mirror of
https://github.com/jech/galene.git
synced 2024-11-22 08:35:57 +01:00
Add more tests for token auth.
This commit is contained in:
parent
947eb71328
commit
7784a2ac96
1 changed files with 88 additions and 0 deletions
|
@ -3,7 +3,11 @@ package token
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestHS256(t *testing.T) {
|
func TestHS256(t *testing.T) {
|
||||||
|
@ -52,3 +56,87 @@ func TestES256(t *testing.T) {
|
||||||
t.Errorf("point is not on curve")
|
t.Errorf("point is not on curve")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestValid(t *testing.T) {
|
||||||
|
key := `{
|
||||||
|
"kty":"EC",
|
||||||
|
"alg":"ES256",
|
||||||
|
"crv":"P-256",
|
||||||
|
"x":"CBo2DHISffe8bVr6bNspCiHK3zK9pfMGfWtpHnk9-Lw",
|
||||||
|
"y":"sD5dQ-bJu8AfRGLfA6MigQyUIOQHcYx6HQOdfIbLjHo"
|
||||||
|
}`
|
||||||
|
var k map[string]interface{}
|
||||||
|
err := json.Unmarshal([]byte(key), &k)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Unmarshal: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
keys := []map[string]interface{}{k}
|
||||||
|
|
||||||
|
goodToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1MzkxLCJleHAiOjIyNzU5MTUzOTEsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.PMgfwYwSLSFIfcNJdOEfHEZ41HM2CzbATuS1fTxncbaGyX-xXq7d9V04enXpLOMGnAlsZpOJvd7eJN2mngJMAg"
|
||||||
|
|
||||||
|
aud, perms, err := Valid(
|
||||||
|
"john", goodToken, keys, "http://localhost:1234/",
|
||||||
|
)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Token invalid: %v", err)
|
||||||
|
} else {
|
||||||
|
if !reflect.DeepEqual(aud, []string{"https://galene.org:8443/group/auth/"}) {
|
||||||
|
t.Errorf("Unexpected aud: %v", aud)
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(
|
||||||
|
perms, map[string]interface{}{"present": true},
|
||||||
|
) {
|
||||||
|
t.Errorf("Unexpected perms: %v", perms)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
aud, perms, err = Valid(
|
||||||
|
"jack", goodToken, keys, "http://localhost:1234/",
|
||||||
|
)
|
||||||
|
if err != ErrUnexpectedSub {
|
||||||
|
t.Errorf("Token should have bad username")
|
||||||
|
}
|
||||||
|
|
||||||
|
aud, perms, err = Valid(
|
||||||
|
"john", goodToken, keys, "http://localhost:4567/",
|
||||||
|
)
|
||||||
|
if err != ErrUnexpectedIss {
|
||||||
|
t.Errorf("Token should have bad issuer")
|
||||||
|
}
|
||||||
|
|
||||||
|
badToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk2MDE5LCJleHAiOjIyNjAzNjQwMTksImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.4TN5zxzuKeNIw0rX0yirEkVYF1d0FHI_Lezmsa27ayi0R4ocSgTZ3q2bmlACXvyuoBqEEbuP4e77BUbGCHmpSg"
|
||||||
|
|
||||||
|
_, _, err = Valid(
|
||||||
|
"john", badToken, keys,
|
||||||
|
"https://localhost:1234/group/auth/",
|
||||||
|
)
|
||||||
|
|
||||||
|
var verr *jwt.ValidationError
|
||||||
|
if !errors.As(err, &verr) {
|
||||||
|
t.Errorf("Token should fail")
|
||||||
|
}
|
||||||
|
|
||||||
|
expiredToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1NTY3LCJleHAiOjE2NDUxOTU1OTcsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ.GXcLeyNVr5cnZjIECENyjMLH1HyNKWKkHMc9onvqA_RVYMyDLeeR_3NKH9Y7eKSXWC8jhatDWtH7Ed3KdsSxAA"
|
||||||
|
|
||||||
|
_, _, err = Valid(
|
||||||
|
"john", expiredToken, keys,
|
||||||
|
"https://localhost:1234/group/auth/",
|
||||||
|
)
|
||||||
|
|
||||||
|
if !errors.As(err, &verr) {
|
||||||
|
t.Errorf("Token should be expired")
|
||||||
|
}
|
||||||
|
|
||||||
|
noneToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJzdWIiOiJqb2huIiwiYXVkIjoiaHR0cHM6Ly9nYWxlbmUub3JnOjg0NDMvZ3JvdXAvYXV0aC8iLCJwZXJtaXNzaW9ucyI6eyJwcmVzZW50Ijp0cnVlfSwiaWF0IjoxNjQ1MTk1NzgyLCJleHAiOjIyNjAzNjM3ODIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTIzNC8ifQ."
|
||||||
|
|
||||||
|
_, _, err = Valid(
|
||||||
|
"john", noneToken, keys,
|
||||||
|
"https://localhost:1234/group/auth/",
|
||||||
|
)
|
||||||
|
|
||||||
|
if err == nil {
|
||||||
|
t.Errorf("Unsigned token should fail")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue