108 lines
2.5 KiB
Go
108 lines
2.5 KiB
Go
package jwt
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/DATA-DOG/go-sqlmock"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func newGeneratorWithMockDB(t *testing.T) (*TokenGenerator, sqlmock.Sqlmock, func()) {
|
|
db, mock, err := sqlmock.New()
|
|
require.NoError(t, err)
|
|
|
|
gen, err := CreateGenerator(
|
|
15,
|
|
60,
|
|
5,
|
|
"example.com",
|
|
"supersecret",
|
|
db,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
return gen, mock, func() { db.Close() }
|
|
}
|
|
|
|
func expectNotRevoked(mock sqlmock.Sqlmock, jti any) {
|
|
mock.ExpectBegin()
|
|
mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`).
|
|
WithArgs(jti).
|
|
WillReturnRows(sqlmock.NewRows([]string{}))
|
|
mock.ExpectCommit()
|
|
}
|
|
|
|
func TestValidateAccess_Success(t *testing.T) {
|
|
gen, mock, cleanup := newGeneratorWithMockDB(t)
|
|
defer cleanup()
|
|
|
|
tokenStr, _, err := gen.NewAccess(42, true, false)
|
|
require.NoError(t, err)
|
|
|
|
// We don't know the JTI beforehand; match any arg
|
|
expectNotRevoked(mock, sqlmock.AnyArg())
|
|
|
|
token, err := gen.ValidateAccess(context.Background(), tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "access", token.Scope)
|
|
}
|
|
|
|
func TestValidateAccess_NoDB(t *testing.T) {
|
|
gen := newGeneratorWithNoDB(t)
|
|
|
|
tokenStr, _, err := gen.NewAccess(42, true, false)
|
|
require.NoError(t, err)
|
|
|
|
token, err := gen.ValidateAccess(context.Background(), tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "access", token.Scope)
|
|
}
|
|
|
|
func TestValidateRefresh_Success(t *testing.T) {
|
|
gen, mock, cleanup := newGeneratorWithMockDB(t)
|
|
defer cleanup()
|
|
|
|
tokenStr, _, err := gen.NewRefresh(42, false)
|
|
require.NoError(t, err)
|
|
|
|
expectNotRevoked(mock, sqlmock.AnyArg())
|
|
|
|
token, err := gen.ValidateRefresh(context.Background(), tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "refresh", token.Scope)
|
|
}
|
|
|
|
func TestValidateRefresh_NoDB(t *testing.T) {
|
|
gen := newGeneratorWithNoDB(t)
|
|
|
|
tokenStr, _, err := gen.NewRefresh(42, false)
|
|
require.NoError(t, err)
|
|
|
|
token, err := gen.ValidateRefresh(context.Background(), tokenStr)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 42, token.SUB)
|
|
require.Equal(t, "refresh", token.Scope)
|
|
}
|
|
|
|
func TestValidateAccess_EmptyToken(t *testing.T) {
|
|
gen := newTestGenerator(t)
|
|
|
|
_, err := gen.ValidateAccess(context.Background(), "")
|
|
require.Error(t, err)
|
|
}
|
|
|
|
func TestValidateRefresh_WrongScope(t *testing.T) {
|
|
gen := newTestGenerator(t)
|
|
|
|
// Create access token but validate as refresh
|
|
tokenStr, _, err := gen.NewAccess(1, false, false)
|
|
require.NoError(t, err)
|
|
|
|
_, err = gen.ValidateRefresh(context.Background(), tokenStr)
|
|
require.Error(t, err)
|
|
}
|