storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/jwt/parser_test.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/jwt/parser_test.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2020 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package jwt
    18  
    19  // This file is a re-implementation of the original code here with some
    20  // additional allocation tweaks reproduced using GODEBUG=allocfreetrace=1
    21  // original file https://github.com/dgrijalva/jwt-go/blob/master/parser.go
    22  // borrowed under MIT License https://github.com/dgrijalva/jwt-go/blob/master/LICENSE
    23  
    24  import (
    25  	"fmt"
    26  	"testing"
    27  	"time"
    28  
    29  	"github.com/dgrijalva/jwt-go"
    30  )
    31  
    32  var (
    33  	defaultKeyFunc = func(claim *MapClaims) ([]byte, error) { return []byte("HelloSecret"), nil }
    34  	emptyKeyFunc   = func(claim *MapClaims) ([]byte, error) { return nil, nil }
    35  	errorKeyFunc   = func(claim *MapClaims) ([]byte, error) { return nil, fmt.Errorf("error loading key") }
    36  )
    37  
    38  var jwtTestData = []struct {
    39  	name        string
    40  	tokenString string
    41  	keyfunc     func(*MapClaims) ([]byte, error)
    42  	claims      jwt.Claims
    43  	valid       bool
    44  	errors      int32
    45  }{
    46  	{
    47  		"basic",
    48  		"",
    49  		defaultKeyFunc,
    50  		&MapClaims{
    51  			MapClaims: jwt.MapClaims{
    52  				"foo": "bar",
    53  			},
    54  		},
    55  		true,
    56  		0,
    57  	},
    58  	{
    59  		"basic expired",
    60  		"", // autogen
    61  		defaultKeyFunc,
    62  		&MapClaims{
    63  			MapClaims: jwt.MapClaims{
    64  				"foo": "bar",
    65  				"exp": float64(time.Now().Unix() - 100),
    66  			},
    67  		},
    68  		false,
    69  		-1,
    70  	},
    71  	{
    72  		"basic nbf",
    73  		"", // autogen
    74  		defaultKeyFunc,
    75  		&MapClaims{
    76  			MapClaims: jwt.MapClaims{
    77  				"foo": "bar",
    78  				"nbf": float64(time.Now().Unix() + 100),
    79  			},
    80  		},
    81  		false,
    82  		-1,
    83  	},
    84  	{
    85  		"expired and nbf",
    86  		"", // autogen
    87  		defaultKeyFunc,
    88  		&MapClaims{
    89  			MapClaims: jwt.MapClaims{
    90  				"foo": "bar",
    91  				"nbf": float64(time.Now().Unix() + 100),
    92  				"exp": float64(time.Now().Unix() - 100),
    93  			},
    94  		},
    95  		false,
    96  		-1,
    97  	},
    98  	{
    99  		"basic invalid",
   100  		"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.EhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
   101  		defaultKeyFunc,
   102  		&MapClaims{
   103  			MapClaims: jwt.MapClaims{
   104  				"foo": "bar",
   105  			},
   106  		},
   107  		false,
   108  		-1,
   109  	},
   110  	{
   111  		"basic nokeyfunc",
   112  		"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
   113  		nil,
   114  		&MapClaims{
   115  			MapClaims: jwt.MapClaims{
   116  				"foo": "bar",
   117  			},
   118  		},
   119  		false,
   120  		-1,
   121  	},
   122  	{
   123  		"basic nokey",
   124  		"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
   125  		emptyKeyFunc,
   126  		&MapClaims{
   127  			MapClaims: jwt.MapClaims{
   128  				"foo": "bar",
   129  			},
   130  		},
   131  		false,
   132  		-1,
   133  	},
   134  	{
   135  		"basic errorkey",
   136  		"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJmb28iOiJiYXIifQ.FhkiHkoESI_cG3NPigFrxEk9Z60_oXrOT2vGm9Pn6RDgYNovYORQmmA0zs1AoAOf09ly2Nx2YAg6ABqAYga1AcMFkJljwxTT5fYphTuqpWdy4BELeSYJx5Ty2gmr8e7RonuUztrdD5WfPqLKMm1Ozp_T6zALpRmwTIW0QPnaBXaQD90FplAg46Iy1UlDKr-Eupy0i5SLch5Q-p2ZpaL_5fnTIUDlxC3pWhJTyx_71qDI-mAA_5lE_VdroOeflG56sSmDxopPEG3bFlSu1eowyBfxtu0_CuVd-M42RU75Zc4Gsj6uV77MBtbMrf4_7M_NUTSgoIF3fRqxrj0NzihIBg",
   137  		errorKeyFunc,
   138  		&MapClaims{
   139  			MapClaims: jwt.MapClaims{
   140  				"foo": "bar",
   141  			},
   142  		},
   143  		false,
   144  		-1,
   145  	},
   146  	{
   147  		"Standard Claims",
   148  		"",
   149  		defaultKeyFunc,
   150  		&StandardClaims{
   151  			StandardClaims: jwt.StandardClaims{
   152  				ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
   153  			},
   154  		},
   155  		true,
   156  		0,
   157  	},
   158  }
   159  
   160  func mapClaimsToken(claims *MapClaims) string {
   161  	claims.SetAccessKey("test")
   162  	j := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
   163  	tk, _ := j.SignedString([]byte("HelloSecret"))
   164  	return tk
   165  }
   166  
   167  func standardClaimsToken(claims *StandardClaims) string {
   168  	claims.AccessKey = "test"
   169  	claims.Subject = "test"
   170  	j := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
   171  	tk, _ := j.SignedString([]byte("HelloSecret"))
   172  	return tk
   173  }
   174  
   175  func TestParserParse(t *testing.T) {
   176  	// Iterate over test data set and run tests
   177  	for _, data := range jwtTestData {
   178  		data := data
   179  		t.Run(data.name, func(t *testing.T) {
   180  			// Parse the token
   181  			var err error
   182  
   183  			// Figure out correct claims type
   184  			switch claims := data.claims.(type) {
   185  			case *MapClaims:
   186  				if data.tokenString == "" {
   187  					data.tokenString = mapClaimsToken(claims)
   188  				}
   189  				err = ParseWithClaims(data.tokenString, &MapClaims{}, data.keyfunc)
   190  			case *StandardClaims:
   191  				if data.tokenString == "" {
   192  					data.tokenString = standardClaimsToken(claims)
   193  				}
   194  				err = ParseWithStandardClaims(data.tokenString, &StandardClaims{}, []byte("HelloSecret"))
   195  			}
   196  
   197  			if data.valid && err != nil {
   198  				t.Errorf("Error while verifying token: %T:%v", err, err)
   199  			}
   200  
   201  			if !data.valid && err == nil {
   202  				t.Errorf("Invalid token passed validation")
   203  			}
   204  
   205  			if data.errors != 0 {
   206  				_, ok := err.(*jwt.ValidationError)
   207  				if !ok {
   208  					t.Errorf("Expected *jwt.ValidationError, but got %#v instead", err)
   209  				}
   210  			}
   211  		})
   212  	}
   213  }