github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/model/session/delegated_test.go (about) 1 package session 2 3 import ( 4 "encoding/base64" 5 "testing" 6 "time" 7 8 "github.com/cozy/cozy-stack/model/instance" 9 "github.com/cozy/cozy-stack/pkg/config/config" 10 11 jwt "github.com/golang-jwt/jwt/v5" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 var delegatedInst *instance.Instance 16 17 func TestDelegated(t *testing.T) { 18 var JWTSecret = []byte("foobar") 19 20 if testing.Short() { 21 t.Skip("an instance is required for this test: test skipped due to the use of --short flag") 22 } 23 24 config.UseTestFile(t) 25 conf := config.GetConfig() 26 conf.Authentication = make(map[string]interface{}) 27 confAuth := make(map[string]interface{}) 28 confAuth["jwt_secret"] = base64.StdEncoding.EncodeToString(JWTSecret) 29 conf.Authentication[config.DefaultInstanceContext] = confAuth 30 31 delegatedInst = &instance.Instance{Domain: "external.notmycozy.net"} 32 33 t.Run("GoodCheckDelegatedJWT", func(t *testing.T) { 34 token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{ 35 RegisteredClaims: jwt.RegisteredClaims{ 36 Subject: "sruti", 37 IssuedAt: jwt.NewNumericDate(time.Now()), 38 ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)), 39 }, 40 Name: "external.notmycozy.net", 41 Email: "sruti@external.notmycozy.net", 42 Code: "student", 43 }) 44 signed, err := token.SignedString(JWTSecret) 45 assert.NoError(t, err) 46 err = CheckDelegatedJWT(delegatedInst, signed) 47 assert.NoError(t, err) 48 }) 49 50 t.Run("BadExpiredCheckDelegatedJWT", func(t *testing.T) { 51 token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{ 52 RegisteredClaims: jwt.RegisteredClaims{ 53 Subject: "sruti", 54 IssuedAt: jwt.NewNumericDate(time.Now().Add(-2 * time.Hour)), 55 ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)), 56 }, 57 Name: "external.notmycozy.net", 58 Email: "sruti@external.notmycozy.net", 59 Code: "student", 60 }) 61 signed, err := token.SignedString(JWTSecret) 62 assert.NoError(t, err) 63 err = CheckDelegatedJWT(delegatedInst, signed) 64 assert.Error(t, err) 65 assert.Contains(t, err.Error(), "expired") 66 }) 67 68 t.Run("BadIssuerCheckDelegatedJWT", func(t *testing.T) { 69 token := jwt.NewWithClaims(jwt.SigningMethodHS256, ExternalClaims{ 70 RegisteredClaims: jwt.RegisteredClaims{ 71 Subject: "sruti", 72 IssuedAt: jwt.NewNumericDate(time.Now()), 73 ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)), 74 }, 75 Name: "evil.notmycozy.net", 76 Email: "sruti@external.notmycozy.net", 77 Code: "student", 78 }) 79 signed, err := token.SignedString(JWTSecret) 80 assert.NoError(t, err) 81 err = CheckDelegatedJWT(delegatedInst, signed) 82 assert.Error(t, err) 83 assert.Contains(t, err.Error(), "Issuer") 84 }) 85 }