github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/pkg/crypto/jwt_test.go

github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/pkg/crypto/jwt_test.go (about)

     1  package crypto
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	jwt "github.com/golang-jwt/jwt/v5"
     8  	"github.com/stretchr/testify/assert"
     9  )
    10  
    11  type Claims struct {
    12  	jwt.RegisteredClaims
    13  	Foo string `json:"foo"`
    14  }
    15  
    16  func TestNewJWT(t *testing.T) {
    17  	secret := GenerateRandomBytes(64)
    18  	tokenString, err := NewJWT(secret, jwt.RegisteredClaims{
    19  		Audience: jwt.ClaimStrings{"test"},
    20  		Issuer:   "example.org",
    21  		IssuedAt: jwt.NewNumericDate(time.Now()),
    22  		Subject:  "cozy.io",
    23  	})
    24  	assert.NoError(t, err)
    25  
    26  	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
    27  		_, ok := token.Method.(*jwt.SigningMethodHMAC)
    28  		assert.True(t, ok, "The signing method should be HMAC")
    29  		return secret, nil
    30  	})
    31  	assert.NoError(t, err)
    32  	assert.True(t, token.Valid)
    33  
    34  	claims, ok := token.Claims.(jwt.MapClaims)
    35  	assert.True(t, ok, "Claims can be parsed as standard claims")
    36  	assert.Equal(t, []interface{}{"test"}, claims["aud"])
    37  	assert.Equal(t, "example.org", claims["iss"])
    38  	assert.Equal(t, "cozy.io", claims["sub"])
    39  }
    40  
    41  func TestParseJWT(t *testing.T) {
    42  	secret := GenerateRandomBytes(64)
    43  	tokenString, err := NewJWT(secret, Claims{
    44  		jwt.RegisteredClaims{
    45  			Audience: jwt.ClaimStrings{"test"},
    46  			Issuer:   "example.org",
    47  			IssuedAt: jwt.NewNumericDate(time.Now()),
    48  			Subject:  "cozy.io",
    49  		},
    50  		"bar",
    51  	})
    52  	assert.NoError(t, err)
    53  
    54  	claims := Claims{}
    55  	err = ParseJWT(tokenString, func(token *jwt.Token) (interface{}, error) {
    56  		return secret, nil
    57  	}, &claims)
    58  	assert.NoError(t, err)
    59  	assert.Equal(t, jwt.ClaimStrings{"test"}, claims.Audience)
    60  	assert.Equal(t, "example.org", claims.Issuer)
    61  	assert.Equal(t, "cozy.io", claims.Subject)
    62  	assert.Equal(t, "bar", claims.Foo)
    63  }
    64  
    65  func TestParseInvalidJWT(t *testing.T) {
    66  	secret := GenerateRandomBytes(64)
    67  	tokenString, err := NewJWT(secret, Claims{
    68  		jwt.RegisteredClaims{
    69  			Audience: jwt.ClaimStrings{"test"},
    70  			Issuer:   "example.org",
    71  			IssuedAt: jwt.NewNumericDate(time.Now()),
    72  			Subject:  "cozy.io",
    73  		},
    74  		"bar",
    75  	})
    76  	assert.NoError(t, err)
    77  
    78  	err = ParseJWT("invalid-token", func(token *jwt.Token) (interface{}, error) {
    79  		return secret, nil
    80  	}, &Claims{})
    81  	assert.Error(t, err)
    82  
    83  	invalidSecret := GenerateRandomBytes(64)
    84  	err = ParseJWT(tokenString, func(token *jwt.Token) (interface{}, error) {
    85  		return invalidSecret, nil
    86  	}, &Claims{})
    87  	assert.Error(t, err)
    88  }