mirror of
https://github.com/elyby/chrly.git
synced 2024-12-23 13:40:11 +05:30
778bc615aa
Token generation functionality remove. Secret token now provided via CHRLY_SECRET env variable.
98 lines
2.6 KiB
Go
98 lines
2.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
testify "github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
const jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxNTE2NjU4MTkzIiwic2NvcGVzIjoic2tpbiJ9.agbBS0qdyYMBaVfTZJAZcTTRgW1Y0kZty4H3N2JHBO8"
|
|
|
|
func TestJwtAuth_NewToken_Success(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
jwt := &JwtAuth{[]byte("secret")}
|
|
token, err := jwt.NewToken(SkinScope)
|
|
assert.Nil(err)
|
|
assert.NotNil(token)
|
|
}
|
|
|
|
func TestJwtAuth_NewToken_KeyNotAvailable(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
jwt := &JwtAuth{}
|
|
token, err := jwt.NewToken(SkinScope)
|
|
assert.Error(err, "signing key not available")
|
|
assert.Nil(token)
|
|
}
|
|
|
|
func TestJwtAuth_Check_EmptyRequest(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
jwt := &JwtAuth{[]byte("secret")}
|
|
|
|
err := jwt.Check(req)
|
|
assert.IsType(&Unauthorized{}, err)
|
|
assert.EqualError(err, "Authentication header not presented")
|
|
}
|
|
|
|
func TestJwtAuth_Check_NonBearer(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
req.Header.Add("Authorization", "this is not jwt")
|
|
jwt := &JwtAuth{[]byte("secret")}
|
|
|
|
err := jwt.Check(req)
|
|
assert.IsType(&Unauthorized{}, err)
|
|
assert.EqualError(err, "Cannot recognize JWT token in passed value")
|
|
}
|
|
|
|
func TestJwtAuth_Check_BearerButNotJwt(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
req.Header.Add("Authorization", "Bearer thisIs.Not.Jwt")
|
|
jwt := &JwtAuth{[]byte("secret")}
|
|
|
|
err := jwt.Check(req)
|
|
assert.IsType(&Unauthorized{}, err)
|
|
assert.EqualError(err, "Cannot parse passed JWT token")
|
|
}
|
|
|
|
func TestJwtAuth_Check_SecretNotAvailable(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
req.Header.Add("Authorization", "Bearer " + jwt)
|
|
jwt := &JwtAuth{}
|
|
|
|
err := jwt.Check(req)
|
|
assert.Error(err, "Signing key not set")
|
|
}
|
|
|
|
func TestJwtAuth_Check_SecretInvalid(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
req.Header.Add("Authorization", "Bearer " + jwt)
|
|
jwt := &JwtAuth{[]byte("this is another secret")}
|
|
|
|
err := jwt.Check(req)
|
|
assert.IsType(&Unauthorized{}, err)
|
|
assert.EqualError(err, "JWT token have invalid signature. It may be corrupted or expired.")
|
|
}
|
|
|
|
func TestJwtAuth_Check_Valid(t *testing.T) {
|
|
assert := testify.New(t)
|
|
|
|
req := httptest.NewRequest("POST", "http://localhost", nil)
|
|
req.Header.Add("Authorization", "Bearer " + jwt)
|
|
jwt := &JwtAuth{[]byte("secret")}
|
|
|
|
err := jwt.Check(req)
|
|
assert.Nil(err)
|
|
}
|