code.gitea.io/gitea@v1.22.3/services/actions/auth_test.go (about)

     1  // Copyright 2024 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package actions
     5  
     6  import (
     7  	"net/http"
     8  	"testing"
     9  
    10  	"code.gitea.io/gitea/modules/json"
    11  	"code.gitea.io/gitea/modules/setting"
    12  
    13  	"github.com/golang-jwt/jwt/v5"
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestCreateAuthorizationToken(t *testing.T) {
    18  	var taskID int64 = 23
    19  	token, err := CreateAuthorizationToken(taskID, 1, 2)
    20  	assert.Nil(t, err)
    21  	assert.NotEqual(t, "", token)
    22  	claims := jwt.MapClaims{}
    23  	_, err = jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
    24  		return setting.GetGeneralTokenSigningSecret(), nil
    25  	})
    26  	assert.Nil(t, err)
    27  	scp, ok := claims["scp"]
    28  	assert.True(t, ok, "Has scp claim in jwt token")
    29  	assert.Contains(t, scp, "Actions.Results:1:2")
    30  	taskIDClaim, ok := claims["TaskID"]
    31  	assert.True(t, ok, "Has TaskID claim in jwt token")
    32  	assert.Equal(t, float64(taskID), taskIDClaim, "Supplied taskid must match stored one")
    33  	acClaim, ok := claims["ac"]
    34  	assert.True(t, ok, "Has ac claim in jwt token")
    35  	ac, ok := acClaim.(string)
    36  	assert.True(t, ok, "ac claim is a string for buildx gha cache")
    37  	scopes := []actionsCacheScope{}
    38  	err = json.Unmarshal([]byte(ac), &scopes)
    39  	assert.NoError(t, err, "ac claim is a json list for buildx gha cache")
    40  	assert.GreaterOrEqual(t, len(scopes), 1, "Expected at least one action cache scope for buildx gha cache")
    41  }
    42  
    43  func TestParseAuthorizationToken(t *testing.T) {
    44  	var taskID int64 = 23
    45  	token, err := CreateAuthorizationToken(taskID, 1, 2)
    46  	assert.Nil(t, err)
    47  	assert.NotEqual(t, "", token)
    48  	headers := http.Header{}
    49  	headers.Set("Authorization", "Bearer "+token)
    50  	rTaskID, err := ParseAuthorizationToken(&http.Request{
    51  		Header: headers,
    52  	})
    53  	assert.Nil(t, err)
    54  	assert.Equal(t, taskID, rTaskID)
    55  }
    56  
    57  func TestParseAuthorizationTokenNoAuthHeader(t *testing.T) {
    58  	headers := http.Header{}
    59  	rTaskID, err := ParseAuthorizationToken(&http.Request{
    60  		Header: headers,
    61  	})
    62  	assert.Nil(t, err)
    63  	assert.Equal(t, int64(0), rTaskID)
    64  }