113 lines
2.5 KiB
Go
113 lines
2.5 KiB
Go
package jwt
|
|
|
|
import (
|
|
"database/sql"
|
|
"testing"
|
|
|
|
"github.com/DATA-DOG/go-sqlmock"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func expectNotRevoked(mock sqlmock.Sqlmock, jti any) {
|
|
mock.ExpectBegin()
|
|
mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`).
|
|
WithArgs(jti).
|
|
WillReturnRows(sqlmock.NewRows([]string{}))
|
|
mock.ExpectCommit()
|
|
}
|
|
|
|
func TestValidateAccess_Success(t *testing.T) {
|
|
gen, db, mock, cleanup := newGeneratorWithMockDB(t)
|
|
defer cleanup()
|
|
|
|
tokenStr, _, err := gen.NewAccess(42, true, false)
|
|
require.NoError(t, err)
|
|
|
|
// We don't know the JTI beforehand; match any arg
|
|
expectNotRevoked(mock, sqlmock.AnyArg())
|
|
|
|
tx, err := db.Begin()
|
|
require.NoError(t, err)
|
|
defer tx.Rollback()
|
|
|
|
token, err := gen.ValidateAccess(tx, tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "access", token.Scope)
|
|
tx.Commit()
|
|
}
|
|
|
|
func TestValidateAccess_NoDB(t *testing.T) {
|
|
gen := newGeneratorWithNoDB(t)
|
|
|
|
tokenStr, _, err := gen.NewAccess(42, true, false)
|
|
require.NoError(t, err)
|
|
|
|
// Use nil transaction for no-db case
|
|
var tx *sql.Tx = nil
|
|
|
|
token, err := gen.ValidateAccess(tx, tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "access", token.Scope)
|
|
}
|
|
|
|
func TestValidateRefresh_Success(t *testing.T) {
|
|
gen, db, mock, cleanup := newGeneratorWithMockDB(t)
|
|
defer cleanup()
|
|
|
|
tokenStr, _, err := gen.NewRefresh(42, false)
|
|
require.NoError(t, err)
|
|
|
|
expectNotRevoked(mock, sqlmock.AnyArg())
|
|
|
|
tx, err := db.Begin()
|
|
require.NoError(t, err)
|
|
defer tx.Rollback()
|
|
|
|
token, err := gen.ValidateRefresh(tx, tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "refresh", token.Scope)
|
|
tx.Commit()
|
|
}
|
|
|
|
func TestValidateRefresh_NoDB(t *testing.T) {
|
|
gen := newGeneratorWithNoDB(t)
|
|
|
|
tokenStr, _, err := gen.NewRefresh(42, false)
|
|
require.NoError(t, err)
|
|
|
|
// Use nil transaction for no-db case
|
|
var tx *sql.Tx = nil
|
|
|
|
token, err := gen.ValidateRefresh(tx, tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "refresh", token.Scope)
|
|
}
|
|
|
|
func TestValidateAccess_EmptyToken(t *testing.T) {
|
|
gen := newTestGenerator(t)
|
|
|
|
// Use nil transaction
|
|
var tx *sql.Tx = nil
|
|
|
|
_, err := gen.ValidateAccess(tx, "")
|
|
require.Error(t, err)
|
|
}
|
|
|
|
func TestValidateRefresh_WrongScope(t *testing.T) {
|
|
gen := newTestGenerator(t)
|
|
|
|
// Create access token but validate as refresh
|
|
tokenStr, _, err := gen.NewAccess(1, false, false)
|
|
require.NoError(t, err)
|
|
|
|
// Use nil transaction
|
|
var tx *sql.Tx = nil
|
|
|
|
_, err = gen.ValidateRefresh(tx, tokenStr)
|
|
require.Error(t, err)
|
|
}
|