github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/jwt/basic/password_verifier_test.go (about) 1 package basic 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "strings" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 ) 12 13 var ( 14 r *http.Request 15 httpClient *http.Client 16 ) 17 18 func TestPasswordVerifier(t *testing.T) { 19 tests := []struct { 20 scenario string 21 function func(*testing.T, *PasswordVerifier) 22 }{ 23 { 24 scenario: "when credentials are sent as form parameters", 25 function: testSendFormParamsCredentials, 26 }, 27 { 28 scenario: "when credentials are sent as application/json", 29 function: testSendJSONCredentials, 30 }, 31 { 32 scenario: "when basic header is sent", 33 function: testBasicHeaderCredentials, 34 }, 35 { 36 scenario: "when credentials are sent as application/json;charset=UTF-8", 37 function: testSendJSONWithCharsetCredentials, 38 }, 39 { 40 scenario: "when invalid credentials are given we should get an error", 41 function: testInvalidCredentialsGiven, 42 }, 43 { 44 scenario: "when no credentials are given we should get an error", 45 function: testNoCredentialsGiven, 46 }, 47 } 48 49 for _, test := range tests { 50 t.Run(test.scenario, func(t *testing.T) { 51 t.Parallel() 52 verifier := NewPasswordVerifier([]*user{ 53 {Username: "user1", Password: "test"}, 54 {Username: "user2", Password: "test"}, 55 }) 56 57 test.function(t, verifier) 58 }) 59 } 60 } 61 62 func testSendFormParamsCredentials(t *testing.T, v *PasswordVerifier) { 63 r := httptest.NewRequest("GET", "/", nil) 64 r.ParseForm() 65 r.Form.Add("username", "user1") 66 r.Form.Add("password", "test") 67 68 result, err := v.Verify(r, httpClient) 69 70 require.NoError(t, err) 71 assert.True(t, result) 72 } 73 74 func testSendJSONCredentials(t *testing.T, v *PasswordVerifier) { 75 r := httptest.NewRequest("GET", "/", strings.NewReader(`{"username": "user1", "password": "test"}`)) 76 r.Header.Add("Content-Type", "application/json") 77 result, err := v.Verify(r, httpClient) 78 79 require.NoError(t, err) 80 assert.True(t, result) 81 } 82 83 func testBasicHeaderCredentials(t *testing.T, v *PasswordVerifier) { 84 r := httptest.NewRequest("GET", "/", nil) 85 r.SetBasicAuth("user1", "test") 86 result, err := v.Verify(r, httpClient) 87 88 require.NoError(t, err) 89 assert.True(t, result) 90 } 91 92 func testSendJSONWithCharsetCredentials(t *testing.T, v *PasswordVerifier) { 93 r := httptest.NewRequest("GET", "/", strings.NewReader(`{"username": "user1", "password": "test"}`)) 94 r.Header.Add("Content-Type", "application/json;charset=UTF-8") 95 result, err := v.Verify(r, httpClient) 96 97 require.NoError(t, err) 98 assert.True(t, result) 99 } 100 101 func testInvalidCredentialsGiven(t *testing.T, v *PasswordVerifier) { 102 r := httptest.NewRequest("GET", "/", nil) 103 r.ParseForm() 104 r.Form.Add("username", "user1") 105 r.Form.Add("password", "wrong") 106 107 result, err := v.Verify(r, httpClient) 108 109 require.Error(t, err) 110 assert.False(t, result) 111 } 112 113 func testNoCredentialsGiven(t *testing.T, v *PasswordVerifier) { 114 r := httptest.NewRequest("GET", "/", nil) 115 result, err := v.Verify(r, httpClient) 116 117 require.Error(t, err) 118 assert.False(t, result) 119 }