github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/plugin/oauth2/jwt_manager_test.go

github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/plugin/oauth2/jwt_manager_test.go (about)

     1  package oauth2
     2  
     3  import (
     4  	"context"
     5  	"testing"
     6  	"time"
     7  
     8  	jwtbase "github.com/dgrijalva/jwt-go"
     9  	"github.com/hellofresh/janus/pkg/jwt"
    10  	"github.com/hellofresh/janus/pkg/metrics"
    11  	"github.com/hellofresh/stats-go"
    12  	"github.com/stretchr/testify/assert"
    13  	"github.com/stretchr/testify/require"
    14  )
    15  
    16  func TestJWTManagerValidKey(t *testing.T) {
    17  	signingMethod := jwt.SigningMethod{Alg: "HS256", Key: "secret"}
    18  	config := jwt.NewParserConfig(0, signingMethod)
    19  	parser := jwt.NewParser(config)
    20  	manager := NewJWTManager(parser)
    21  
    22  	token, err := issueToken(signingMethod, 1*time.Hour)
    23  	require.NoError(t, err)
    24  
    25  	client, err := stats.NewClient("noop://")
    26  	require.NoError(t, err)
    27  
    28  	ctx := metrics.NewContext(context.Background(), client)
    29  	assert.True(t, manager.IsKeyAuthorized(ctx, token))
    30  }
    31  
    32  func TestJWTManagerInvalidKey(t *testing.T) {
    33  	signingMethod := jwt.SigningMethod{Alg: "HS256", Key: "secret"}
    34  	config := jwt.NewParserConfig(0, signingMethod)
    35  	parser := jwt.NewParser(config)
    36  	manager := NewJWTManager(parser)
    37  
    38  	client, err := stats.NewClient("noop://")
    39  	require.NoError(t, err)
    40  
    41  	ctx := metrics.NewContext(context.Background(), client)
    42  	assert.False(t, manager.IsKeyAuthorized(ctx, "wrong"))
    43  }
    44  
    45  func TestJWTManagerNilContext(t *testing.T) {
    46  	signingMethod := jwt.SigningMethod{Alg: "HS256", Key: "secret"}
    47  	config := jwt.NewParserConfig(0, signingMethod)
    48  	parser := jwt.NewParser(config)
    49  	manager := NewJWTManager(parser)
    50  
    51  	assert.False(t, manager.IsKeyAuthorized(nil, "wrong"))
    52  }
    53  
    54  func TestJWTManagerNilStast(t *testing.T) {
    55  	signingMethod := jwt.SigningMethod{Alg: "HS256", Key: "secret"}
    56  	config := jwt.NewParserConfig(0, signingMethod)
    57  	parser := jwt.NewParser(config)
    58  	manager := NewJWTManager(parser)
    59  
    60  	assert.False(t, manager.IsKeyAuthorized(context.Background(), "wrong"))
    61  }
    62  
    63  func issueToken(signingMethod jwt.SigningMethod, expireIn time.Duration) (string, error) {
    64  	token := jwtbase.New(jwtbase.GetSigningMethod(signingMethod.Alg))
    65  	claims := token.Claims.(jwtbase.MapClaims)
    66  
    67  	expire := time.Now().Add(expireIn)
    68  	claims["exp"] = expire.Unix()
    69  	claims["iat"] = time.Now().Unix()
    70  
    71  	// currently only HSXXX algorithms are supported for issuing admin token, so we cast key to bytes array
    72  	return token.SignedString([]byte(signingMethod.Key))
    73  }