97 lines
2.7 KiB
Go
97 lines
2.7 KiB
Go
package jwt
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
func TestJWTManagerGenerateAndParseAuthToken(t *testing.T) {
|
|
mgr := NewJWTManager("secret", 2*time.Minute, 10*time.Minute)
|
|
|
|
token, err := mgr.GenerateAuthToken("user-1", "alice")
|
|
if err != nil {
|
|
t.Fatalf("generate auth token: %v", err)
|
|
}
|
|
|
|
claims, err := mgr.ParseAuthToken(token)
|
|
if err != nil {
|
|
t.Fatalf("parse auth token: %v", err)
|
|
}
|
|
if claims.UserID != "user-1" {
|
|
t.Fatalf("expected user id user-1, got %q", claims.UserID)
|
|
}
|
|
if claims.Username != "alice" {
|
|
t.Fatalf("expected username alice, got %q", claims.Username)
|
|
}
|
|
if claims.TokenType != TokenTypeAuth {
|
|
t.Fatalf("expected token type %q, got %q", TokenTypeAuth, claims.TokenType)
|
|
}
|
|
}
|
|
|
|
func TestJWTManagerRejectsWrongTokenType(t *testing.T) {
|
|
mgr := NewJWTManager("secret", time.Minute, time.Minute)
|
|
|
|
refreshToken, err := mgr.GenerateRefreshToken("user-1", "alice")
|
|
if err != nil {
|
|
t.Fatalf("generate refresh token: %v", err)
|
|
}
|
|
if _, err := mgr.ParseAuthToken(refreshToken); err == nil {
|
|
t.Fatal("expected error when parsing refresh token as auth token")
|
|
}
|
|
|
|
authToken, err := mgr.GenerateAuthToken("user-1", "alice")
|
|
if err != nil {
|
|
t.Fatalf("generate auth token: %v", err)
|
|
}
|
|
if _, err := mgr.ParseRefreshToken(authToken); err == nil {
|
|
t.Fatal("expected error when parsing auth token as refresh token")
|
|
}
|
|
}
|
|
|
|
func TestJWTManagerRejectsInvalidOrTamperedToken(t *testing.T) {
|
|
mgr := NewJWTManager("secret", time.Minute, time.Minute)
|
|
|
|
if _, err := mgr.ParseAuthToken("not-a-token"); err == nil {
|
|
t.Fatal("expected parse error for malformed token")
|
|
}
|
|
|
|
token, err := mgr.GenerateAuthToken("user-1", "alice")
|
|
if err != nil {
|
|
t.Fatalf("generate auth token: %v", err)
|
|
}
|
|
|
|
otherMgr := NewJWTManager("different-secret", time.Minute, time.Minute)
|
|
if _, err := otherMgr.ParseAuthToken(token); err == nil {
|
|
t.Fatal("expected signature validation error with different secret")
|
|
}
|
|
}
|
|
|
|
func TestJWTManagerRejectsExpiredToken(t *testing.T) {
|
|
mgr := NewJWTManager("secret", -1*time.Second, time.Minute)
|
|
|
|
token, err := mgr.GenerateAuthToken("user-1", "alice")
|
|
if err != nil {
|
|
t.Fatalf("generate expired auth token: %v", err)
|
|
}
|
|
|
|
if _, err := mgr.ParseAuthToken(token); err == nil {
|
|
t.Fatal("expected expired token error")
|
|
}
|
|
}
|
|
|
|
func TestJWTManagerRejectsNonHMACAlgorithm(t *testing.T) {
|
|
mgr := NewJWTManager("secret", time.Minute, time.Minute)
|
|
|
|
noneToken := jwt.NewWithClaims(jwt.SigningMethodNone, Claims{UserID: "u", Username: "n", TokenType: TokenTypeAuth})
|
|
tokenStr, err := noneToken.SignedString(jwt.UnsafeAllowNoneSignatureType)
|
|
if err != nil {
|
|
t.Fatalf("sign none token: %v", err)
|
|
}
|
|
|
|
if _, err := mgr.ParseAuthToken(tokenStr); err == nil {
|
|
t.Fatal("expected error for non-HMAC algorithm")
|
|
}
|
|
}
|