func TestNewDefault(t *testing.T) {
jm, err := userjwt.New()
assert.NoError(t, err)
assert.Equal(t, time.Hour, jm.Expire)
assert.Nil(t, jm.Blacklist.Set("test", time.Hour))
assert.False(t, jm.Blacklist.Has("test"))
assert.Equal(t, userjwt.PostFormVarPrefix, jm.PostFormVarPrefix)
assert.Len(t, jm.JTI.Get(), uuidLen)
testClaims := map[string]interface{}{
"mascot": "gopher",
}
token, jti, err := jm.GenerateToken(testClaims)
assert.NoError(t, err)
assert.Empty(t, jti)
assert.NotEmpty(t, token)
haveToken, err := jm.Parse(token)
assert.NoError(t, err)
assert.True(t, haveToken.Valid)
assert.Equal(t, "gopher", haveToken.Claims["mascot"])
failedToken, err := jm.Parse(token + "c")
assert.Error(t, err)
assert.Nil(t, failedToken)
jmRSA, err := userjwt.New(userjwt.SetRSAFromFile("invalid.key"))
assert.Nil(t, jmRSA)
assert.Contains(t, err.Error(), "open invalid.key: no such file or directory")
}
func TestRSAEncryptedNoOrFailedPassword(t *testing.T) {
jm, err := userjwt.New(userjwt.SetRSAFromFile(pkFile))
assert.Contains(t, err.Error(), "Private Key is encrypted but password was not set")
assert.Nil(t, jm)
jm2, err2 := userjwt.New(userjwt.SetRSAFromFile(pkFile, []byte(`adfasdf`)))
assert.Contains(t, err2.Error(), "Private Key decryption failed: x509: decryption password incorrect")
assert.Nil(t, jm2)
}
func TestJTI(t *testing.T) {
jm, err := userjwt.New()
assert.NoError(t, err)
jm.EnableJTI = true
token, jti, err := jm.GenerateToken(nil)
assert.NoError(t, err)
assert.NotEmpty(t, jti)
assert.NotEmpty(t, token)
assert.Len(t, jti, uuidLen)
}
func testRsaOption(t *testing.T, opt userjwt.OptionFunc) {
jm, err := userjwt.New(opt)
assert.NoError(t, err)
assert.NotNil(t, jm)
token, _, err := jm.GenerateToken(nil)
assert.NoError(t, err)
assert.NotEmpty(t, token)
tk, err := jm.Parse(token)
assert.NoError(t, err)
assert.NotNil(t, tk)
assert.True(t, tk.Valid)
}
func testAuth(t *testing.T, opts ...userjwt.OptionFunc) (http.Handler, string) {
jm, err := userjwt.New(opts...)
assert.NoError(t, err)
token, _, err := jm.GenerateToken(map[string]interface{}{
"xfoo": "bar",
"zfoo": 4711,
})
assert.NoError(t, err)
final := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
// t.Logf("Check Form for map: %v\n", r.Form)
fmt.Fprint(w, r.Form.Encode())
})
authHandler := jm.Authorization(final)
return authHandler, token
}
func TestInvalidSigningMethod(t *testing.T) {
password := []byte(`Rump3lst!lzch3n`)
jm, err := userjwt.New(
userjwt.SetPassword(password),
)
assert.NoError(t, err)
tk := jwt.New(jwt.SigningMethodHS256)
tk.Claims["exp"] = time.Now().Add(time.Hour).Unix()
tk.Claims["iat"] = time.Now().Unix()
tk.Header["alg"] = "HS384"
malformedToken, err := tk.SignedString(password)
assert.NoError(t, err)
mt, err := jm.Parse(malformedToken)
assert.EqualError(t, err, userjwt.ErrUnexpectedSigningMethod.Error())
assert.Nil(t, mt)
}
func TestLogout(t *testing.T) {
tbl := &testBL{T: t}
jm, err := userjwt.New()
assert.NoError(t, err)
jm.Blacklist = tbl
token, _, err := jm.GenerateToken(nil)
assert.NoError(t, err)
tk, err := jm.Parse(token)
assert.NoError(t, err)
assert.NotNil(t, tk)
assert.Nil(t, jm.Logout(nil))
assert.Nil(t, jm.Logout(tk))
assert.Equal(t, int(time.Hour.Seconds()), 1+int(tbl.exp.Seconds()))
assert.Equal(t, token, tbl.token)
}
// BenchmarkAuthorizationHMAC-4 100000 20215 ns/op 5552 B/op 105 allocs/op
func BenchmarkAuthorizationHMAC(b *testing.B) {
/*
that benchmark gives a false impression because we're also
measuring the NewRequest/Response creation ...
*/
password := []byte(`Rump3lst!lzch3n`)
jm, err := userjwt.New(userjwt.SetPassword(password))
if err != nil {
b.Error(err)
}
token, _, err := jm.GenerateToken(map[string]interface{}{
"xfoo": "bar",
"zfoo": 4711,
})
if err != nil {
b.Error(err)
}
final := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
authHandler := jm.Authorization(final)
b.ReportAllocs()
b.ResetTimer()
for i := 0; i < b.N; i++ {
// <15 allocs>
req, err := http.NewRequest("GET", "http://auth.xyz", nil)
if err != nil {
b.Error(err)
}
req.Header.Set("Authorization", "Bearer "+token)
w := httptest.NewRecorder()
//</>
authHandler.ServeHTTP(w, req)
}
}
func TestPasswordFromConfig(t *testing.T) {
cfg := config.NewMockReader(
config.MockString(func(path string) string {
if path == userjwt.PathJWTPassword {
return `Rump3lst!lzch3n`
}
return ""
}),
)
jm, err := userjwt.New(
userjwt.SetPasswordFromConfig(cfg),
)
assert.NoError(t, err)
token, _, err := jm.GenerateToken(nil)
assert.NoError(t, err)
assert.NotEmpty(t, token)
}