Exemple #1
0
func TestInvalidSigningMethod(t *testing.T) {
	password := []byte(`Rump3lst!lzch3n`)
	jm, err := userjwt.New(
		userjwt.SetPassword(password),
	)
	assert.NoError(t, err)

	tk := jwt.New(jwt.SigningMethodHS256)
	tk.Claims["exp"] = time.Now().Add(time.Hour).Unix()
	tk.Claims["iat"] = time.Now().Unix()
	tk.Header["alg"] = "HS384"
	malformedToken, err := tk.SignedString(password)
	assert.NoError(t, err)

	mt, err := jm.Parse(malformedToken)
	assert.EqualError(t, err, userjwt.ErrUnexpectedSigningMethod.Error())
	assert.Nil(t, mt)
}
Exemple #2
0
// BenchmarkAuthorizationHMAC-4	  100000	     20215 ns/op	    5552 B/op	     105 allocs/op
func BenchmarkAuthorizationHMAC(b *testing.B) {

	/*
		that benchmark gives a false impression because we're also
		measuring the NewRequest/Response creation ...
	*/

	password := []byte(`Rump3lst!lzch3n`)
	jm, err := userjwt.New(userjwt.SetPassword(password))
	if err != nil {
		b.Error(err)
	}
	token, _, err := jm.GenerateToken(map[string]interface{}{
		"xfoo": "bar",
		"zfoo": 4711,
	})
	if err != nil {
		b.Error(err)
	}

	final := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)
	})
	authHandler := jm.Authorization(final)

	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		// <15 allocs>
		req, err := http.NewRequest("GET", "http://auth.xyz", nil)
		if err != nil {
			b.Error(err)
		}
		req.Header.Set("Authorization", "Bearer "+token)
		w := httptest.NewRecorder()
		//</>

		authHandler.ServeHTTP(w, req)

	}
}