-
Notifications
You must be signed in to change notification settings - Fork 19
/
verify_test.go
127 lines (102 loc) · 3.12 KB
/
verify_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package jwt
import (
"bytes"
"errors"
"reflect"
"testing"
)
// The actual implementation tests live inside token_test.go and each algorithm's test file.
type tokenValidatorTest struct {
}
var errTestvalidateToken = errors.New("test token validator error")
func (v tokenValidatorTest) ValidateToken(token []byte, claims Claims, err error) error {
if err != nil {
return err
}
return errTestvalidateToken
}
func TestVerify(t *testing.T) {
if _, err := Verify(testAlg, testSecret, nil); err == nil {
t.Fatalf("expected error to be: %v", ErrMissing)
}
_, err := Verify(testAlg, testSecret, testToken, tokenValidatorTest{})
if err != errTestvalidateToken {
t.Fatalf("expected verify token validator error: %v but got: %v", errTestvalidateToken, err)
}
_, err = Verify(testAlg, []byte("othersecret"), testToken, tokenValidatorTest{})
if err != ErrTokenSignature {
t.Fatalf("expected verify error: %v but got: %v", ErrTokenSignature, err)
}
}
func TestPlainTokenValidator(t *testing.T) {
payload := []byte("test raw\ncontents")
token, err := Sign(testAlg, testSecret, payload)
if err != nil {
t.Fatal(err)
}
verifiedToken, err := Verify(testAlg, testSecret, token, Plain) // The user MUST enforce this option to allow raw payloads, it's a security feature.
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(verifiedToken.Payload, payload) {
t.Fatalf("expected raw payload to match: %q but got: %q", payload, verifiedToken.Payload)
}
}
func TestVerifyWithSingleAudienceString_CustomClaims(t *testing.T) {
type customClaims struct {
Key string `json:"key"`
Audience string `json:"aud"` // test custom struct with a single string as audience (see #3).
}
tok := customClaims{"test key", "api"}
token, err := Sign(testAlg, testSecret, tok)
if err != nil {
t.Fatal(err)
}
verifiedToken, err := Verify(testAlg, testSecret, token)
if err != nil {
t.Fatal(err)
}
var got customClaims
err = verifiedToken.Claims(&got)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(got, tok) {
t.Fatalf("expected:\n%#+v\n\nbut got:\n%#+v", tok, got)
}
}
func TestVerifyWithSingleAudienceString_CustomClaimsAndStandard(t *testing.T) {
type customClaims struct {
Key string `json:"key"`
}
standardClaims := Claims{Audience: []string{"api"}}
custom := customClaims{"test key"}
token, err := Sign(testAlg, testSecret, custom, standardClaims)
if err != nil {
t.Fatal(err)
}
verifiedToken, err := Verify(testAlg, testSecret, token)
if err != nil {
t.Fatal(err)
}
var gotCustom customClaims
err = verifiedToken.Claims(&gotCustom)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(gotCustom, custom) {
t.Fatalf("expected:\n%#+v\n\nbut got:\n%#+v", custom, gotCustom)
}
var gotStandard Claims
err = verifiedToken.Claims(&gotStandard)
if err != nil {
t.Fatal(err)
}
// here we validate the Audience.UnmarshalJSON
if !reflect.DeepEqual(gotStandard, standardClaims) {
t.Fatalf("expected:\n%#+v\n\nbut got:\n%#+v", standardClaims, gotStandard)
}
if !reflect.DeepEqual(verifiedToken.StandardClaims, standardClaims) {
t.Fatalf("expected:\n%#+v\n\nbut got:\n%#+v", standardClaims, gotStandard)
}
}