diff options
| author | Greg Steuck <gnezdo@google.com> | 2021-07-28 11:03:25 -0700 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-07-30 18:21:17 +0200 |
| commit | 5bfcec7dfd4ba51d38b41cea770ecc96e7e59d4d (patch) | |
| tree | ef129d2b1e22acfd1c790c8189d7776a82daba91 /pkg/auth/auth_test.go | |
| parent | 14f590a6a765d9fbe53e2f7bacb5d9f6d7cb9063 (diff) | |
pkg/auth: move auth code into a new package for reuse in syz-hub
Diffstat (limited to 'pkg/auth/auth_test.go')
| -rw-r--r-- | pkg/auth/auth_test.go | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go new file mode 100644 index 000000000..13a9c5749 --- /dev/null +++ b/pkg/auth/auth_test.go @@ -0,0 +1,99 @@ +// Copyright 2021 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +package auth + +import ( + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/google/syzkaller/dashboard/dashapi" +) + +func reponseFor(t *testing.T, claims jwtClaims) (*httptest.Server, Endpoint) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + bytes, err := json.Marshal(jwtClaimsParse{ + Subject: claims.Subject, + Audience: claims.Audience, + Expiration: fmt.Sprint(claims.Expiration.Unix()), + }) + if err != nil { + t.Fatalf("Marshal %v", err) + } + w.Header()["Content-Type"] = []string{"application/json"} + w.Write(bytes) + })) + return ts, MakeEndpoint(ts.URL) +} + +func TestBearerValid(t *testing.T) { + tm := time.Now() + magic := "ValidSubj" + ts, dut := reponseFor(t, jwtClaims{ + Subject: magic, + Audience: dashapi.DashboardAudience, + Expiration: tm.AddDate(0, 0, 1), + }) + defer ts.Close() + + got, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"}) + if err != nil { + t.Errorf("Unexpected error %v", err) + } + if !strings.HasSuffix(got, magic) { + t.Errorf("Wrong subj %v not suffix of %v", magic, got) + } +} + +func TestBearerWrongAudience(t *testing.T) { + tm := time.Now() + ts, dut := reponseFor(t, jwtClaims{ + Subject: "irrelevant", + Expiration: tm.AddDate(0, 0, 1), + Audience: "junk", + }) + defer ts.Close() + + _, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"}) + if !strings.HasPrefix(err.Error(), "unexpected audience") { + t.Fatalf("Unexpected error %v", err) + } +} + +func TestBearerExpired(t *testing.T) { + tm := time.Now() + ts, dut := reponseFor(t, jwtClaims{ + Subject: "irrelevant", + Expiration: tm.AddDate(0, 0, -1), + Audience: dashapi.DashboardAudience, + }) + defer ts.Close() + + _, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"}) + if !strings.HasPrefix(err.Error(), "token past expiration") { + t.Fatalf("Unexpected error %v", err) + } +} + +func TestMissingHeader(t *testing.T) { + ts, dut := reponseFor(t, jwtClaims{}) + defer ts.Close() + got, err := dut.DetermineAuthSubj(time.Now(), []string{}) + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} + +func TestBadHeader(t *testing.T) { + ts, dut := reponseFor(t, jwtClaims{}) + defer ts.Close() + got, err := dut.DetermineAuthSubj(time.Now(), []string{"bad"}) + if err != nil || got != "" { + t.Errorf("Unexpected error %v %v", got, err) + } +} |