func TestGetters(t *testing.T) {
assert.False(t, IsAuthenticatedFromContext(context.Background()))
_, err := PoliciesFromContext(context.Background())
assert.NotNil(t, err)
_, err = SubjectFromContext(context.Background())
assert.NotNil(t, err)
_, err = TokenFromContext(context.Background())
assert.NotNil(t, err)
ctx := context.Background()
claims := hjwt.ClaimsCarrier{"sub": "peter"}
token := &jwt.Token{Valid: true}
policies := []policy.Policy{}
ctx = NewContextFromAuthValues(ctx, claims, token, policies)
assert.True(t, IsAuthenticatedFromContext(ctx))
policiesContext, err := PoliciesFromContext(ctx)
assert.Nil(t, err)
assert.Equal(t, policies, policiesContext)
subjectContext, err := SubjectFromContext(ctx)
assert.Nil(t, err)
assert.Equal(t, claims.GetSubject(), subjectContext)
tokenContext, err := TokenFromContext(ctx)
assert.Nil(t, err)
assert.Equal(t, token, tokenContext)
}
func TestLoadCertificate(t *testing.T) {
for _, c := range TestCertificates {
out, err := LoadCertificate(c[0])
assert.Nil(t, err)
assert.Equal(t, c[1], string(out))
}
_, err := LoadCertificate("")
assert.NotNil(t, err)
_, err = LoadCertificate("foobar")
assert.NotNil(t, err)
}
func TestCompareDifferent(t *testing.T) {
h := &BCrypt{
WorkFactor: 10,
}
password := "******"
hash, err := h.Hash(password)
assert.Nil(t, err)
assert.NotNil(t, hash)
err = h.Compare(hash, uuid.NewRandom().String())
assert.NotNil(t, err)
}
func TestAuthenticate(t *testing.T) {
account, err := store.Create("5", "5@bar", "secret", `{"foo": "bar"}`)
assert.Nil(t, err)
_, err = store.Authenticate("5@bar", "wrong secret")
assert.NotNil(t, err)
_, err = store.Authenticate("doesnotexist@foo", "secret")
assert.NotNil(t, err)
_, err = store.Authenticate("", "")
assert.NotNil(t, err)
result, err := store.Authenticate("5@bar", "secret")
assert.Nil(t, err)
assert.True(t, reflect.DeepEqual(account, result), "Results do not match: (%v) does not equal ($v)", &account, &result)
}
func TestClientGrantType(t *testing.T) {
router := mux.NewRouter()
handler.SetRoutes(router)
ts := httptest.NewServer(router)
defer ts.Close()
for k, c := range []*struct {
config *oauth2.Config
pass bool
}{
{configs["working"], true},
{configs["voidSecret"], false},
{configs["voidID"], false},
{configs["working"], true},
} {
conf := clientcredentials.Config{
ClientID: c.config.ClientID,
ClientSecret: c.config.ClientSecret,
TokenURL: ts.URL + c.config.Endpoint.TokenURL,
Scopes: c.config.Scopes,
}
_, err := conf.Token(oauth2.NoContext)
if c.pass {
assert.Nil(t, err, "Case %d\n%v", k, conf)
} else {
assert.NotNil(t, err, "Case %d\n%v", k, conf)
}
}
}
func TestPasswordGrantType(t *testing.T) {
router := mux.NewRouter()
handler.SetRoutes(router)
ts := httptest.NewServer(router)
defer ts.Close()
for k, c := range []struct {
config *oauth2.Config
user *userAuth
pass bool
}{
{configs["working"], logins["working"], true},
{configs["working"], logins["voidEmail"], false},
{configs["working"], logins["voidPassword"], false},
{configs["working"], logins["working"], true},
{configs["voidSecret"], logins["working"], false},
{configs["voidID"], logins["working"], false},
{configs["working"], logins["working"], true},
} {
config := *c.config
config.Endpoint = oauth2.Endpoint{AuthURL: ts.URL + "/oauth2/auth", TokenURL: ts.URL + "/oauth2/token"}
_, err := config.PasswordCredentialsToken(oauth2.NoContext, c.user.Username, c.user.Password)
if c.pass {
assert.Nil(t, err, "Case %d", k)
} else {
assert.NotNil(t, err, "Case %d", k)
}
}
}
func TestHash(t *testing.T) {
h := &BCrypt{
WorkFactor: 10,
}
password := "******"
hash, err := h.Hash(password)
assert.Nil(t, err)
assert.NotNil(t, hash)
assert.NotEqual(t, hash, password)
}
func TestSignRejectsAlgAndTypHeader(t *testing.T) {
j := New([]byte(TestCertificates[0][1]), []byte(TestCertificates[1][1]))
for _, c := range []map[string]interface{}{
map[string]interface{}{"alg": "foo"},
map[string]interface{}{"typ": "foo"},
map[string]interface{}{"typ": "foo", "alg": "foo"},
} {
_, err := j.SignToken(map[string]interface{}{}, c)
assert.NotNil(t, err)
}
}
func TestCompareEquals(t *testing.T) {
h := &BCrypt{
WorkFactor: 10,
}
password := "******"
hash, err := h.Hash(password)
assert.Nil(t, err)
assert.NotNil(t, hash)
err = h.Compare(hash, password)
assert.Nil(t, err)
}
func TestCreateAndGetCases(t *testing.T) {
for _, c := range []struct {
data []string
extra string
pass bool
find bool
}{
{[]string{"1", "1@bar", "secret"}, `{"foo": "bar"}`, true, true},
{[]string{"1", "1@foo", "secret"}, `{"foo": "bar"}`, false, true},
{[]string{"2", "1@bar", "secret"}, `{"foo": "bar"}`, false, false},
} {
result, err := store.Create(c.data[0], c.data[1], c.data[2], c.extra)
if c.pass {
assert.Nil(t, err)
assert.Equal(t, c.data[0], result.GetID())
assert.Equal(t, c.data[1], result.GetEmail())
assert.NotEqual(t, c.data[2], result.GetPassword())
assert.Equal(t, c.extra, result.GetData())
result, err = store.Get(c.data[0])
if c.find {
assert.Nil(t, err)
assert.Equal(t, c.data[0], result.GetID())
assert.Equal(t, c.data[1], result.GetEmail())
assert.NotEqual(t, c.data[2], result.GetPassword())
assert.Equal(t, c.extra, result.GetData())
} else {
assert.NotNil(t, err)
}
} else {
assert.NotNil(t, err)
_, err = store.Get(c.data[0])
if c.find {
assert.Nil(t, err)
} else {
assert.NotNil(t, err)
}
}
}
}
func TestDelete(t *testing.T) {
_, err := store.Create("2", "2@bar", "secret", `{"foo": "bar"}`)
assert.Nil(t, err)
_, err = store.Get("2")
assert.Nil(t, err)
err = store.Delete("2")
assert.Nil(t, err)
_, err = store.Get("2")
assert.NotNil(t, err)
}
func TestRegistry(t *testing.T) {
m := &provider{}
r := NewRegistry([]Provider{m})
p, err := r.Find("fooBar")
assert.Nil(t, err)
assert.Equal(t, m, p)
p, err = r.Find("foobar")
assert.Nil(t, err)
assert.Equal(t, m, p)
_, err = r.Find("bar")
assert.NotNil(t, err)
}
func TestUpdatePassword(t *testing.T) {
account, err := store.Create("4", "4@bar", "old secret", `{"foo": "bar"}`)
assert.Nil(t, err)
_, err = store.UpdatePassword("4", "wrong old secret", "new secret")
assert.NotNil(t, err)
updatedAccount, err := store.UpdatePassword("4", "old secret", "new secret")
assert.Nil(t, err)
resultAccount, err := store.Get("4")
assert.Nil(t, err)
assert.Equal(t, updatedAccount.GetPassword(), resultAccount.GetPassword())
assert.NotEqual(t, account.GetPassword(), resultAccount.GetPassword())
}
func TestUpdateEmail(t *testing.T) {
_, err := store.Create("3", "3@bar", "secret", `{"foo": "bar"}`)
assert.Nil(t, err)
_, err = store.UpdateEmail("3", "3@foo", "wrong secret")
assert.NotNil(t, err)
_, err = store.UpdateEmail("3", "3@foo", "secret")
assert.Nil(t, err)
r, err := store.Get("3")
assert.Nil(t, err)
assert.Equal(t, "3", r.GetID())
assert.Equal(t, "3@foo", r.GetEmail())
assert.NotEqual(t, "secret", r.GetPassword())
}
// NotNil asserts that the specified object is not nil.
//
// require.NotNil(t, err, "err should be something")
func NotNil(t TestingT, object interface{}, msgAndArgs ...interface{}) {
if !assert.NotNil(t, object, msgAndArgs...) {
t.FailNow()
}
}
func TestVerifyPassesHeaderAlgInjection(t *testing.T) {
j := New([]byte(TestCertificates[0][1]), []byte(TestCertificates[1][1]))
_, err := j.VerifyToken([]byte("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.BZXqpeQKnhMtyln2NnoNTUoz_BmyNR-vPHmCxfEpnzCegPZJeCPQiFmn6k7hYhYeWFhH0NhH7-c22-bAf656Esy5qdcxCrwgYSyXAbGQ4C9YsinGcliXeQYcYgOmj8gS2K5Xbj4g9StOB7KywZ_QTJc6FVOqqcgikYVtVA6bMKRrYB4ZS6ZFPdWYTWZ-qOyEg6V7o6-IWmCpEZXlyBgyfAanQkTISMyYuJFPCnFhjnmBUyz0JrWE4gQutOk1-Yw2ikym4GQDrkxrKnnmC_lSJ5I1daxq09oMNj4WRsckktOU64Wuk0PRq_CEpSIA7uHE-Ecgn4ZvRgyLaR1B8S2pAw"))
assert.NotNil(t, err)
}