-
Notifications
You must be signed in to change notification settings - Fork 2
/
token_extraction_test.go
103 lines (84 loc) · 3.26 KB
/
token_extraction_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package auth0
import (
"fmt"
"net/http"
"reflect"
"testing"
"time"
"github.com/go-jose/go-jose/v3"
"github.com/go-jose/go-jose/v3/jwt"
)
func TestFromRequestHeaderExtraction(t *testing.T) {
referenceToken := getTestToken(defaultAudience, defaultIssuer, time.Now(), jose.HS256, defaultSecret)
headerTokenRequest, _ := http.NewRequest("", "http://localhost", nil)
headerValue := fmt.Sprintf("Bearer %s", referenceToken)
headerTokenRequest.Header.Add("Authorization", headerValue)
token, err := FromHeader(headerTokenRequest)
if err != nil {
t.Error(err)
return
}
claims := jwt.Claims{}
err = token.Claims([]byte("secret"), &claims)
if err != nil {
t.Errorf("Claims should be decoded correctly with default token: %q \n", err)
t.FailNow()
}
if claims.Issuer != defaultIssuer || !reflect.DeepEqual(claims.Audience, jwt.Audience(defaultAudience)) {
t.Error("Invalid issuer, audience or subject:", claims.Issuer, claims.Audience)
}
}
func TestFromRequestParamsExtraction(t *testing.T) {
referenceToken := getTestToken(defaultAudience, defaultIssuer, time.Now(), jose.HS256, defaultSecret)
paramTokenRequest, _ := http.NewRequest("", "http://localhost?token="+referenceToken, nil)
token, err := FromParams(paramTokenRequest)
if err != nil {
t.Error(err)
return
}
claims := jwt.Claims{}
err = token.Claims([]byte("secret"), &claims)
if err != nil {
t.Errorf("Claims should be decoded correctly with default token: %q \n", err)
t.FailNow()
}
if claims.Issuer != defaultIssuer || !reflect.DeepEqual(claims.Audience, jwt.Audience(defaultAudience)) {
t.Error("Invalid issuer, audience or subject:", claims.Issuer, claims.Audience)
}
}
func TestFromMultipleExtraction(t *testing.T) {
extractor := FromMultiple(RequestTokenExtractorFunc(FromHeader), RequestTokenExtractorFunc(FromParams))
referenceToken := getTestToken(defaultAudience, defaultIssuer, time.Now(), jose.HS256, defaultSecret)
headerTokenRequest, _ := http.NewRequest("", "http://localhost", nil)
headerValue := fmt.Sprintf("Bearer %s", referenceToken)
headerTokenRequest.Header.Add("Authorization", headerValue)
paramTokenRequest, _ := http.NewRequest("", "http://localhost?token="+referenceToken, nil)
brokenParamTokenRequest, _ := http.NewRequest("", "http://localhost?token=broken", nil)
for _, r := range []*http.Request{headerTokenRequest, paramTokenRequest, brokenParamTokenRequest} {
token, err := extractor.Extract(r)
if err != nil {
if r == brokenParamTokenRequest && err.Error() == "go-jose/go-jose: compact JWS format must have three parts" {
// Checking that the JWT error is returned.
continue
}
t.Error(err)
return
}
claims := jwt.Claims{}
err = token.Claims([]byte("secret"), &claims)
if err != nil {
t.Errorf("Claims should be decoded correctly with default token: %q \n", err)
t.FailNow()
}
if claims.Issuer != defaultIssuer || !reflect.DeepEqual(claims.Audience, jwt.Audience(defaultAudience)) {
t.Error("Invalid issuer, audience or subject:", claims.Issuer, claims.Audience)
}
}
}
func TestInvalidExtract(t *testing.T) {
headerTokenRequest, _ := http.NewRequest("", "http://localhost", nil)
_, err := FromHeader(headerTokenRequest)
if err == nil {
t.Error("A request without valid Authorization header should return an error.")
}
}