Add more tests for token auth.

7784a2ac · Juliusz Chroboczek · 947eb713 · 7784a2ac
Commit 7784a2ac authored Feb 18, 2022 by Juliusz Chroboczek
Hide whitespace changes
Inline Side-by-side

Showing with 88 additions and 0 deletions

token/token_test.go token/token_test.go +88 -0

No files found.
--- a/token/token_test.go
+++ b/token/token_test.go
@@ -3,7 +3,11 @@ package token
 import (
 	"crypto/ecdsa"
 	"encoding/json"
+	"errors"
+	"reflect"
 	"testing"
+
+	"github.com/golang-jwt/jwt/v4"
 )

 func TestHS256(t *testing.T) {
@@ -52,3 +56,87 @@ func TestES256(t *testing.T) {
 		t.Errorf("point is not on curve")
 	}
 }
+
+func TestValid(t *testing.T) {
+	key := `{
+            "kty":"EC",
+            "alg":"ES256",
+            "crv":"P-256",
+            "x":"CBo2DHISffe8bVr6bNspCiHK3zK9pfMGfWtpHnk9-Lw",
+            "y":"sD5dQ-bJu8AfRGLfA6MigQyUIOQHcYx6HQOdfIbLjHo"
+        }`
+	var k map[string]interface{}
+	err := json.Unmarshal([]byte(key), &k)
+	if err != nil {
+		t.Fatalf("Unmarshal: %v", err)
+	}
+
+	keys := []map[string]interface{}{k}
+
+	goodToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1MzkxLCJleHAiOjIyNzU5MTUzOTEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.PMgfwYwSLSFIfcNJdOEfHEZ41HM2CzbATuS1fTxncbaGyX-xXq7d9V04enXpLOMGnAlsZpOJvd7eJN2mngJMAg"
+
+	aud, perms, err := Valid(
+		"john", goodToken, keys, "http://localhost:1234/",
+	)
+
+	if err != nil {
+		t.Errorf("Token invalid: %v", err)
+	} else {
+		if !reflect.DeepEqual(aud, []string{"https://galene.org:8443/group/auth/"}) {
+			t.Errorf("Unexpected aud: %v", aud)
+		}
+		if !reflect.DeepEqual(
+			perms, map[string]interface{}{"present": true},
+		) {
+			t.Errorf("Unexpected perms: %v", perms)
+		}
+	}
+
+	aud, perms, err = Valid(
+		"jack", goodToken, keys, "http://localhost:1234/",
+	)
+	if err != ErrUnexpectedSub {
+		t.Errorf("Token should have bad username")
+	}
+
+	aud, perms, err = Valid(
+		"john", goodToken, keys, "http://localhost:4567/",
+	)
+	if err != ErrUnexpectedIss {
+		t.Errorf("Token should have bad issuer")
+	}
+
+	badToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk2MDE5LCJleHAiOjIyNjAzNjQwMTksImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.4TN5zxzuKeNIw0rX0yirEkVYF1d0FHI_Lezmsa27ayi0R4ocSgTZ3q2bmlACXvyuoBqEEbuP4e77BUbGCHmpSg"
+
+	_, _, err = Valid(
+		"john", badToken, keys,
+		"https://localhost:1234/group/auth/",
+	)
+
+	var verr *jwt.ValidationError
+	if !errors.As(err, &verr) {
+		t.Errorf("Token should fail")
+	}
+
+	expiredToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1NTY3LCJleHAiOjE2NDUxOTU1OTcsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.GXcLeyNVr5cnZjIECENyjMLH1HyNKWKkHMc9onvqA_RVYMyDLeeR_3NKH9Y7eKSXWC8jhatDWtH7Ed3KdsSxAA"
+
+	_, _, err = Valid(
+		"john", expiredToken, keys,
+		"https://localhost:1234/group/auth/",
+	)
+
+	if !errors.As(err, &verr) {
+		t.Errorf("Token should be expired")
+	}
+
+	noneToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1NzgyLCJleHAiOjIyNjAzNjM3ODIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ."
+
+	_, _, err = Valid(
+		"john", noneToken, keys,
+		"https://localhost:1234/group/auth/",
+	)
+
+	if err == nil {
+		t.Errorf("Unsigned token should fail")
+	}
+}