aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/auth/auth_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/auth/auth_test.go')
-rw-r--r--pkg/auth/auth_test.go99
1 files changed, 99 insertions, 0 deletions
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
new file mode 100644
index 000000000..13a9c5749
--- /dev/null
+++ b/pkg/auth/auth_test.go
@@ -0,0 +1,99 @@
+// Copyright 2021 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package auth
+
+import (
+ "encoding/json"
+ "fmt"
+ "net/http"
+ "net/http/httptest"
+ "strings"
+ "testing"
+ "time"
+
+ "github.com/google/syzkaller/dashboard/dashapi"
+)
+
+func reponseFor(t *testing.T, claims jwtClaims) (*httptest.Server, Endpoint) {
+ ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ bytes, err := json.Marshal(jwtClaimsParse{
+ Subject: claims.Subject,
+ Audience: claims.Audience,
+ Expiration: fmt.Sprint(claims.Expiration.Unix()),
+ })
+ if err != nil {
+ t.Fatalf("Marshal %v", err)
+ }
+ w.Header()["Content-Type"] = []string{"application/json"}
+ w.Write(bytes)
+ }))
+ return ts, MakeEndpoint(ts.URL)
+}
+
+func TestBearerValid(t *testing.T) {
+ tm := time.Now()
+ magic := "ValidSubj"
+ ts, dut := reponseFor(t, jwtClaims{
+ Subject: magic,
+ Audience: dashapi.DashboardAudience,
+ Expiration: tm.AddDate(0, 0, 1),
+ })
+ defer ts.Close()
+
+ got, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"})
+ if err != nil {
+ t.Errorf("Unexpected error %v", err)
+ }
+ if !strings.HasSuffix(got, magic) {
+ t.Errorf("Wrong subj %v not suffix of %v", magic, got)
+ }
+}
+
+func TestBearerWrongAudience(t *testing.T) {
+ tm := time.Now()
+ ts, dut := reponseFor(t, jwtClaims{
+ Subject: "irrelevant",
+ Expiration: tm.AddDate(0, 0, 1),
+ Audience: "junk",
+ })
+ defer ts.Close()
+
+ _, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"})
+ if !strings.HasPrefix(err.Error(), "unexpected audience") {
+ t.Fatalf("Unexpected error %v", err)
+ }
+}
+
+func TestBearerExpired(t *testing.T) {
+ tm := time.Now()
+ ts, dut := reponseFor(t, jwtClaims{
+ Subject: "irrelevant",
+ Expiration: tm.AddDate(0, 0, -1),
+ Audience: dashapi.DashboardAudience,
+ })
+ defer ts.Close()
+
+ _, err := dut.DetermineAuthSubj(tm, []string{"Bearer x"})
+ if !strings.HasPrefix(err.Error(), "token past expiration") {
+ t.Fatalf("Unexpected error %v", err)
+ }
+}
+
+func TestMissingHeader(t *testing.T) {
+ ts, dut := reponseFor(t, jwtClaims{})
+ defer ts.Close()
+ got, err := dut.DetermineAuthSubj(time.Now(), []string{})
+ if err != nil || got != "" {
+ t.Errorf("Unexpected error %v %v", got, err)
+ }
+}
+
+func TestBadHeader(t *testing.T) {
+ ts, dut := reponseFor(t, jwtClaims{})
+ defer ts.Close()
+ got, err := dut.DetermineAuthSubj(time.Now(), []string{"bad"})
+ if err != nil || got != "" {
+ t.Errorf("Unexpected error %v %v", got, err)
+ }
+}
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 21:22:59 +0000