github.com/minio/console@v1.4.1/pkg/auth/token_test.go (about) 1 // This file is part of MinIO Console Server 2 // Copyright (c) 2021 MinIO, Inc. 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Affero General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17 package auth 18 19 import ( 20 "testing" 21 22 "github.com/minio/minio-go/v7/pkg/credentials" 23 "github.com/stretchr/testify/assert" 24 ) 25 26 var creds = &credentials.Value{ 27 AccessKeyID: "fakeAccessKeyID", 28 SecretAccessKey: "fakeSecretAccessKey", 29 SessionToken: "fakeSessionToken", 30 SignerType: 0, 31 } 32 33 var ( 34 goodToken = "" 35 badToken = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoiRDMwYWE0ekQ1bWtFaFRyWm5yOWM3NWh0Yko0MkROOWNDZVQ5RHVHUkg1U25SR3RyTXZNOXBMdnlFSVJAAAE5eWxxekhYMXllck8xUXpzMlZzRVFKeUF2ZmpOaDkrTVdoUURWZ2FhK2R5emxzSjNpK0k1dUdoeW5DNWswUW83WEY0UWszY0RtUTdUQUVROVFEbWRKdjBkdVB5L25hQk5vM3dIdlRDZHFNRDJZN3kycktJbmVUbUlFNmVveW9EWmprcW5tckVoYmMrTlhTRU81WjZqa1kwZ1E2eXZLaWhUZGxBRS9zS1lBNlc4Q1R1cm1MU0E0b0dIcGtldFZWU0VXMHEzNU9TU1VaczRXNkxHdGMxSTFWVFZLWUo3ZTlHR2REQ3hMWGtiZHQwcjl0RDNMWUhWRndra0dSZit5ZHBzS1Y3L1Jtbkp3SHNqNVVGV0w5WGVHUkZVUjJQclJTN2plVzFXeGZuYitVeXoxNVpOMzZsZ01GNnBlWFd1LzJGcEtrb2Z2QzNpY2x5Rmp0SE45ZkxYTVpVSFhnV2lsQWVSa3oiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE1ODc1MTY1NzEsInN1YiI6ImZmYmY4YzljLTJlMjYtNGMwYS1iMmI0LTYyMmVhM2I1YjZhYiJ9.P392RUwzsrBeJOO3fS1xMZcF-lWiDvWZ5hM7LZOyFMmoG5QLccDU5eAPSm8obzPoznX1b7eCFLeEmKK-vKgjiQ" 36 ) 37 38 func TestNewJWTWithClaimsForClient(t *testing.T) { 39 funcAssert := assert.New(t) 40 // Test-1 : NewEncryptedTokenForClient() is generated correctly without errors 41 function := "NewEncryptedTokenForClient()" 42 token, err := NewEncryptedTokenForClient(creds, "", nil) 43 if err != nil || token == "" { 44 t.Errorf("Failed on %s:, error occurred: %s", function, err) 45 } 46 // saving token for future tests 47 goodToken = token 48 // Test-2 : NewEncryptedTokenForClient() throws error because of empty credentials 49 if _, err = NewEncryptedTokenForClient(nil, "", nil); err != nil { 50 funcAssert.Equal("provided credentials are empty", err.Error()) 51 } 52 } 53 54 func TestJWTAuthenticate(t *testing.T) { 55 funcAssert := assert.New(t) 56 // Test-1 : SessionTokenAuthenticate() should correctly return the claims 57 function := "SessionTokenAuthenticate()" 58 claims, err := SessionTokenAuthenticate(goodToken) 59 if err != nil || claims == nil { 60 t.Errorf("Failed on %s:, error occurred: %s", function, err) 61 } else { 62 funcAssert.Equal(claims.STSAccessKeyID, creds.AccessKeyID) 63 funcAssert.Equal(claims.STSSecretAccessKey, creds.SecretAccessKey) 64 funcAssert.Equal(claims.STSSessionToken, creds.SessionToken) 65 } 66 // Test-2 : SessionTokenAuthenticate() return an error because of a tampered token 67 if _, err := SessionTokenAuthenticate(badToken); err != nil { 68 funcAssert.Equal("session token internal data is malformed", err.Error()) 69 } 70 // Test-3 : SessionTokenAuthenticate() return an error because of an empty token 71 if _, err := SessionTokenAuthenticate(""); err != nil { 72 funcAssert.Equal("session token missing", err.Error()) 73 } 74 } 75 76 func TestSessionTokenValid(t *testing.T) { 77 funcAssert := assert.New(t) 78 // Test-1 : SessionTokenAuthenticate() provided token is valid 79 funcAssert.Equal(true, IsSessionTokenValid(goodToken)) 80 // Test-2 : SessionTokenAuthenticate() provided token is invalid 81 funcAssert.Equal(false, IsSessionTokenValid(badToken)) 82 }