imported jwt module
This commit is contained in:
107
jwt/validate_test.go
Normal file
107
jwt/validate_test.go
Normal file
@@ -0,0 +1,107 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/DATA-DOG/go-sqlmock"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func newGeneratorWithMockDB(t *testing.T) (*TokenGenerator, sqlmock.Sqlmock, func()) {
|
||||
db, mock, err := sqlmock.New()
|
||||
require.NoError(t, err)
|
||||
|
||||
gen, err := CreateGenerator(
|
||||
15,
|
||||
60,
|
||||
5,
|
||||
"example.com",
|
||||
"supersecret",
|
||||
db,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
return gen, mock, func() { db.Close() }
|
||||
}
|
||||
|
||||
func expectNotRevoked(mock sqlmock.Sqlmock, jti any) {
|
||||
mock.ExpectBegin()
|
||||
mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`).
|
||||
WithArgs(jti).
|
||||
WillReturnRows(sqlmock.NewRows([]string{}))
|
||||
mock.ExpectCommit()
|
||||
}
|
||||
|
||||
func TestValidateAccess_Success(t *testing.T) {
|
||||
gen, mock, cleanup := newGeneratorWithMockDB(t)
|
||||
defer cleanup()
|
||||
|
||||
tokenStr, _, err := gen.NewAccess(42, true, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
// We don't know the JTI beforehand; match any arg
|
||||
expectNotRevoked(mock, sqlmock.AnyArg())
|
||||
|
||||
token, err := gen.ValidateAccess(context.Background(), tokenStr)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 42, token.SUB)
|
||||
require.Equal(t, "access", token.Scope)
|
||||
}
|
||||
|
||||
func TestValidateAccess_NoDB(t *testing.T) {
|
||||
gen := newGeneratorWithNoDB(t)
|
||||
|
||||
tokenStr, _, err := gen.NewAccess(42, true, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
token, err := gen.ValidateAccess(context.Background(), tokenStr)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 42, token.SUB)
|
||||
require.Equal(t, "access", token.Scope)
|
||||
}
|
||||
|
||||
func TestValidateRefresh_Success(t *testing.T) {
|
||||
gen, mock, cleanup := newGeneratorWithMockDB(t)
|
||||
defer cleanup()
|
||||
|
||||
tokenStr, _, err := gen.NewRefresh(42, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
expectNotRevoked(mock, sqlmock.AnyArg())
|
||||
|
||||
token, err := gen.ValidateRefresh(context.Background(), tokenStr)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 42, token.SUB)
|
||||
require.Equal(t, "refresh", token.Scope)
|
||||
}
|
||||
|
||||
func TestValidateRefresh_NoDB(t *testing.T) {
|
||||
gen := newGeneratorWithNoDB(t)
|
||||
|
||||
tokenStr, _, err := gen.NewRefresh(42, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
token, err := gen.ValidateRefresh(context.Background(), tokenStr)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 42, token.SUB)
|
||||
require.Equal(t, "refresh", token.Scope)
|
||||
}
|
||||
|
||||
func TestValidateAccess_EmptyToken(t *testing.T) {
|
||||
gen := newTestGenerator(t)
|
||||
|
||||
_, err := gen.ValidateAccess(context.Background(), "")
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
func TestValidateRefresh_WrongScope(t *testing.T) {
|
||||
gen := newTestGenerator(t)
|
||||
|
||||
// Create access token but validate as refresh
|
||||
tokenStr, _, err := gen.NewAccess(1, false, false)
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = gen.ValidateRefresh(context.Background(), tokenStr)
|
||||
require.Error(t, err)
|
||||
}
|
||||
Reference in New Issue
Block a user