQAB","kid":"eQ3ndRKiE/O8UFyDqlb3tKTsXm4K5O2W85wwUi3OkMg=","kty":"RSA","n":"pVeGfTzlCvcnzUE4f7LsVDhzsZbGdAn6q1LH3DSwqFF6Xw-c6z8AGV744_qvxRrDlmQs85cXPJHh2AVKJQnWBipp6EUWO5TEdMS_0cgoTk1Gr3CagUnYBZwm53HIUC8bMuWx0C6FQWcnmleNQbWR_k-zipsPbZw2sYAtSWRVGfjG6Gwo4wZx0spBk9hq3ovG5mVxnItnKJYWyx3V_ZKKa5r5ImItJa1AwaxoZxsO13NMOPTed89iSbK_IR_Db8pX6STgl6pa6YYSvI1-phBt_PLjTz2gusRj897sHxJYga5KfNgbvNkeHdaDljwilT4IKDZq1hzIrmaPrUKApb0e9w","use":"sig"},{"alg":"RS256","e":"AQAB","kid":"jIz0QTcsKCT+hxGz2S0+ChPyN7w8riP/l6mqzAXRl6o=","kty":"RSA","n":"yDqFnw52wraJImOT5rCPL2www0pRglnSS-GPG6kZMqos7KHqcO5pVD020_5g2OefK6Gs0ndUI3eDOeBwASKeZuoezAgu9D9whFHJI6-_oIiz2af3ahodRISnhFAbwcvU4i8_M6OWATVaTU5aODAcM_8q1aS-Rfp6zY9rrlaJ6RmCdYeVNue4nvS97bOrpTXmFBB2fAzbhWSq0axmWZWBFyMO12FFMvT_dCaL1dzBOEzNQU03tKsUa0WEqNs169utuo9TydX9hhjpnDtqYjIEvyOFTAnU8IldX_iiWbnR1-8BHeyqomMQFIjQCTRkLReKYDAyrVF4cFah-BDYQiluCw","use":"sig"}]}` var auth httphandlers.AuthCheckerInterface type testCaseAuthRoleChecker struct { Name string Request *http.Request Token string Roles map[string][]adminroles.RoleID ExpectedStatus int ExpectedBody string ExpectedProvider string DisableExpireCheck bool Setup func() } func TestAuthJWTToken(t *testing.T) { RunAuthRoleCheckerTests(t, setupAuthJWTHandler) } func TestUsingAuthAPIToken(t *testing.T) { RunAuthRoleCheckerTests(t, setupAuthAPITokenHandler) } func RunAuthRoleCheckerTests(t *testing.T, setup func(*testing.T, testCaseAuthRoleChecker) http.HandlerFunc) { adminroles.RoleCreate = adminroles.RoleID("efcc3025-e2d8-4212-8227-805c7be39d2c") adminroles.RoleReadOnly = adminroles.RoleID("a729bbd4-2038-4649-9127-16782bb1e701") adminroles.RoleAfterSalesAccess = adminroles.RoleID("737e449c-2309-469e-aa48-46e6891983c0") adminroles.RoleAfterSalesAccessFSP = adminroles.RoleID("e51ccfdc-ff5c-43a7-8390-2a07837aaed2") adminroles.RoleMagna = adminroles.RoleID("68273225-9da4-4fa7-aea5-38e16ec471fe") azureADToken := "eyJraWQiOiJteVYrUG80TGM4R2JpdEMzblZucTZJWWtCWmkzKzIyZlUydTg3QnY1R29NPSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoia21jc2U2Z0stNG4xbjlNdmtpckJNZyIsInN1YiI6IjdhOTczNjE1LWNiYzItNDkxYi1hOWZlLTYzYzNiNmVlY2NlZCIsImNvZ25pdG86Z3JvdXBzIjpbInVzLXdlc3QtMl9NT3FsREZXWlJfRmlza2VyLVFBIl0sImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy13ZXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtd2VzdC0yX01PcWxERldaUiIsImNvZ25pdG86dXNlcm5hbWUiOiJmaXNrZXItcWFfand1QGZpc2tlcmluYy5jb20iLCJub25jZSI6Ii1ETm1fVmlCMU9vRnBueDRjZHlRYXlBTktDMkdBenlOU0JEODJ5c1k4RzAyNzIyazUwZ1ZTNXZGYlp4UFBxR29vSTZmTE9RUGh4c2VJZ01WOVg4SVV0ZmdtbmxVVkVQOW5naTdIY0hMaFBTUzA1RUN6TEs2VG5tZnY0Q2oxczdJZy1EbWxrdmN6RURLRGRQOXExN09acVNGd3ZGTTA5b0J5MFpnenlVS2U1USIsImN1c3RvbTpncm91cHMiOiJbMjkxNGU2N2YtZmI4NS00Yjc4LWI3OWQtNjU2ZjRmMzdmYWExLCA4ZDgyNzhhNS05YzBlLTRjN2YtOTE4YS04MTFmZDFkMjM2ZTQsIDc0NmYzNGIwLTliYTAtNGI1ZC04ZDg0LTAyNTZhOWM4ZTM5MCwgNmMzY2Y5OGQtMGFkYS00OGM2LWFlOTQtYjE3MWNmYTI3NWZjLCA2NmNhZDg2MC0zZDgwLTRhNTgtOWQ5OC01NDA5MTc3MzNlZjYsIGFjYmQ3MmM5LTlmZjMtNDZhOC04M2JhLWM2ZmE1ZGYzZjI2NCwgM2JlZjYzNzctZWRkZS00YWUwLTkzMWUtMzg4Nzk5OTM5NjUyLCA1ZTU5YTYxOS1jODkwLTQ0NzItOTFjMi1kNWVhZTVkOGZhMTgsIDczN2U0NDljLTIzMDktNDY5ZS1hYTQ4LTQ2ZTY4OTE5ODNjMCwgNTZlZjRiZWMtZDczOS00ZGRmLWEwMDMtZWNjODEzMDg1YjhkLCA5MjliMDQ3MC1mN2ViLTRlMTgtOWY5Ny0yMmFjMmM1OTFhMTAsIGY2M2I2NDMwLTEyODgtNDBhOC1hYTQ5LTg0Mzg1MTUwZDZhOCwgMTMxZTYyNTctZmRiNy00MjZhLTk4MjUtMWNkOTE4ODAyZmJhLCAxYWM3OTRjYy03NmFjLTQ3ZjYtYmVlNi1kNjY2Njk5OGYwZmQsIDg3NzcwYWVhLTkxNjItNDA5ZS1hYTcwLTEwZDBkMWRlNTkwMiwgYTZjOTgwNWUtODBiMi00MmIyLWJmYmItOWRmNTJlNTUwNGQ4LCA1ZGVhNmMzMi02NTc1LTQ1MjctOTI1NC1lNTBkMjdhZTVlOTIsIGJhZmMxN2E3LWVjNjQtNDlkOS1hMmE3LWRhZmMyOGRjYjAzNywgMjQ0OWMwNjYtOTE0Ni00NGE3LWI0ZTYtNDgyODAzMWQ5NThkLCBlZmNjMzAyNS1lMmQ4LTQyMTItODIyNy04MDVjN2JlMzlkMmMsIDI3M2M3YzBkLTUxZDMtNGEzMS05NDQzLWM0MzY3NTcyZWU0ZiwgOGY3OGRjZTctZjVmOS00MDMzLWExMGMtYzljNzQwOGJmY2ZlLCBjZjY1MzE4My1jODI5LTRlZWQtYTZjZS00NTNmYTEwMTdjZDksIDc4M2M1OTc5LWY1ZTctNGNiNi1iMTRlLWMzNTUzZGRlOTU2YSwgNTUxNWE5OGYtNDY2OC00MTIxLThlOGQtZmVlMjgyNTY5OWNmLCA4Njk1NmEyZi04ZDQ2LTQ3ZmYtOWIyOS1mOTkwNzlhZTNjMWQsIGM0ZDQzNjFjLTg4ODItNDdiNC04NjQxLWZkM2FiNjhhZTcyMiwgOTcyYWQwOTUtMTZiNy00MGFkLWE0NjQtZjVkYmY0MTdhOGNkLCA3YmNkY2RiMi0zMjc5LTQ0YmYtYTk5OC03NzFiYWI0YjMzZTEsIGIwZTgyZTgzLTJjOTQtNGIyNC1iOWM3LWU3NzgxNmYyNTk3ZF0iLCJhdWQiOiI1Y2s0c2NlMm9rdXFla2hmMnJrMmZudGRjIiwiY3VzdG9tOnNlc3Npb24tZHVyYXRpb24iOiI5MDAiLCJpZGVudGl0aWVzIjpbeyJ1c2VySWQiOiJqd3VAZmlza2VyaW5jLmNvbSIsInByb3ZpZGVyTmFtZSI6IkZpc2tlci1RQSIsInByb3ZpZGVyVHlwZSI6IlNBTUwiLCJpc3N1ZXIiOiJodHRwczpcL1wvc3RzLndpbmRvd3MubmV0XC81YWE0YjY0MC1jOWZjLTRhOWItYjNhMy1kNGE3ZDAwOGZiNWVcLyIsInByaW1hcnkiOiJ0cnVlIiwiZGF0ZUNyZWF0ZWQiOiIxNjY4MDI5MjE5OTI2In1dLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTY2ODQ3Mzk0NCwibmFtZSI6ImIyNTJmYWY3LTdlZTQtNDFmOS1hYTk4LWYyZmJhZmRhYzExNiIsImV4cCI6MTY2ODQ3NzU0NCwiaWF0IjoxNjY4NDczOTQ0fQ.hSMcJPvSqZFuFeb2wyYXrp3q_UJxOGLL0YIFiueDv5iBbKFc-4O1c_L-2wMrMLquBDoHk-QVuoFLikBYD9LMzuF7ZdptwcXcyCmzUMNzGOrckypkuNTVr9cmYtYTeWZMfb6Smtr91ucSEsXzVftinpK4n1WSfXqEJSZbfyUTfNjcPrfQ-JgMkLXw3UduTkfBnif7HTRm8SRkB5jG8zZ3sjk-wSWzK9MQko80o2-oKGBxnZrwWuvtXeexqWyCmb-VBtaFFH3r88WWU7dd86lW1O_a2KYMbhbEFQbSQbht43H3D16aMd_fvRjtPc-v_CuzYQ-pEApfrdX8a6iMQ1W4Yg" fiskerADToken := "eyJraWQiOiJteVYrUG80TGM4R2JpdEMzblZucTZJWWtCWmkzKzIyZlUydTg3QnY1R29NPSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiXzZiRXZfWE5CbTNSVGk0aHh2eVNQZyIsInN1YiI6IjEwNzJlMjBiLTE3MDctNDUxNy05ZGZhLTMwZDUyNmExNjdjYSIsImNvZ25pdG86Z3JvdXBzIjpbInVzLXdlc3QtMl9NT3FsREZXWlJfRmlza2VyIl0sImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy13ZXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtd2VzdC0yX01PcWxERldaUiIsImNvZ25pdG86dXNlcm5hbWUiOiJmaXNrZXJfand1QGZpc2tlcmluYy5jb20iLCJnaXZlbl9uYW1lIjoiSm9obiIsIm5vbmNlIjoicmhQWXk1dkJfeVctY0ZLSTdQNkJjMU1oX1UwLWtwa2wzV0k4SENCOHVnNXAtZTNFbzllS1VYanctZ3VLRThCMXktVnA4YlFFMDRRcW9lbEdoaTRndHdaQVBSTjFMU1l0QWx2THFIUnAyNGtzbTJfQkNnZzFaX212dDVlZjhRSnBNQWhOVlJlbEItNGVEWDlUaThnX2F1SUNxSE5jWjV4OVpGaktYVVowR2hjIiwiY3VzdG9tOmdyb3VwcyI6IlsyOTE0ZTY3Zi1mYjg1LTRiNzgtYjc5ZC02NTZmNGYzN2ZhYTEsIDhkODI3OGE1LTljMGUtNGM3Zi05MThhLTgxMWZkMWQyMzZlNCwgNzQ2ZjM0YjAtOWJhMC00YjVkLThkODQtMDI1NmE5YzhlMzkwLCA2YzNjZjk4ZC0wYWRhLTQ4YzYtYWU5NC1iMTcxY2ZhMjc1ZmMsIDY2Y2FkODYwLTNkODAtNGE1OC05ZDk4LTU0MDkxNzczM2VmNiwgYWNiZDcyYzktOWZmMy00NmE4LTgzYmEtYzZmYTVkZjNmMjY0LCAzYmVmNjM3Ny1lZGRlLTRhZTAtOTMxZS0zODg3OTk5Mzk2NTIsIDVlNTlhNjE5LWM4OTAtNDQ3Mi05MWMyLWQ1ZWFlNWQ4ZmExOCwgNzM3ZTQ0OWMtMjMwOS00NjllLWFhNDgtNDZlNjg5MTk4M2MwLCA1NmVmNGJlYy1kNzM5LTRkZGYtYTAwMy1lY2M4MTMwODViOGQsIDkyOWIwNDcwLWY3ZWItNGUxOC05Zjk3LTIyYWMyYzU5MWExMCwgZjYzYjY0MzAtMTI4OC00MGE4LWFhNDktODQzODUxNTBkNmE4LCAxMzFlNjI1Ny1mZGI3LTQyNmEtOTgyNS0xY2Q5MTg4MDJmYmEsIDFhYzc5NGNjLTc2YWMtNDdmNi1iZWU2LWQ2NjY2OTk4ZjBmZCwgODc3NzBhZWEtOTE2Mi00MDllLWFhNzAtMTBkMGQxZGU1OTAyLCBhNmM5ODA1ZS04MGIyLTQyYjItYmZiYi05ZGY1MmU1NTA0ZDgsIDVkZWE2YzMyLTY1NzUtNDUyNy05MjU0LWU1MGQyN2FlNWU5MiwgYmFmYzE3YTctZWM2NC00OWQ5LWEyYTctZGFmYzI4ZGNiMDM3LCAyNDQ5YzA2Ni05MTQ2LTQ0YTctYjRlNi00ODI4MDMxZDk1OGQsIGVmY2MzMDI1LWUyZDgtNDIxMi04MjI3LTgwNWM3YmUzOWQyYywgMjczYzdjMGQtNTFkMy00YTMxLTk0NDMtYzQzNjc1NzJlZTRmLCA4Zjc4ZGNlNy1mNWY5LTQwMzMtYTEwYy1jOWM3NDA4YmZjZmUsIGNmNjUzMTgzLWM4MjktNGVlZC1hNmNlLTQ1M2ZhMTAxN2NkOSwgNzgzYzU5NzktZjVlNy00Y2I2LWIxNGUtYzM1NTNkZGU5NTZhLCA1NTE1YTk4Zi00NjY4LTQxMjEtOGU4ZC1mZWUyODI1Njk5Y2YsIDg2OTU2YTJmLThkNDYtNDdmZi05YjI5LWY5OTA3OWFlM2MxZCwgYzRkNDM2MWMtODg4Mi00N2I0LTg2NDEtZmQzYWI2OGFlNzIyLCA5NzJhZDA5NS0xNmI3LTQwYWQtYTQ2NC1mNWRiZjQxN2E4Y2QsIDdiY2RjZGIyLTMyNzktNDRiZi1hOTk4LTc3MWJhYjRiMzNlMSwgYjBlODJlODMtMmM5NC00YjI0LWI5YzctZTc3ODE2ZjI1OTdkXSIsImF1ZCI6IjVjazRzY2Uyb2t1cWVraGYycmsyZm50ZGMiLCJjdXN0b206c2Vzc2lvbi1kdXJhdGlvbiI6IjkwMCIsImlkZW50aXRpZXMiOlt7InVzZXJJZCI6Imp3dUBmaXNrZXJpbmMuY29tIiwicHJvdmlkZXJOYW1lIjoiRmlza2VyIiwicHJvdmlkZXJUeXBlIjoiU0FNTCIsImlzc3VlciI6Imh0dHBzOlwvXC9zdHMud2luZG93cy5uZXRcLzVhYTRiNjQwLWM5ZmMtNGE5Yi1iM2EzLWQ0YTdkMDA4ZmI1ZVwvIiwicHJpbWFyeSI6InRydWUiLCJkYXRlQ3JlYXRlZCI6IjE2NjgwMjY1MzA2MTcifV0sInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjY4NDc1MDQ2LCJleHAiOjE2Njg0Nzg2NDYsImlhdCI6MTY2ODQ3NTA0NiwiZmFtaWx5X25hbWUiOiJXdSJ9.fKFlW0WzG1Ezxp8T1YZHNO7r7-KmRxD5v_EWsHjJc8YYODjLXQN5M3ySWD9Z36m4W1YxZ96XW70AE9biDkxIGPHtrFiuW3rFI045DQAUZGXzK18uZdKj_1c_Thx3lJmVncLOs9umcqHbw-_wWZQ-_0oWmHuBCDzQVSvAy0_4wSn4jzx9B4Hpd_jYtFUONToIYIGNhEHlJIak9oPqTzbSAoCiwHufvXZ9rEvnH5IT9F0IuEVG8c0cypSlXjwE-2XJdgsggr9ZIFet27IWJ6qPPQCgjPP1T1qHTPjSLZdE5eQ8SmANWr7hauEGbVlJDGg4Oj365Am_rxxo_5fzvyf6SA" aftersalesToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyJ9.eyJhdWQiOiI1NWZmODdjOS02MjY0LTQ3MzgtYjdmMC1jMGQ4ZWRhNWM1NjYiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNWFhNGI2NDAtYzlmYy00YTliLWIzYTMtZDRhN2QwMDhmYjVlL3YyLjAiLCJpYXQiOjE2ODE0Njc5NjgsIm5iZiI6MTY4MTQ2Nzk2OCwiZXhwIjoxNjgxNDcxODY4LCJhaW8iOiJBV1FBbS84VEFBQUEzY0wvQ0ZFWTA5TFQvd291aFg1c0FMMjVXNFlmK2VQVTFXKzVNTkxQSWt3V2ppZi80dXdmMGg1NmwySEVMY0xCZHlZaDZzYlpJSTNoNkg1Q1d1UU0zSXhnSnJ1c2dYMit1VG43Ulc1TndMSmY3N2M4NlJXajNWZGFrajNzVjBJdSIsImdyb3VwcyI6WyJkODBmMzEwNS03ZTY3LTRiMWUtODIzYy1kYzI4OGRmMGEyZWEiLCIyNzNjN2MwZC01MWQzLTRhMzEtOTQ0My1jNDM2NzU3MmVlNGYiLCI3MzdlNDQ5Yy0yMzA5LTQ2OWUtYWE0OC00NmU2ODkxOTgzYzAiLCIxNjczYjg5ZS0yZDlkLTQxZjItYmY1NS1kYWY1N2I3OWZkNjkiLCI4ZDgyNzhhNS05YzBlLTRjN2YtOTE4YS04MTFmZDFkMjM2ZTQiXSwibmFtZSI6IlZpbm90aCBLdW1hciBSYWphIFNoYW5rYXIiLCJvaWQiOiI0MDFmMTc2OC0wODkyLTRlMjktYjQ2OC0zZTY4OTQwMGQwZDIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ2cmFqYXNoYW5rYXJAZmlza2VyaW5jLmNvbSIsInJoIjoiMC5BUnNBUUxha1d2ekptMHF6bzlTbjBBajdYc21IXzFWa1lqaEh0X0RBMk8ybHhXWWJBRG8uIiwic3ViIjoiS3JvaDJuTGRNVWJqTTNCbG9qUXdmTjY2b1lkdEVtdktSdUM5U1JtYXF6ayIsInRpZCI6IjVhYTRiNjQwLWM5ZmMtNGE5Yi1iM2EzLWQ0YTdkMDA4ZmI1ZSIsInV0aSI6InNSTDQzaklaTUU2X3NyaTNEMHMyQUEiLCJ2ZXIiOiIyLjAiLCJ3aWRzIjpbImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdfQ.C_6KX5RstXr6Kgs6_HdgbyQ8Unthyybz6TjR7dJAYrCckWQuS1dEbIhkdrp7_es9N-hAAaxVcZzhjYBs93-ZKdqApyVkUTMWANTc4VbkYO1V5ZvJU5BAcUkfxUAm-OcnmAs2hJmx1EzW3aBRCNnY5hsgQ_7ZSAT-SJkFsCZ8QYXZjXU0CLXg31sdvzC6xu6hVSpFbsWtpFnODijNX8jXLetkpLO-IKrzEDMVA6xd-sl9Up95tuKKcu36UNxaf5LWtbcDWxLJtiWAB7DL-3xwyaQ08O1yGn25n3XKcYy-nGrhCaeHL014neHYGBdSe7nkP2OD47zTFEyTDsbmRU1_mA" magnaToken := "eyJraWQiOiJlUTNuZFJLaUVcL084VUZ5RHFsYjN0S1RzWG00SzVPMlc4NXd3VWkzT2tNZz0iLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoicW5qN2dxcVJBMnRHVDgzNTRjUWxEdyIsInN1YiI6ImYzZWVlNjdjLWU1YWUtNDExZS1iYmJjLWE2YTI5YTVkOTU3MCIsImNvZ25pdG86Z3JvdXBzIjpbInVzLXdlc3QtMl9BV3dqTFh5bTJfTWFnbmEiXSwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl9BV3dqTFh5bTIiLCJjb2duaXRvOnVzZXJuYW1lIjoibWFnbmFfbWFya3VzLmhvcnZhdEBtYWduYS5jb20iLCJjdXN0b206Z3JvdXBzIjoiNjgyNzMyMjUtOWRhNC00ZmE3LWFlYTUtMzhlMTZlYzQ3MWZlIiwiYXVkIjoiN2NrMnRmb3FhdmM3MmM0NWhoN3RnZTQya2QiLCJpZGVudGl0aWVzIjpbeyJ1c2VySWQiOiJtYXJrdXMuaG9ydmF0QG1hZ25hLmNvbSIsInByb3ZpZGVyTmFtZSI6Ik1hZ25hIiwicHJvdmlkZXJUeXBlIjoiU0FNTCIsImlzc3VlciI6Imh0dHBzOlwvXC9zdHMud2luZG93cy5uZXRcL2M3NjAyNzBjLWYzZGEtNGNmYS05NzM3LTAzODA4ZWY1NTc5ZlwvIiwicHJpbWFyeSI6InRydWUiLCJkYXRlQ3JlYXRlZCI6IjE2Nzk0MTI3MzQ0ODUifV0sInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjc5NDEyNzM1LCJleHAiOjE2ODE0NzE4NjgsImlhdCI6MTY4MTQ2ODI2OCwiZW1haWwiOiJtYXJrdXMuaG9ydmF0QG1hZ25hLmNvbSJ9.RZnxUmJ6jH-Yq6c8EZnWBgOYkQ-vFRbMZ2w8nm6PL1BL8ryIVmzhbwwejfHn_pZf2PNz46QD93RJ1ef2cy41Moj-T9XyhtEm6U-Yo4kRC3AvpEoTqKv5h_L7IPPRz-iGnltda2J-V_1k9JRdO_Mmqsj0OXKtJgULUXDDwaFn9kiqOlgwpKQqFu2F6Hg_jwF8cUnbD-e7At1hHurKduutJFnb-Hna7CBU_xZpi4Nz2hwPw6V_HiDmZ-GcuvTd0R9KmFjdMjVTeVKXMC2FEntzp41kJT_BgxawL_ufd84mrbQW7QEk23q9cgaTajppiZk1-IZ5BZmYGZEiiZYTWwwTIA" emptyRoles := map[string][]adminroles.RoleID{} emptyRolesDefault := map[string][]adminroles.RoleID{ authproviders.Default: {}, } makeReq := func(token string) *http.Request { return helper.MakeTestRequestWithHeaders(http.MethodGet, "/", map[string]string{ "Authorization": strings.Join([]string{"Bearer", token}, " "), }, nil) } reqFiskerAD := makeReq(fiskerADToken) reqAzureAD := makeReq(azureADToken) reqAftersales := makeReq(aftersalesToken) reqMagna := makeReq(magnaToken) tests := []testCaseAuthRoleChecker{ { Name: "No roles, expired", Request: reqFiskerAD, Roles: emptyRoles, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: false, }, { Name: "Default, no roles, expired", Request: reqFiskerAD, Roles: emptyRolesDefault, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: false, }, { Name: "No roles", Request: reqFiskerAD, Roles: emptyRoles, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, }, { Name: "Default, no roles", Request: reqFiskerAD, Roles: emptyRolesDefault, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, }, { Name: "Aftersales token", Request: reqAftersales, Roles: map[string][]adminroles.RoleID{ authproviders.Default: {adminroles.RoleAfterSalesAccess, adminroles.RoleAfterSalesAccessFSP}, }, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, Setup: func() { auth.GetValidator().SetKeys(jwkAftersales) auth.SetGroupKey("groups") }, }, { Name: "Magna token", Request: reqMagna, Roles: map[string][]adminroles.RoleID{ authproviders.Default: {adminroles.RoleMagna}, }, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, Setup: func() { auth.GetValidator().SetKeys(jwkManufacture) }, }, { Name: "Check existing role", Request: reqFiskerAD, Roles: map[string][]adminroles.RoleID{ authproviders.Default: {adminroles.RoleCreate}, }, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, ExpectedProvider: authproviders.FiskerAD, }, { Name: "Check non-existent role", Request: reqFiskerAD, Roles: map[string][]adminroles.RoleID{ authproviders.Default: {adminroles.RoleReadOnly}, }, ExpectedStatus: http.StatusUnauthorized, ExpectedBody: `{"message":"missing permission","error":"Unauthorized"}`, DisableExpireCheck: true, }, { Name: "Check multiple roles", Request: reqFiskerAD, Roles: map[string][]adminroles.RoleID{ authproviders.Default: {adminroles.RoleCreate, adminroles.RoleReadOnly}, }, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, ExpectedProvider: authproviders.FiskerAD, }, { Name: "AzureAD provider with permission", Request: reqAzureAD, Roles: map[string][]adminroles.RoleID{ authproviders.FiskerQA: {adminroles.RoleCreate, adminroles.RoleReadOnly}, }, ExpectedStatus: http.StatusOK, ExpectedBody: expectedOkBody, DisableExpireCheck: true, ExpectedProvider: authproviders.FiskerQA, }, { Name: "AzureAD provider check expire", Request: reqAzureAD, Roles: map[string][]adminroles.RoleID{ authproviders.FiskerQA: {adminroles.RoleCreate, adminroles.RoleReadOnly}, }, ExpectedStatus: http.StatusUnauthorized, ExpectedBody: `{"message":"token expired","error":"Unauthorized"}`, DisableExpireCheck: false, ExpectedProvider: authproviders.FiskerQA, }, { Name: "AzureAD provider with no permission", Request: reqAzureAD, Roles: map[string][]adminroles.RoleID{ authproviders.FiskerAD: {adminroles.RoleCreate, adminroles.RoleReadOnly}, }, ExpectedStatus: http.StatusUnauthorized, ExpectedBody: `{"message":"missing permission","error":"Unauthorized"}`, DisableExpireCheck: true, ExpectedProvider: authproviders.FiskerQA, }, } for _, test := range tests { handler := setup(t, test) res := httptest.NewRecorder() auth.GetValidator().DisableExpireCheck(test.DisableExpireCheck) handler(res, test.Request) if res.Result().StatusCode != test.ExpectedStatus { t.Errorf(helper.TestErrorTemplate, test.Name, test.ExpectedStatus, res.Result().StatusCode) } body := res.Body.String() if body != test.ExpectedBody { t.Errorf(helper.TestErrorTemplate, test.Name, test.ExpectedBody, body) } } auth.GetValidator().DisableExpireCheck(false) } func getTestHandler(t *testing.T, test testCaseAuthRoleChecker) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { if test.ExpectedProvider != "" { if provider, ok := r.Context().Value(c.ProviderKey).(string); !ok || provider != test.ExpectedProvider { t.Errorf(helper.TestErrorTemplate, test.Name, test.ExpectedProvider, provider) } } w.Write([]byte(expectedOkBody)) } } func setupAuthJWTHandler(t *testing.T, test testCaseAuthRoleChecker) http.HandlerFunc { testHandler := getTestHandler(t, test) authGenrl := &httphandlers.AuthAPIToken{ APICalls: &mocks.MockAPICalls{}, } auth = authGenrl.GetJWTAuth() auth.GetValidator().SetKeys(jwk) if test.Setup != nil { test.Setup() } return auth.GetHandler(test.Roles, testHandler) } func setupAuthAPITokenHandler(t *testing.T, test testCaseAuthRoleChecker) http.HandlerFunc { testHandler := getTestHandler(t, test) auth = &httphandlers.AuthAPIToken{ APITokens: &mocks.MockAPITokens{ DBMockHelper: mocks.DBMockHelper{ Error: errors.New("token not found"), }, }, APICalls: &mocks.MockAPICalls{}, JWTAuth: true, } auth.GetValidator().SetKeys(jwk) if test.Setup != nil { test.Setup() } return auth.GetHandler(test.Roles, testHandler) }