github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/model/session/delegated_test.go (about)

     1  package session
     2  
     3  import (
     4  	"encoding/base64"
     5  	"testing"
     6  	"time"
     7  
     8  	"github.com/cozy/cozy-stack/model/instance"
     9  	"github.com/cozy/cozy-stack/pkg/config/config"
    10  
    11  	jwt "github.com/golang-jwt/jwt/v5"
    12  	"github.com/stretchr/testify/assert"
    13  )
    14  
    15  var delegatedInst *instance.Instance
    16  
    17  func TestDelegated(t *testing.T) {
    18  	var JWTSecret = []byte("foobar")
    19  
    20  	if testing.Short() {
    21  		t.Skip("an instance is required for this test: test skipped due to the use of --short flag")
    22  	}
    23  
    24  	config.UseTestFile(t)
    25  	conf := config.GetConfig()
    26  	conf.Authentication = make(map[string]interface{})
    27  	confAuth := make(map[string]interface{})
    28  	confAuth["jwt_secret"] = base64.StdEncoding.EncodeToString(JWTSecret)
    29  	conf.Authentication[config.DefaultInstanceContext] = confAuth
    30  
    31  	delegatedInst = &instance.Instance{Domain: "external.notmycozy.net"}
    32  
    33  	t.Run("GoodCheckDelegatedJWT", func(t *testing.T) {
    34  		token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{
    35  			RegisteredClaims: jwt.RegisteredClaims{
    36  				Subject:   "sruti",
    37  				IssuedAt:  jwt.NewNumericDate(time.Now()),
    38  				ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
    39  			},
    40  			Name:  "external.notmycozy.net",
    41  			Email: "sruti@external.notmycozy.net",
    42  			Code:  "student",
    43  		})
    44  		signed, err := token.SignedString(JWTSecret)
    45  		assert.NoError(t, err)
    46  		err = CheckDelegatedJWT(delegatedInst, signed)
    47  		assert.NoError(t, err)
    48  	})
    49  
    50  	t.Run("BadExpiredCheckDelegatedJWT", func(t *testing.T) {
    51  		token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{
    52  			RegisteredClaims: jwt.RegisteredClaims{
    53  				Subject:   "sruti",
    54  				IssuedAt:  jwt.NewNumericDate(time.Now().Add(-2 * time.Hour)),
    55  				ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
    56  			},
    57  			Name:  "external.notmycozy.net",
    58  			Email: "sruti@external.notmycozy.net",
    59  			Code:  "student",
    60  		})
    61  		signed, err := token.SignedString(JWTSecret)
    62  		assert.NoError(t, err)
    63  		err = CheckDelegatedJWT(delegatedInst, signed)
    64  		assert.Error(t, err)
    65  		assert.Contains(t, err.Error(), "expired")
    66  	})
    67  
    68  	t.Run("BadIssuerCheckDelegatedJWT", func(t *testing.T) {
    69  		token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{
    70  			RegisteredClaims: jwt.RegisteredClaims{
    71  				Subject:   "sruti",
    72  				IssuedAt:  jwt.NewNumericDate(time.Now()),
    73  				ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
    74  			},
    75  			Name:  "evil.notmycozy.net",
    76  			Email: "sruti@external.notmycozy.net",
    77  			Code:  "student",
    78  		})
    79  		signed, err := token.SignedString(JWTSecret)
    80  		assert.NoError(t, err)
    81  		err = CheckDelegatedJWT(delegatedInst, signed)
    82  		assert.Error(t, err)
    83  		assert.Contains(t, err.Error(), "Issuer")
    84  	})
    85  }