Lakhan Samani
90
server/test/validate_jwt_token_test.go
Normal file
90
server/test/validate_jwt_token_test.go
Normal file
@@ -0,0 +1,90 @@
|
||||
package test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
||||
t.Helper()
|
||||
_, ctx := createContext(s)
|
||||
t.Run(`validate params`, func(t *testing.T) {
|
||||
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token",
|
||||
Token: "",
|
||||
})
|
||||
assert.False(t, res.IsValid)
|
||||
res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token",
|
||||
Token: "invalid",
|
||||
})
|
||||
assert.False(t, res.IsValid)
|
||||
_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token_invalid",
|
||||
Token: "invalid@invalid",
|
||||
})
|
||||
assert.Error(t, err, "invalid token")
|
||||
})
|
||||
|
||||
scope := []string{"openid", "email", "profile", "offline_access"}
|
||||
user := models.User{
|
||||
ID: uuid.New().String(),
|
||||
Email: "jwt_test_" + s.TestInfo.Email,
|
||||
Roles: "user",
|
||||
UpdatedAt: time.Now().Unix(),
|
||||
CreatedAt: time.Now().Unix(),
|
||||
}
|
||||
|
||||
roles := []string{"user"}
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
assert.NoError(t, err)
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
||||
sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
|
||||
sessionstore.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
|
||||
|
||||
t.Run(`should validate the access token`, func(t *testing.T) {
|
||||
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token",
|
||||
Token: authToken.AccessToken.Token,
|
||||
Roles: []string{"user"},
|
||||
})
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, res.IsValid)
|
||||
|
||||
res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token",
|
||||
Token: authToken.AccessToken.Token,
|
||||
Roles: []string{"invalid_role"},
|
||||
})
|
||||
|
||||
assert.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run(`should validate the refresh token`, func(t *testing.T) {
|
||||
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "refresh_token",
|
||||
Token: authToken.RefreshToken.Token,
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, res.IsValid)
|
||||
})
|
||||
|
||||
t.Run(`should validate the id token`, func(t *testing.T) {
|
||||
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "id_token",
|
||||
Token: authToken.IDToken.Token,
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, res.IsValid)
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user