Add unit tests for JWT -> session translation

This commit is contained in:
Brian Van Klaveren 2019-04-26 19:16:45 -07:00
parent 187960e9d8
commit 69cb34a04e

View File

@ -1,9 +1,11 @@
package main package main
import ( import (
"context"
"crypto" "crypto"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"github.com/coreos/go-oidc"
"io" "io"
"io/ioutil" "io/ioutil"
"net" "net"
@ -1134,6 +1136,53 @@ func TestClearSingleCookie(t *testing.T) {
assert.Equal(t, 1, len(header["Set-Cookie"]), "should have 1 set-cookie header entries") assert.Equal(t, 1, len(header["Set-Cookie"]), "should have 1 set-cookie header entries")
} }
type NoOpKeySet struct {
}
func (NoOpKeySet) VerifySignature(ctx context.Context, jwt string) (payload []byte, err error) {
splitStrings := strings.Split(jwt, ".")
payloadString := splitStrings[1]
jsonString, err := base64.RawURLEncoding.DecodeString(payloadString)
return []byte(jsonString), err
}
func TestGetJwtSession(t *testing.T) {
/* token payload:
{
"sub": "1234567890",
"aud": "https://test.myapp.com",
"name": "John Doe",
"email": "john@example.com",
"iss": "https://issuer.example.com",
"iat": 1553691215,
"exp": 1912151821
}
*/
goodJwt := "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9." +
"eyJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjoiaHR0cHM6Ly90ZXN0Lm15YXBwLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImVtY" +
"WlsIjoiam9obkBleGFtcGxlLmNvbSIsImlzcyI6Imh0dHBzOi8vaXNzdWVyLmV4YW1wbGUuY29tIiwiaWF0IjoxNTUzNjkxMj" +
"E1LCJleHAiOjE5MTIxNTE4MjF9." +
"rLVyzOnEldUq_pNkfa-WiV8TVJYWyZCaM2Am_uo8FGg11zD7l-qmz3x1seTvqpH6Y0Ty00fmv6dJnGnC8WMnPXQiodRTfhBSe" +
"OKZMu0HkMD2sg52zlKkbfLTO6ic5VnbVgwjjrB8am_Ta6w7kyFUaB5C1BsIrrLMldkWEhynbb8"
keyset := NoOpKeySet{}
verifier := oidc.NewVerifier("https://issuer.example.com", keyset,
&oidc.Config{ClientID: "https://test.myapp.com", SkipExpiryCheck: true})
p := OAuthProxy{}
p.jwtBearerVerifiers = append(p.jwtBearerVerifiers, verifier)
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}}
// Bearer
getReq.Header = map[string][]string{
"Authorization": {fmt.Sprintf("Bearer %s", goodJwt)},
}
session, _ := p.GetJwtSession(getReq)
assert.Equal(t, session.User, "john")
assert.Equal(t, session.Email, "john@example.com")
assert.Equal(t, session.ExpiresOn, time.Unix(1912151821, 0))
assert.Equal(t, session.IDToken, goodJwt)
}
func TestFindJwtBearerToken(t *testing.T) { func TestFindJwtBearerToken(t *testing.T) {
p := OAuthProxy{CookieName: "oauth2", CookieDomain: "abc"} p := OAuthProxy{CookieName: "oauth2", CookieDomain: "abc"}
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}} getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}}