From 1f058f954daf8319c18700eab189ef86933c262c Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Sat, 12 Feb 2022 19:26:37 +0530 Subject: [PATCH] Add test for jwt tokens --- server/test/jwt_test.go | 143 ++++++++++++++++++++++++++++++++++++++++ server/token/jwt.go | 8 ++- 2 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 server/test/jwt_test.go diff --git a/server/test/jwt_test.go b/server/test/jwt_test.go new file mode 100644 index 0000000..185e028 --- /dev/null +++ b/server/test/jwt_test.go @@ -0,0 +1,143 @@ +package test + +import ( + "testing" + "time" + + "github.com/authorizerdev/authorizer/server/constants" + "github.com/authorizerdev/authorizer/server/envstore" + "github.com/authorizerdev/authorizer/server/token" + "github.com/golang-jwt/jwt" + "github.com/stretchr/testify/assert" +) + +func TestJwt(t *testing.T) { + claims := jwt.MapClaims{ + "exp": time.Now().Add(time.Minute * 30).Unix(), + "iat": time.Now().Unix(), + "email": "test@yopmail.com", + } + + // persist older data till test is done and then reset it + jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType) + jwtSecret := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret) + + t.Run("invalid jwt type", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "invalid") + token, err := token.SignJWTToken(claims) + assert.Error(t, err, "unsupported signing method") + assert.Empty(t, token) + }) + t.Run("expired jwt token", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256") + expiredClaims := jwt.MapClaims{ + "exp": time.Now().Add(-time.Minute * 30).Unix(), + "iat": time.Now().Unix(), + "email": "test@yopmail.com", + } + jwtToken, err := token.SignJWTToken(expiredClaims) + assert.NoError(t, err) + _, err = token.ParseJWTToken(jwtToken) + assert.Error(t, err, err.Error(), "Token is expired") + }) + t.Run("HMAC algorithms", func(t *testing.T) { + t.Run("HS256", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("HS384", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS384") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("HS512", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS512") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + }) + + t.Run("RSA algorithms", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, "-----BEGIN RSA PRIVATE KEY-----\nMIICWgIBAAKBgHUQac/v0f3c8m4L9BMWfxBiEzkdV5CoaqfxhO5IwAX/1cs0WceN\njM7g/qzC7YmEOSiYqupiRtsyn6riz0xT/VUg4uv1uZ/muC6EVfOjR5Ack3Brquql\nD+oMxN4CeA0Wzp2dEV4N3Gv7wWHdhg9ZSc4g6+ZUdlkhIPfeO9RNK9pPAgMBAAEC\ngYBqLrIbp0dNQn0vbm48ZhppDNys4L2NfAYKQZs23Aw5JN6Si/CnffBrsk+u+ryl\nEKcb+KaHJQ9qQdfsFAC+FizhMQy0Dq9yw6shnqHX+paB6E6z2/vX8ToPzJRwxBY3\nyuaetCEpSXR7pQEd5YWDTUH7qYnb9FObD+umhVvmlsTHCQJBALagPmexu0DvMXKZ\nWdplik6eXg9lptiuj5MYqitEUyzU9E9HNeHKlZM7szGeWG3jNduoKcyo4M0Flvt9\ncP+soVUCQQCkGOQ5Y3/GoZmclKWMVwqGdmL6wEjhNfg4PRfgUalHBif9Q1KnM8FP\nAvIqIH8bttRfyT185WmaM2gml0ApwF0TAkBVil9QoK4t7xvBKtUsd809n+481gc9\njR4Q70edtoYjBKhejeNOHF7NNPRtNFcFOZybg3v4sc2CGrEqoQoRp+F1AkBeLmMe\nhPrbF/jAI5h4WaSS0/OvExlBGOaj8Hx5pKTRPLlK5I7VpCC4pmoyv3/0ehSd/TQr\nMMhRVlvaeki7Lcq9AkBravJUadVCAIsB6oh03mo8gUFFFqXDyEl6BiJYqrjCQ5wd\nAQYJGbqQvgjPxN9+PTPldDNi6KVXntSg5gF/dA+Z\n-----END RSA PRIVATE KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHUQac/v0f3c8m4L9BMWfxBiEzkd\nV5CoaqfxhO5IwAX/1cs0WceNjM7g/qzC7YmEOSiYqupiRtsyn6riz0xT/VUg4uv1\nuZ/muC6EVfOjR5Ack3BrquqlD+oMxN4CeA0Wzp2dEV4N3Gv7wWHdhg9ZSc4g6+ZU\ndlkhIPfeO9RNK9pPAgMBAAE=\n-----END PUBLIC KEY-----") + t.Run("RS256", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS256") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("RS384", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS384") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("RS512", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS512") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + }) + + t.Run("ECDSA algorithms", func(t *testing.T) { + t.Run("ES256", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2\nOF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r\n1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G\n-----END PRIVATE KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9\nq9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==\n-----END PUBLIC KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES256") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("ES384", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, "-----BEGIN PRIVATE KEY-----\nMIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCAHpFQ62QnGCEvYh/p\nE9QmR1C9aLcDItRbslbmhen/h1tt8AyMhskeenT+rAyyPhGhZANiAAQLW5ZJePZz\nMIPAxMtZXkEWbDF0zo9f2n4+T1h/2sh/fviblc/VTyrv10GEtIi5qiOy85Pf1RRw\n8lE5IPUWpgu553SteKigiKLUPeNpbqmYZUkWGh3MLfVzLmx85ii2vMU=\n-----END PRIVATE KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEC1uWSXj2czCDwMTLWV5BFmwxdM6PX9p+\nPk9Yf9rIf374m5XP1U8q79dBhLSIuaojsvOT39UUcPJROSD1FqYLued0rXiooIii\n1D3jaW6pmGVJFhodzC31cy5sfOYotrzF\n-----END PUBLIC KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES384") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + t.Run("ES512", func(t *testing.T) { + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, "-----BEGIN PRIVATE KEY-----\nMIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBiyAa7aRHFDCh2qga\n9sTUGINE5jHAFnmM8xWeT/uni5I4tNqhV5Xx0pDrmCV9mbroFtfEa0XVfKuMAxxf\nZ6LM/yKhgYkDgYYABAGBzgdnP798FsLuWYTDDQA7c0r3BVk8NnRUSexpQUsRilPN\nv3SchO0lRw9Ru86x1khnVDx+duq4BiDFcvlSAcyjLACJvjvoyTLJiA+TQFdmrear\njMiZNE25pT2yWP1NUndJxPcvVtfBW48kPOmvkY4WlqP5bAwCXwbsKrCgk6xbsp12\new==\n-----END PRIVATE KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBgc4HZz+/fBbC7lmEww0AO3NK9wVZ\nPDZ0VEnsaUFLEYpTzb90nITtJUcPUbvOsdZIZ1Q8fnbquAYgxXL5UgHMoywAib47\n6MkyyYgPk0BXZq3mq4zImTRNuaU9slj9TVJ3ScT3L1bXwVuPJDzpr5GOFpaj+WwM\nAl8G7CqwoJOsW7Kddns=\n-----END PUBLIC KEY-----") + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES512") + jwtToken, err := token.SignJWTToken(claims) + assert.NoError(t, err) + assert.NotEmpty(t, jwtToken) + c, err := token.ParseJWTToken(jwtToken) + assert.NoError(t, err) + assert.Equal(t, c["email"].(string), claims["email"]) + }) + }) + + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, jwtType) + envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtSecret, jwtSecret) +} diff --git a/server/token/jwt.go b/server/token/jwt.go index 6c517b1..ee64695 100644 --- a/server/token/jwt.go +++ b/server/token/jwt.go @@ -12,7 +12,13 @@ import ( func SignJWTToken(claims jwt.MapClaims) (string, error) { jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType) signingMethod := jwt.GetSigningMethod(jwtType) + if signingMethod == nil { + return "", errors.New("unsupported signing method") + } t := jwt.New(signingMethod) + if t == nil { + return "", errors.New("unsupported signing method") + } t.Claims = claims switch signingMethod { @@ -45,7 +51,7 @@ func ParseJWTToken(token string) (jwt.MapClaims, error) { switch signingMethod { case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512: - _, err = jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) { + _, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) { return []byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil }) case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512: