Update tests for refreshing jwts
parent
7c048e8135
commit
017b01d384
|
@ -22,10 +22,14 @@ func (m *MockTokenizer) ValidPrincipal(ctx context.Context, token Token, duratio
|
|||
return m.Principal, m.ValidErr
|
||||
}
|
||||
|
||||
func (m *MockTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
|
||||
func (m *MockTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
|
||||
return m.Token, m.CreateErr
|
||||
}
|
||||
|
||||
func (m *MockTokenizer) ExtendPrincipal(ctx context.Context, principal Principal, extension time.Duration) (Principal, error) {
|
||||
return principal, nil
|
||||
}
|
||||
|
||||
func TestCookieAuthorize(t *testing.T) {
|
||||
var test = []struct {
|
||||
Desc string
|
||||
|
@ -48,7 +52,7 @@ func TestCookieAuthorize(t *testing.T) {
|
|||
}
|
||||
for _, test := range test {
|
||||
cook := cookie{
|
||||
Duration: 1 * time.Second,
|
||||
Lifespan: 1 * time.Second,
|
||||
Now: func() time.Time {
|
||||
return time.Unix(0, 0)
|
||||
},
|
||||
|
@ -121,8 +125,9 @@ func TestCookieValidate(t *testing.T) {
|
|||
})
|
||||
|
||||
cook := cookie{
|
||||
Name: test.Lookup,
|
||||
Duration: 1 * time.Second,
|
||||
Name: test.Lookup,
|
||||
Lifespan: 1 * time.Second,
|
||||
Inactivity: DefaultInactivityDuration,
|
||||
Now: func() time.Time {
|
||||
return time.Unix(0, 0)
|
||||
},
|
||||
|
@ -133,7 +138,8 @@ func TestCookieValidate(t *testing.T) {
|
|||
ValidErr: test.ValidErr,
|
||||
},
|
||||
}
|
||||
principal, err := cook.Validate(context.Background(), req)
|
||||
w := httptest.NewRecorder()
|
||||
principal, err := cook.Validate(context.Background(), w, req)
|
||||
if err != test.Err {
|
||||
t.Errorf("Cookie extract error; expected %v actual %v", test.Err, err)
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
)
|
||||
|
||||
func TestAuthenticate(t *testing.T) {
|
||||
history := time.Unix(-446774400, 0)
|
||||
var tests = []struct {
|
||||
Desc string
|
||||
Secret string
|
||||
|
@ -33,7 +34,9 @@ func TestAuthenticate(t *testing.T) {
|
|||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
|
||||
Duration: time.Second,
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
ExpiresAt: history.Add(time.Second),
|
||||
IssuedAt: history,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -42,7 +45,9 @@ func TestAuthenticate(t *testing.T) {
|
|||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAxLCJuYmYiOi00NDY3NzQ0MDB9.vWXdm0-XQ_pW62yBpSISFFJN_yz0vqT9_INcUKTp5Q8",
|
||||
Duration: time.Second,
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "",
|
||||
Subject: "",
|
||||
ExpiresAt: history.Add(time.Second),
|
||||
IssuedAt: history,
|
||||
},
|
||||
Err: errors.New("token is expired by 1s"),
|
||||
},
|
||||
|
@ -52,7 +57,9 @@ func TestAuthenticate(t *testing.T) {
|
|||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQzOTl9.TMGAhv57u1aosjc4ywKC7cElP1tKyQH7GmRF2ToAxlE",
|
||||
Duration: time.Second,
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "",
|
||||
Subject: "",
|
||||
ExpiresAt: history.Add(time.Second),
|
||||
IssuedAt: history,
|
||||
},
|
||||
Err: errors.New("token is not valid yet"),
|
||||
},
|
||||
|
@ -62,7 +69,9 @@ func TestAuthenticate(t *testing.T) {
|
|||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOi00NDY3NzQ0MDAsImV4cCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwfQ.gxsA6_Ei3s0f2I1TAtrrb8FmGiO25OqVlktlF_ylhX4",
|
||||
Duration: time.Second,
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "",
|
||||
Subject: "",
|
||||
ExpiresAt: history.Add(time.Second),
|
||||
IssuedAt: history,
|
||||
},
|
||||
Err: errors.New("claim has no subject"),
|
||||
},
|
||||
|
@ -72,18 +81,12 @@ func TestAuthenticate(t *testing.T) {
|
|||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0NDAwLCJuYmYiOi00NDY3NzQ0MDB9._rZ4gOIei9PizHOABH6kLcJTA3jm8ls0YnDxtz1qeUI",
|
||||
Duration: 500 * time.Hour,
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
ExpiresAt: history,
|
||||
IssuedAt: history,
|
||||
},
|
||||
Err: errors.New("claims duration is different from auth duration"),
|
||||
},
|
||||
{
|
||||
Desc: "Test valid EverlastingClaim",
|
||||
Secret: "secret",
|
||||
Token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIiwibmFtZSI6IkRvYyBCcm93biIsImlhdCI6LTQ0Njc3NDQwMCwiZXhwIjotNDQ2Nzc0Mzk5LCJuYmYiOi00NDY3NzQ0MDB9.Ga0zGXWTT2CBVnnIhIO5tUAuBEVk4bKPaT4t4MU1ngo",
|
||||
Principal: oauth2.Principal{
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
j := oauth2.JWT{
|
||||
|
@ -107,18 +110,20 @@ func TestAuthenticate(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestToken(t *testing.T) {
|
||||
duration := time.Second
|
||||
expected := oauth2.Token("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOi00NDY3NzQzOTksImlhdCI6LTQ0Njc3NDQwMCwibmJmIjotNDQ2Nzc0NDAwLCJzdWIiOiIvY2hyb25vZ3JhZi92MS91c2Vycy8xIn0.ofQM6yTmrmve5JeEE0RcK4_euLXuZ_rdh6bLAbtbC9M")
|
||||
history := time.Unix(-446774400, 0)
|
||||
j := oauth2.JWT{
|
||||
Secret: "secret",
|
||||
Now: func() time.Time {
|
||||
return time.Unix(-446774400, 0)
|
||||
return history
|
||||
},
|
||||
}
|
||||
p := oauth2.Principal{
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
Subject: "/chronograf/v1/users/1",
|
||||
ExpiresAt: history.Add(time.Second),
|
||||
IssuedAt: history,
|
||||
}
|
||||
if token, err := j.Create(context.Background(), p, duration); err != nil {
|
||||
if token, err := j.Create(context.Background(), p); err != nil {
|
||||
t.Errorf("Error creating token for principal: %v", err)
|
||||
} else if token != expected {
|
||||
t.Errorf("Error creating token; expected: %s actual: %s", expected, token)
|
||||
|
|
|
@ -30,10 +30,11 @@ func setupMuxTest(selector func(*AuthMux) http.Handler) (*http.Client, *httptest
|
|||
mp := &MockProvider{"biff@example.com", provider.URL}
|
||||
mt := &YesManTokenizer{}
|
||||
auth := &cookie{
|
||||
Name: DefaultCookieName,
|
||||
Duration: 1 * time.Hour,
|
||||
Now: now,
|
||||
Tokens: mt,
|
||||
Name: DefaultCookieName,
|
||||
Lifespan: 1 * time.Hour,
|
||||
Inactivity: DefaultInactivityDuration,
|
||||
Now: now,
|
||||
Tokens: mt,
|
||||
}
|
||||
|
||||
jm := NewAuthMux(mp, auth, mt, clog.New(clog.ParseLevel("debug")))
|
||||
|
|
|
@ -63,10 +63,14 @@ func (y *YesManTokenizer) ValidPrincipal(ctx context.Context, token Token, durat
|
|||
}, nil
|
||||
}
|
||||
|
||||
func (y *YesManTokenizer) Create(ctx context.Context, p Principal, t time.Duration) (Token, error) {
|
||||
func (y *YesManTokenizer) Create(ctx context.Context, p Principal) (Token, error) {
|
||||
return Token("HELLO?!MCFLY?!ANYONEINTHERE?!"), nil
|
||||
}
|
||||
|
||||
func (y *YesManTokenizer) ExtendPrincipal(ctx context.Context, p Principal, ext time.Duration) (Principal, error) {
|
||||
return p, nil
|
||||
}
|
||||
|
||||
func NewTestTripper(log chronograf.Logger, ts *httptest.Server, rt http.RoundTripper) (*TestTripper, error) {
|
||||
url, err := url.Parse(ts.URL)
|
||||
if err != nil {
|
||||
|
|
|
@ -18,7 +18,7 @@ type MockAuthenticator struct {
|
|||
Serialized string
|
||||
}
|
||||
|
||||
func (m *MockAuthenticator) Validate(context.Context, *http.Request) (oauth2.Principal, error) {
|
||||
func (m *MockAuthenticator) Validate(context.Context, http.ResponseWriter, *http.Request) (oauth2.Principal, error) {
|
||||
return m.Principal, m.ValidateErr
|
||||
}
|
||||
func (m *MockAuthenticator) Authorize(ctx context.Context, w http.ResponseWriter, p oauth2.Principal) error {
|
||||
|
|
Loading…
Reference in New Issue