func TestInvalidSigningMethod(t *testing.T) { password := []byte(`Rump3lst!lzch3n`) jm, err := userjwt.New( userjwt.SetPassword(password), ) assert.NoError(t, err) tk := jwt.New(jwt.SigningMethodHS256) tk.Claims["exp"] = time.Now().Add(time.Hour).Unix() tk.Claims["iat"] = time.Now().Unix() tk.Header["alg"] = "HS384" malformedToken, err := tk.SignedString(password) assert.NoError(t, err) mt, err := jm.Parse(malformedToken) assert.EqualError(t, err, userjwt.ErrUnexpectedSigningMethod.Error()) assert.Nil(t, mt) }
// BenchmarkAuthorizationHMAC-4 100000 20215 ns/op 5552 B/op 105 allocs/op func BenchmarkAuthorizationHMAC(b *testing.B) { /* that benchmark gives a false impression because we're also measuring the NewRequest/Response creation ... */ password := []byte(`Rump3lst!lzch3n`) jm, err := userjwt.New(userjwt.SetPassword(password)) if err != nil { b.Error(err) } token, _, err := jm.GenerateToken(map[string]interface{}{ "xfoo": "bar", "zfoo": 4711, }) if err != nil { b.Error(err) } final := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) }) authHandler := jm.Authorization(final) b.ReportAllocs() b.ResetTimer() for i := 0; i < b.N; i++ { // <15 allocs> req, err := http.NewRequest("GET", "http://auth.xyz", nil) if err != nil { b.Error(err) } req.Header.Set("Authorization", "Bearer "+token) w := httptest.NewRecorder() //</> authHandler.ServeHTTP(w, req) } }