github.com/argoproj/argo-cd/v3@v3.2.1/util/security/jwt_test.go (about) 1 package security 2 3 import ( 4 "testing" 5 "time" 6 7 "github.com/golang-jwt/jwt/v5" 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10 11 utiltest "github.com/argoproj/argo-cd/v3/util/test" 12 ) 13 14 func Test_UnverifiedHasAudClaim(t *testing.T) { 15 t.Parallel() 16 17 tokenForAud := func(t *testing.T, aud jwt.ClaimStrings) string { 18 t.Helper() 19 claims := jwt.RegisteredClaims{Audience: aud, Subject: "admin", ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24))} 20 token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims) 21 key, err := jwt.ParseRSAPrivateKeyFromPEM(utiltest.PrivateKey) 22 require.NoError(t, err) 23 tokenString, err := token.SignedString(key) 24 require.NoError(t, err) 25 return tokenString 26 } 27 28 testCases := []struct { 29 name string 30 aud jwt.ClaimStrings 31 expectedHasAud bool 32 }{ 33 { 34 name: "no audience", 35 aud: jwt.ClaimStrings{}, 36 expectedHasAud: false, 37 }, 38 { 39 name: "one empty audience", 40 aud: jwt.ClaimStrings{""}, 41 expectedHasAud: true, 42 }, 43 { 44 name: "one non-empty audience", 45 aud: jwt.ClaimStrings{"test"}, 46 expectedHasAud: true, 47 }, 48 } 49 50 for _, testCase := range testCases { 51 testCaseCopy := testCase 52 t.Run(testCaseCopy.name, func(t *testing.T) { 53 t.Parallel() 54 out, err := UnverifiedHasAudClaim(tokenForAud(t, testCaseCopy.aud)) 55 require.NoError(t, err) 56 assert.Equal(t, testCaseCopy.expectedHasAud, out) 57 }) 58 } 59 }