package jsonweb import ( "reflect" "testing" "github.com/dgrijalva/jwt-go" "github.com/google/go-cmp/cmp" "github.com/influxdata/influxdb/v2" ) var ( one = influxdb.ID(1) two = influxdb.ID(2) keyStore = KeyStoreFunc(func(kid string) ([]byte, error) { if kid != "some-key" { return nil, ErrKeyNotFound } return []byte("correct-key"), nil }) ) func Test_TokenParser(t *testing.T) { for _, test := range []struct { name string keyStore KeyStore input string // expectations token *Token err error }{ { name: "happy path", input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjbG91ZDIuaW5mbHV4ZGF0YS5jb20iLCJhdWQiOiJnYXRld2F5LmluZmx1eGRhdGEuY29tIiwiaWF0IjoxNTY4NjI4OTgwLCJraWQiOiJzb21lLWtleSIsInBlcm1pc3Npb25zIjpbeyJhY3Rpb24iOiJ3cml0ZSIsInJlc291cmNlIjp7InR5cGUiOiJidWNrZXRzIiwiaWQiOiIwMDAwMDAwMDAwMDAwMDAxIiwib3JnSUQiOiIwMDAwMDAwMDAwMDAwMDAyIn19XX0.74vjbExiOd702VSIMmQWaDT_GFvUI0-_P-SfQ_OOHB0", token: &Token{ StandardClaims: jwt.StandardClaims{ Issuer: "cloud2.influxdata.com", Audience: "gateway.influxdata.com", IssuedAt: 1568628980, }, KeyID: "some-key", Permissions: []influxdb.Permission{ { Action: influxdb.WriteAction, Resource: influxdb.Resource{ Type: influxdb.BucketsResourceType, ID: &one, OrgID: &two, }, }, }, }, }, { name: "key not found", input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjbG91ZDIuaW5mbHV4ZGF0YS5jb20iLCJhdWQiOiJnYXRld2F5LmluZmx1eGRhdGEuY29tIiwiaWF0IjoxNTY4NjMxMTQ0LCJraWQiOiJzb21lLW90aGVyLWtleSIsInBlcm1pc3Npb25zIjpbeyJhY3Rpb24iOiJyZWFkIiwicmVzb3VyY2UiOnsidHlwZSI6InRhc2tzIiwiaWQiOiIwMDAwMDAwMDAwMDAwMDAzIiwib3JnSUQiOiIwMDAwMDAwMDAwMDAwMDA0In19XX0.QVXJ3kGP1gsxisNZe7QmphXox-vjZr6MAMbd00CQlfA", err: &jwt.ValidationError{ Inner: ErrKeyNotFound, Errors: jwt.ValidationErrorUnverifiable, }, }, { name: "invalid signature", input: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjbG91ZDIuaW5mbHV4ZGF0YS5jb20iLCJhdWQiOiJnYXRld2F5LmluZmx1eGRhdGEuY29tIiwiaWF0IjoxNTY4NjMxMTQ0LCJraWQiOiJzb21lLWtleSIsInBlcm1pc3Npb25zIjpbeyJhY3Rpb24iOiJyZWFkIiwicmVzb3VyY2UiOnsidHlwZSI6InRhc2tzIiwiaWQiOiIwMDAwMDAwMDAwMDAwMDAzIiwib3JnSUQiOiIwMDAwMDAwMDAwMDAwMDA0In19XX0.RwmNs5u6NnjNq9xTdAIERFrI5ow-6lJpND3jRrTwkaE", err: &jwt.ValidationError{ Inner: jwt.ErrSignatureInvalid, Errors: jwt.ValidationErrorSignatureInvalid, }, }, } { t.Run(test.name, func(t *testing.T) { parser := NewTokenParser(keyStore) token, err := parser.Parse(test.input) if !reflect.DeepEqual(test.err, err) { t.Errorf("expected %[1]s (%#[1]v), got %[2]s (%#[2]v)", test.err, err) } if diff := cmp.Diff(test.token, token); diff != "" { t.Errorf("unexpected token:\n%s", diff) } // if err is nil then token should be present if err == nil { // ensure this does not panic token.Identifier() } }) } }