Skip to content

Commit 1d52acc

Browse files
rmb938rmb938
committed
add auth barrier tests
1 parent 76bde95 commit 1d52acc

File tree

1 file changed

+213
-0
lines changed

1 file changed

+213
-0
lines changed

handlers/handler_test.go

+213
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,213 @@
1+
package handlers
2+
3+
import (
4+
"testing"
5+
6+
"net/http/httptest"
7+
8+
"net/http"
9+
10+
"crypto/rsa"
11+
"time"
12+
13+
"fmt"
14+
"io/ioutil"
15+
16+
"crypto/rand"
17+
18+
"github.com/dgrijalva/jwt-go"
19+
"github.com/gaia-pipeline/gaia"
20+
"github.com/labstack/echo"
21+
)
22+
23+
func makeAuthBarrierRouter() *echo.Echo {
24+
e := echo.New()
25+
r := e.Router()
26+
e.Use(authBarrier)
27+
28+
r.Add(echo.GET, "/auth", func(c echo.Context) error {
29+
return c.NoContent(200)
30+
})
31+
32+
return e
33+
}
34+
35+
func TestAuthBarrierNoToken(t *testing.T) {
36+
e := makeAuthBarrierRouter()
37+
38+
req := httptest.NewRequest(echo.GET, "/auth", nil)
39+
rec := httptest.NewRecorder()
40+
e.ServeHTTP(rec, req)
41+
42+
if rec.Code != http.StatusForbidden {
43+
t.Fatalf("expected response code %v got %v", http.StatusForbidden, rec.Code)
44+
}
45+
}
46+
47+
func TestAuthBarrierBadHeader(t *testing.T) {
48+
e := makeAuthBarrierRouter()
49+
50+
req := httptest.NewRequest(echo.GET, "/auth", nil)
51+
req.Header.Set("Authorization", "my-token")
52+
53+
rec := httptest.NewRecorder()
54+
e.ServeHTTP(rec, req)
55+
56+
if rec.Code != http.StatusForbidden {
57+
t.Fatalf("expected response code %v got %v", http.StatusForbidden, rec.Code)
58+
}
59+
}
60+
61+
func TestAuthBarrierHMACTokenWithHMACKey(t *testing.T) {
62+
e := makeAuthBarrierRouter()
63+
64+
defer func() {
65+
gaia.Cfg = nil
66+
}()
67+
68+
gaia.Cfg = &gaia.Config{
69+
JWTKey: []byte("hmac-jwt-key"),
70+
}
71+
72+
claims := jwtCustomClaims{
73+
"test-user",
74+
jwt.StandardClaims{
75+
ExpiresAt: time.Now().Unix() + jwtExpiry,
76+
IssuedAt: time.Now().Unix(),
77+
Subject: "Gaia Session Token",
78+
},
79+
}
80+
81+
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
82+
tokenstring, _ := token.SignedString(gaia.Cfg.JWTKey)
83+
84+
req := httptest.NewRequest(echo.GET, "/auth", nil)
85+
req.Header.Set("Authorization", "Bearer "+tokenstring)
86+
87+
rec := httptest.NewRecorder()
88+
e.ServeHTTP(rec, req)
89+
90+
if rec.Code != http.StatusOK {
91+
t.Fatalf("expected response code %v got %v", http.StatusOK, rec.Code)
92+
}
93+
}
94+
95+
func TestAuthBarrierRSATokenWithRSAKey(t *testing.T) {
96+
e := makeAuthBarrierRouter()
97+
98+
defer func() {
99+
gaia.Cfg = nil
100+
}()
101+
102+
key, _ := rsa.GenerateKey(rand.Reader, 2048)
103+
gaia.Cfg = &gaia.Config{
104+
JWTKey: key,
105+
}
106+
107+
claims := jwtCustomClaims{
108+
"test-user",
109+
jwt.StandardClaims{
110+
ExpiresAt: time.Now().Unix() + jwtExpiry,
111+
IssuedAt: time.Now().Unix(),
112+
Subject: "Gaia Session Token",
113+
},
114+
}
115+
116+
token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims)
117+
tokenstring, _ := token.SignedString(gaia.Cfg.JWTKey)
118+
119+
req := httptest.NewRequest(echo.GET, "/auth", nil)
120+
req.Header.Set("Authorization", "Bearer "+tokenstring)
121+
122+
rec := httptest.NewRecorder()
123+
e.ServeHTTP(rec, req)
124+
125+
if rec.Code != http.StatusOK {
126+
t.Fatalf("expected response code %v got %v", http.StatusOK, rec.Code)
127+
}
128+
}
129+
130+
func TestAuthBarrierHMACTokenWithRSAKey(t *testing.T) {
131+
e := makeAuthBarrierRouter()
132+
133+
defer func() {
134+
gaia.Cfg = nil
135+
}()
136+
137+
gaia.Cfg = &gaia.Config{
138+
JWTKey: &rsa.PrivateKey{},
139+
}
140+
141+
claims := jwtCustomClaims{
142+
"test-user",
143+
jwt.StandardClaims{
144+
ExpiresAt: time.Now().Unix() + jwtExpiry,
145+
IssuedAt: time.Now().Unix(),
146+
Subject: "Gaia Session Token",
147+
},
148+
}
149+
150+
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
151+
tokenstring, _ := token.SignedString([]byte("hmac-jwt-key"))
152+
153+
req := httptest.NewRequest(echo.GET, "/auth", nil)
154+
req.Header.Set("Authorization", "Bearer "+tokenstring)
155+
156+
rec := httptest.NewRecorder()
157+
e.ServeHTTP(rec, req)
158+
159+
if rec.Code != http.StatusForbidden {
160+
t.Fatalf("expected response code %v got %v", http.StatusForbidden, rec.Code)
161+
}
162+
163+
bodyBytes, _ := ioutil.ReadAll(rec.Body)
164+
body := string(bodyBytes)
165+
166+
signingMethodError := fmt.Sprintf("unexpected signing method: %v", token.Header["alg"])
167+
if body != signingMethodError {
168+
t.Fatalf("expected body '%v' got '%v'", signingMethodError, body)
169+
}
170+
}
171+
172+
func TestAuthBarrierRSATokenWithHMACKey(t *testing.T) {
173+
e := makeAuthBarrierRouter()
174+
175+
defer func() {
176+
gaia.Cfg = nil
177+
}()
178+
179+
gaia.Cfg = &gaia.Config{
180+
JWTKey: []byte("hmac-jwt-key"),
181+
}
182+
183+
claims := jwtCustomClaims{
184+
"test-user",
185+
jwt.StandardClaims{
186+
ExpiresAt: time.Now().Unix() + jwtExpiry,
187+
IssuedAt: time.Now().Unix(),
188+
Subject: "Gaia Session Token",
189+
},
190+
}
191+
192+
token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims)
193+
key, _ := rsa.GenerateKey(rand.Reader, 2048)
194+
tokenstring, _ := token.SignedString(key)
195+
196+
req := httptest.NewRequest(echo.GET, "/auth", nil)
197+
req.Header.Set("Authorization", "Bearer "+tokenstring)
198+
199+
rec := httptest.NewRecorder()
200+
e.ServeHTTP(rec, req)
201+
202+
if rec.Code != http.StatusForbidden {
203+
t.Fatalf("expected response code %v got %v", http.StatusForbidden, rec.Code)
204+
}
205+
206+
bodyBytes, _ := ioutil.ReadAll(rec.Body)
207+
body := string(bodyBytes)
208+
209+
signingMethodError := fmt.Sprintf("unexpected signing method: %v", token.Header["alg"])
210+
if body != signingMethodError {
211+
t.Fatalf("expected body '%v' got '%v'", signingMethodError, body)
212+
}
213+
}

0 commit comments

Comments
 (0)