func TestInvalidSigningMethod(t *testing.T) {
password := []byte(`Rump3lst!lzch3n`)
jm, err := userjwt.New(
userjwt.SetPassword(password),
)
assert.NoError(t, err)
tk := jwt.New(jwt.SigningMethodHS256)
tk.Claims["exp"] = time.Now().Add(time.Hour).Unix()
tk.Claims["iat"] = time.Now().Unix()
tk.Header["alg"] = "HS384"
malformedToken, err := tk.SignedString(password)
assert.NoError(t, err)
mt, err := jm.Parse(malformedToken)
assert.EqualError(t, err, userjwt.ErrUnexpectedSigningMethod.Error())
assert.Nil(t, mt)
}
// BenchmarkAuthorizationHMAC-4 100000 20215 ns/op 5552 B/op 105 allocs/op
func BenchmarkAuthorizationHMAC(b *testing.B) {
/*
that benchmark gives a false impression because we're also
measuring the NewRequest/Response creation ...
*/
password := []byte(`Rump3lst!lzch3n`)
jm, err := userjwt.New(userjwt.SetPassword(password))
if err != nil {
b.Error(err)
}
token, _, err := jm.GenerateToken(map[string]interface{}{
"xfoo": "bar",
"zfoo": 4711,
})
if err != nil {
b.Error(err)
}
final := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
authHandler := jm.Authorization(final)
b.ReportAllocs()
b.ResetTimer()
for i := 0; i < b.N; i++ {
// <15 allocs>
req, err := http.NewRequest("GET", "http://auth.xyz", nil)
if err != nil {
b.Error(err)
}
req.Header.Set("Authorization", "Bearer "+token)
w := httptest.NewRecorder()
//</>
authHandler.ServeHTTP(w, req)
}
}