120 lines
5.6 KiB
Go
120 lines
5.6 KiB
Go
package jwt
|
|
|
|
import (
|
|
"net/http"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/fiskerinc/cloud-services/pkg/testhelper"
|
|
)
|
|
|
|
const expiredToken = "eyJraWQiOiJlUTNuZFJLaUVcL084VUZ5RHFsYjN0S1RzWG00SzVPMlc4NXd3VWkzT2tNZz0iLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiUGFqSzVNX0d0M3lta0ZOTjhOMUJydyIsInN1YiI6IjJkZDZmZWQ5LWU1ODItNDUxYi1hOTNiLTViOTQxMGRmYmM0MyIsImNvZ25pdG86Z3JvdXBzIjpbInVzLXdlc3QtMl9BV3dqTFh5bTJfQXp1cmVBRCJdLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy13ZXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtd2VzdC0yX0FXd2pMWHltMiIsImNvZ25pdG86dXNlcm5hbWUiOiJhenVyZWFkX2p3dUBmaXNrZXJpbmMuY29tIiwiYXVkIjoiN2NrMnRmb3FhdmM3MmM0NWhoN3RnZTQya2QiLCJpZGVudGl0aWVzIjpbeyJ1c2VySWQiOiJqd3VAZmlza2VyaW5jLmNvbSIsInByb3ZpZGVyTmFtZSI6IkF6dXJlQUQiLCJwcm92aWRlclR5cGUiOiJTQU1MIiwiaXNzdWVyIjoiaHR0cHM6XC9cL3N0cy53aW5kb3dzLm5ldFwvNWFhNGI2NDAtYzlmYy00YTliLWIzYTMtZDRhN2QwMDhmYjVlXC8iLCJwcmltYXJ5IjoidHJ1ZSIsImRhdGVDcmVhdGVkIjoiMTYxMjkwMjQxMzM4MyJ9XSwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MTMxNTkzNDAsImV4cCI6MTYxMzE3OTk2MywiaWF0IjoxNjEzMTc2MzYzLCJlbWFpbCI6Imp3dUBmaXNrZXJpbmMuY29tIn0.lMIMjTaG11Y-Ft6wbuE9J3ic4EWmK-VgDXbcO583r8sckgKfWgpTI9Qy3zkkhmN0btDtQP4EqKI5afHKbDVu02wZk2y_y1adgWBxLtOJX3yCifxK99mCQUAjMvyBQ3_YbhLUexv3kvh047w0Fe3VjdPftfRwpfbmQsIYjWhF-MzDjdZJPXnXm3GjbtW6g3eKqA9AHg05ghBC4seatrDhHWKVSYS8DzmfJlsJCcdbdzZQ3fVLnYsVOU8-LK6B-IbpmpTUaobcF-acAwFaNPD56mGxI3xpnvExc9sM8ZBQD2NNhnHqY04p7mjaK2Wf4p73yLtI3SdW5SWy-w1reiaElQ"
|
|
const invalidToken = "eyJraWQiOiJlUTNuZFJLaUVcL084VUZ5RHFsYjN0S1RzWG00SzVPMlc4NXd3VWkzT2tNZz0iLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiUGFqSzVNX0d0M3lta0ZOTjhOMUJydyIsInN1YiI6IjJkZDZmZWQ5LWU1ODItNDUxYi1hOTNiLTViOTQxMGRmYmM0MyIsImNvZ25pdG86Z3JvdXBzIjpbInVzLXdlc3QtMl9BV3dqTFh5bTJfQXp1cmVBRCJdLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy13ZXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtd2VzdC0yX0FXd2pMWHltMiIsImNvZ25pdG86dXNlcm5hbWUiOiJhenVyZWFkX2p3dUBmaXNrZXJpbmMuY29tIiwiYXVkIjoiN2NrMnRmb3FhdmM3MmM0NWhoN3RnZTQya2QiLCJpZGVudGl0aWVzIjpbeyJ1c2VySWQiOiJqd3VAZmlza2VyaW5jLmNvbSIsInByb3ZpZGVyTmFtZSI6IkF6dXJlQUQiLCJwcm92aWRlclR5cGUiOiJTQU1MIiwiaXNzdWVyIjoiaHR0cHM6XC9cL3N0cy53aW5kb3dzLm5ldFwvNWFhNGI2NDAtYzlmYy00YTliLWIzYTMtZDRhN2QwMDhmYjVlXC8iLCJwcmltYXJ5IjoidHJ1ZSIsImRhdGVDcmVhdGVkIjoiMTYxMjkwMjQxMzM4MyJ9XSwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE2MTMxNTkzNDAsImV4cCI6MTYxMzE3OTk2MywiaWF0IjoxNjEzMTc2MzYzLCJlbWFpbCI6Imp3dUBmaXNrZXJpbmMuY29tIn0.lMIMjTaG11Y-Ft6wbuE9J3ic4EWmK-VgDXbcO583r8sckgKfWgpTI9Qy3zkkhmN0btDtQP4EqKI5afHKbDVu02wZk2y_y1adgWBxLtOJX3yCifxK99mCQUAjMvyBQ3_YbhLUexv3kvh047w0Fe3VjdPftfRwpfbmQsIYjWhF-MzDjdZJPXnXm3GjbtW6g3eKqA9AHg05ghBC4seatrDhHWKVSYS8DzmfJlsJCcdbdzZQ3fVLnYsVOU8-LK6B-IbpmpTUaobcF-acAwFaNPD56mGxI3xpnvExc9sM8ZBQD2NNhnHqY04p7mjaK2Wf4p73yLtI3SdW5SWy-w1reiaEl"
|
|
|
|
func init() {
|
|
os.Setenv("JWK_URL", "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_AWwjLXym2/.well-known/jwks.json")
|
|
}
|
|
|
|
func TestValidation(t *testing.T) {
|
|
validator := NewJWTValidator("")
|
|
type testCase struct {
|
|
Name string
|
|
Token string
|
|
ExpectedError string
|
|
DisableExpireCheck bool
|
|
}
|
|
|
|
tests := []testCase{
|
|
{
|
|
Name: "Expired",
|
|
Token: expiredToken,
|
|
ExpectedError: "token expired",
|
|
},
|
|
{
|
|
Name: "Invalid",
|
|
Token: invalidToken,
|
|
ExpectedError: "invalid token",
|
|
},
|
|
{
|
|
Name: "Expired Disabled",
|
|
Token: expiredToken,
|
|
DisableExpireCheck: true,
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
validator.DisableExpireCheck(test.DisableExpireCheck)
|
|
_, err := validator.ValidateToken(test.Token)
|
|
if err != nil && err.Error() != test.ExpectedError {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Name, test.ExpectedError, err.Error())
|
|
}
|
|
if test.ExpectedError == "" && err != nil {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Name, test.ExpectedError, err.Error())
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestGetPayload(t *testing.T) {
|
|
payload, err := GetPayload(expiredToken)
|
|
if err != nil {
|
|
t.Errorf(testhelper.TestErrorTemplate, "Payload", "No error", err)
|
|
}
|
|
if payload == nil {
|
|
t.Errorf(testhelper.TestErrorTemplate, "Payload", "Not nil", payload)
|
|
}
|
|
if len(payload) == 0 {
|
|
t.Errorf(testhelper.TestErrorTemplate, "Payload", "Has data", len(payload))
|
|
}
|
|
}
|
|
|
|
func TestGetAuthorizationHeader(t *testing.T) {
|
|
type testCase struct {
|
|
Name string
|
|
Request *http.Request
|
|
ExpectedToken string
|
|
ExpectedError string
|
|
}
|
|
|
|
tests := []testCase{
|
|
{
|
|
Name: "No header",
|
|
Request: testhelper.MakeTestRequestWithHeaders(http.MethodGet, "/", map[string]string{}, nil),
|
|
ExpectedError: "no authorization header",
|
|
},
|
|
{
|
|
Name: "Blank header",
|
|
Request: testhelper.MakeTestRequestWithHeaders(http.MethodGet, "/", map[string]string{
|
|
"Authorization": "",
|
|
}, nil),
|
|
ExpectedError: "no authorization header",
|
|
},
|
|
{
|
|
Name: "No Bearer",
|
|
Request: testhelper.MakeTestRequestWithHeaders(http.MethodGet, "/", map[string]string{
|
|
"Authorization": "XXXXXXXXXXX",
|
|
}, nil),
|
|
ExpectedError: "missing Bearer",
|
|
},
|
|
{
|
|
Name: "Good header",
|
|
Request: testhelper.MakeTestRequestWithHeaders(http.MethodGet, "/", map[string]string{
|
|
"Authorization": "Bearer XXXXXXXXXXX",
|
|
}, nil),
|
|
ExpectedToken: "XXXXXXXXXXX",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
auth, err := GetAuthorizationHeader(test.Request)
|
|
if err != nil && err.Error() != test.ExpectedError {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Name, test.ExpectedError, err.Error())
|
|
}
|
|
if test.ExpectedError == "" && err != nil {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Name, test.ExpectedError, err.Error())
|
|
}
|
|
if auth.Token != test.ExpectedToken {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Name, test.ExpectedToken, auth.Token)
|
|
}
|
|
}
|
|
}
|