Add unit tests for JWT -> session translation
This commit is contained in:
parent
187960e9d8
commit
69cb34a04e
@ -1,9 +1,11 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"crypto"
|
"crypto"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/coreos/go-oidc"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
@ -1134,6 +1136,53 @@ func TestClearSingleCookie(t *testing.T) {
|
|||||||
assert.Equal(t, 1, len(header["Set-Cookie"]), "should have 1 set-cookie header entries")
|
assert.Equal(t, 1, len(header["Set-Cookie"]), "should have 1 set-cookie header entries")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type NoOpKeySet struct {
|
||||||
|
}
|
||||||
|
|
||||||
|
func (NoOpKeySet) VerifySignature(ctx context.Context, jwt string) (payload []byte, err error) {
|
||||||
|
splitStrings := strings.Split(jwt, ".")
|
||||||
|
payloadString := splitStrings[1]
|
||||||
|
jsonString, err := base64.RawURLEncoding.DecodeString(payloadString)
|
||||||
|
return []byte(jsonString), err
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestGetJwtSession(t *testing.T) {
|
||||||
|
/* token payload:
|
||||||
|
{
|
||||||
|
"sub": "1234567890",
|
||||||
|
"aud": "https://test.myapp.com",
|
||||||
|
"name": "John Doe",
|
||||||
|
"email": "john@example.com",
|
||||||
|
"iss": "https://issuer.example.com",
|
||||||
|
"iat": 1553691215,
|
||||||
|
"exp": 1912151821
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
goodJwt := "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9." +
|
||||||
|
"eyJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjoiaHR0cHM6Ly90ZXN0Lm15YXBwLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImVtY" +
|
||||||
|
"WlsIjoiam9obkBleGFtcGxlLmNvbSIsImlzcyI6Imh0dHBzOi8vaXNzdWVyLmV4YW1wbGUuY29tIiwiaWF0IjoxNTUzNjkxMj" +
|
||||||
|
"E1LCJleHAiOjE5MTIxNTE4MjF9." +
|
||||||
|
"rLVyzOnEldUq_pNkfa-WiV8TVJYWyZCaM2Am_uo8FGg11zD7l-qmz3x1seTvqpH6Y0Ty00fmv6dJnGnC8WMnPXQiodRTfhBSe" +
|
||||||
|
"OKZMu0HkMD2sg52zlKkbfLTO6ic5VnbVgwjjrB8am_Ta6w7kyFUaB5C1BsIrrLMldkWEhynbb8"
|
||||||
|
|
||||||
|
keyset := NoOpKeySet{}
|
||||||
|
verifier := oidc.NewVerifier("https://issuer.example.com", keyset,
|
||||||
|
&oidc.Config{ClientID: "https://test.myapp.com", SkipExpiryCheck: true})
|
||||||
|
p := OAuthProxy{}
|
||||||
|
p.jwtBearerVerifiers = append(p.jwtBearerVerifiers, verifier)
|
||||||
|
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}}
|
||||||
|
|
||||||
|
// Bearer
|
||||||
|
getReq.Header = map[string][]string{
|
||||||
|
"Authorization": {fmt.Sprintf("Bearer %s", goodJwt)},
|
||||||
|
}
|
||||||
|
session, _ := p.GetJwtSession(getReq)
|
||||||
|
assert.Equal(t, session.User, "john")
|
||||||
|
assert.Equal(t, session.Email, "john@example.com")
|
||||||
|
assert.Equal(t, session.ExpiresOn, time.Unix(1912151821, 0))
|
||||||
|
assert.Equal(t, session.IDToken, goodJwt)
|
||||||
|
}
|
||||||
|
|
||||||
func TestFindJwtBearerToken(t *testing.T) {
|
func TestFindJwtBearerToken(t *testing.T) {
|
||||||
p := OAuthProxy{CookieName: "oauth2", CookieDomain: "abc"}
|
p := OAuthProxy{CookieName: "oauth2", CookieDomain: "abc"}
|
||||||
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}}
|
getReq := &http.Request{URL: &url.URL{Scheme: "http", Host: "example.com"}}
|
||||||
|
Loading…
Reference in New Issue
Block a user