mirror of
https://github.com/PostHog/posthog.git
synced 2024-11-24 18:07:17 +01:00
100 lines
2.3 KiB
Go
100 lines
2.3 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"testing"
|
||
|
"time"
|
||
|
|
||
|
"github.com/golang-jwt/jwt"
|
||
|
"github.com/spf13/viper"
|
||
|
)
|
||
|
|
||
|
func TestDecodeAuthToken(t *testing.T) {
|
||
|
// Set up a mock secret for testing
|
||
|
viper.Set("jwt.secret", "test-secret")
|
||
|
|
||
|
tests := []struct {
|
||
|
name string
|
||
|
authHeader string
|
||
|
expectError bool
|
||
|
expectedAud string
|
||
|
}{
|
||
|
{
|
||
|
name: "Valid token",
|
||
|
authHeader: "Bearer " + createValidToken(ExpectedScope),
|
||
|
expectError: false,
|
||
|
expectedAud: ExpectedScope,
|
||
|
},
|
||
|
{
|
||
|
name: "Invalid token format",
|
||
|
authHeader: "InvalidToken",
|
||
|
expectError: true,
|
||
|
},
|
||
|
{
|
||
|
name: "Missing Bearer prefix",
|
||
|
authHeader: createValidToken(ExpectedScope),
|
||
|
expectError: true,
|
||
|
},
|
||
|
{
|
||
|
name: "Invalid audience",
|
||
|
authHeader: "Bearer " + createValidToken("invalid:scope"),
|
||
|
expectError: true,
|
||
|
},
|
||
|
{
|
||
|
name: "Expired token",
|
||
|
authHeader: "Bearer " + createExpiredToken(),
|
||
|
expectError: true,
|
||
|
},
|
||
|
{
|
||
|
name: "Invalid signature",
|
||
|
authHeader: "Bearer " + createTokenWithInvalidSignature(),
|
||
|
expectError: true,
|
||
|
},
|
||
|
}
|
||
|
|
||
|
for _, tt := range tests {
|
||
|
t.Run(tt.name, func(t *testing.T) {
|
||
|
claims, err := decodeAuthToken(tt.authHeader)
|
||
|
|
||
|
if tt.expectError {
|
||
|
if err == nil {
|
||
|
t.Errorf("Expected an error, but got nil")
|
||
|
}
|
||
|
} else {
|
||
|
if err != nil {
|
||
|
t.Errorf("Unexpected error: %v", err)
|
||
|
}
|
||
|
if claims["aud"] != tt.expectedAud {
|
||
|
t.Errorf("Expected audience %s, but got %s", tt.expectedAud, claims["aud"])
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func createValidToken(audience string) string {
|
||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||
|
"aud": audience,
|
||
|
"exp": time.Now().Add(time.Hour).Unix(),
|
||
|
})
|
||
|
tokenString, _ := token.SignedString([]byte(viper.GetString("jwt.secret")))
|
||
|
return tokenString
|
||
|
}
|
||
|
|
||
|
func createExpiredToken() string {
|
||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||
|
"aud": ExpectedScope,
|
||
|
"exp": time.Now().Add(-time.Hour).Unix(),
|
||
|
})
|
||
|
tokenString, _ := token.SignedString([]byte(viper.GetString("jwt.secret")))
|
||
|
return tokenString
|
||
|
}
|
||
|
|
||
|
func createTokenWithInvalidSignature() string {
|
||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||
|
"aud": ExpectedScope,
|
||
|
"exp": time.Now().Add(time.Hour).Unix(),
|
||
|
})
|
||
|
tokenString, _ := token.SignedString([]byte("wrong-secret"))
|
||
|
return tokenString
|
||
|
}
|