-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathjwt_test.go
120 lines (111 loc) · 3.46 KB
/
jwt_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
)
func TestValidateClaims(t *testing.T) {
magicIpClaims := *TestClaims
magicIpClaims.Ip = configuration.MagicIp
testCases := []struct {
name string
claims *Claims
ip string
url string
expectedErrorContains string
clearAudience bool
clearSubject bool
}{
{"NOMINAL", TestClaims, "1.2.3.4", "url.fr", "", false, false},
{"NOMINAL_IP_MISSING", TestClaims, "", "url.fr", "ip", false, false},
{"NOMINAL_URL_MISSING", TestClaims, "1.2.3.4", "", "domain", false, false},
{"BAD_URL", TestClaims, "1.2.3.4", "baddomain", "domain", false, false},
{"NO_AUD", TestClaims, "1.2.3.4", "", "domain", true, false},
{"NO_SUB", &Claims{}, "", "", "username", false, true},
{"NO_CLAIMS", nil, "", "", "claims", false, false},
{"MAGIC_IP", &magicIpClaims, "9.8.7.6", "url.fr", "", false, false},
}
for _, tc := range testCases {
// shadow the test case to avoid modifying the test case
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
if tc.clearAudience {
tc.claims.Audience = nil
}
if tc.clearSubject {
tc.claims.Subject = ""
}
err := ValidateClaims(tc.claims, tc.ip, tc.url)
if tc.expectedErrorContains != "" {
assert.ErrorContains(t, err, tc.expectedErrorContains)
} else {
assert.NoError(t, err)
}
})
}
}
func TestCreateJwtCookie(t *testing.T) {
testCases := []struct {
name string
username string
ip string
domains []string
}{
{"NOMINAL", "user", "1.2.3.4", []string{"url.fr"}},
{"NOMINAL2", "admin", "1.2.3.4", []string{"toto.com"}},
}
for _, tc := range testCases {
// shadow the test case to avoid modifying the test case
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
cookie := CreateJwtCookie(tc.username, tc.ip, tc.domains)
assert.NotNil(t, cookie)
assert.Equal(t, configuration.CookieName, cookie.Name)
assert.Equal(t, configuration.CookieDomain, cookie.Domain)
assert.Equal(t, true, cookie.Secure)
assert.Equal(t, true, cookie.HttpOnly)
})
}
}
func TestGetValidJwtClaims(t *testing.T) {
// Helper to create valid cookie
//c := CreateJwtCookie("jean", "1.2.3.4", []string{"url.net"})
//t.Errorf("JwtToken: %+v", c.Value)
//t.Errorf("JwtSecret: %+v", string([]byte(configuration.JwtSecretKey)))
testCases := []struct {
name string
cookie *http.Cookie
ip string
url string
expectedNil bool
}{
{"NO_COOKIE", nil, "1.2.3.4", "url.net", true},
{"NO_COOKIE2", TestCookie["empty"], "1.2.3.4", "url.net", true},
{"NO_COOKIE3", TestCookie["fake"], "1.2.3.4", "url.net", true},
{"EXPIRED", TestCookie["expired"], "1.2.3.4", "url.net", true},
{"BAD_USER", TestCookie["baduser"], "1.2.3.4", "url.net", false},
{"BAD_ALG", TestCookie["badalgo"], "1.2.3.4", "url.net", true},
{"ALTERED", TestCookie["altered"], "1.2.3.4", "url.net", true},
{"VALID", TestCookie["valid"], "1.2.3.4", "url.net", false},
{"BAD_URL", TestCookie["valid"], "1.2.3.4", "test.com", true},
}
for _, tc := range testCases {
// shadow the test case to avoid modifying the test case
tc := tc
co := tc.cookie
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
claims := GetValidJwtClaims(co, tc.ip, tc.url)
if tc.expectedNil {
assert.Nil(t, claims)
} else {
assert.NotNil(t, claims)
}
if claims != nil {
assert.Equal(t, tc.ip, claims.Ip)
}
})
}
}