go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 18:51:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
3db77684ec
iris/middleware/jwt/jwt_test.go

335 lines
8.9 KiB
Go
Raw Normal View History

New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
// Package jwt_test contains simple Iris jwt tests. Most of the jwt functionality is already tested inside the jose package itself.
package jwt_test
import (
jwt: add more helpers (DefaultRSA and DefaultHMAC) Former-commit-id: fe06c0e0f4d7e121c678ffda7ac702ae865abd00
2020-05-31 16:57:30 +02:00
"os"
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
"testing"
"time"
"github.com/kataras/iris/v12"
"github.com/kataras/iris/v12/httptest"
"github.com/kataras/iris/v12/middleware/jwt"
)
type userClaims struct {
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
// Optionally:
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience jwt.Audience `json:"aud"`
//
Username string `json:"username"`
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
const testMaxAge = 7 * time.Second
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
// Random RSA verification and encryption.
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
func TestRSA(t *testing.T) {
j := jwt.RSA(testMaxAge)
jwt: add more helpers (DefaultRSA and DefaultHMAC) Former-commit-id: fe06c0e0f4d7e121c678ffda7ac702ae865abd00
2020-05-31 16:57:30 +02:00
t.Cleanup(func() {
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
os.Remove(jwt.DefaultSignFilename)
os.Remove(jwt.DefaultEncFilename)
jwt: add more helpers (DefaultRSA and DefaultHMAC) Former-commit-id: fe06c0e0f4d7e121c678ffda7ac702ae865abd00
2020-05-31 16:57:30 +02:00
})
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
testWriteVerifyBlockToken(t, j)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
// HMAC verification and encryption.
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
func TestHMAC(t *testing.T) {
j := jwt.HMAC(testMaxAge, "secret", "itsa16bytesecret")
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
testWriteVerifyBlockToken(t, j)
jwt: add more helpers (DefaultRSA and DefaultHMAC) Former-commit-id: fe06c0e0f4d7e121c678ffda7ac702ae865abd00
2020-05-31 16:57:30 +02:00
}
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
func TestNew_HMAC(t *testing.T) {
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
j, err := jwt.New(testMaxAge, jwt.HS256, []byte("secret"))
if err != nil {
t.Fatal(err)
}
err = j.WithEncryption(jwt.A128GCM, jwt.DIRECT, []byte("itsa16bytesecret"))
if err != nil {
t.Fatal(err)
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
testWriteVerifyBlockToken(t, j)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
// HMAC verification only (unecrypted).
func TestVerify(t *testing.T) {
j, err := jwt.New(testMaxAge, jwt.HS256, []byte("another secret"))
if err != nil {
t.Fatal(err)
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
testWriteVerifyBlockToken(t, j)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
func testWriteVerifyBlockToken(t *testing.T, j *jwt.JWT) {
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
t.Helper()
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
j.UseBlocklist()
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
j.Extractors = append(j.Extractors, jwt.FromJSON("access_token"))
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
customClaims := &userClaims{
Issuer: "an-issuer",
Audience: jwt.Audience{"an-audience"},
Subject: "user",
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
Username: "kataras",
}
app := iris.New()
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
app.OnErrorCode(iris.StatusUnauthorized, func(ctx iris.Context) {
if err := ctx.GetErr(); err != nil {
// Test accessing the private error and set this as the response body.
ctx.WriteString(err.Error())
} else { // Else the default behavior
ctx.WriteString(iris.StatusText(iris.StatusUnauthorized))
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
})
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
app.Get("/auth", func(ctx iris.Context) {
j.WriteToken(ctx, customClaims)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
})
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
app.Post("/protected", func(ctx iris.Context) {
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
var claims userClaims
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
_, err := j.VerifyToken(ctx, &claims)
if err != nil {
// t.Logf("%s: %v", ctx.Path(), err)
ctx.StopWithError(iris.StatusUnauthorized, iris.PrivateError(err))
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
return
}
ctx.JSON(claims)
})
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
m := app.Party("/middleware")
m.Use(j.Verify(func() interface{} {
return new(userClaims)
}))
m.Post("/protected", func(ctx iris.Context) {
claims := jwt.Get(ctx)
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
ctx.JSON(claims)
})
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
m.Post("/invalidate", func(ctx iris.Context) {
ctx.Logout() // OR j.Invalidate(ctx)
})
reorganization of _examples and add some new examples such as iris+groupcache+mysql+docker Former-commit-id: ed635ee95de7160cde11eaabc0c1dcb0e460a620
2020-06-07 14:26:06 +02:00
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
e := httptest.New(t, app)
// Get token.
rawToken := e.GET("/auth").Expect().Status(httptest.StatusOK).Body().Raw()
if rawToken == "" {
t.Fatalf("empty token")
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
restrictedPaths := [...]string{"/protected", "/middleware/protected"}
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
now := time.Now()
for _, path := range restrictedPaths {
// Authorization Header.
e.POST(path).WithHeader("Authorization", "Bearer "+rawToken).Expect().
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
Status(httptest.StatusOK).JSON().Equal(customClaims)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
// URL Query.
e.POST(path).WithQuery("token", rawToken).Expect().
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
Status(httptest.StatusOK).JSON().Equal(customClaims)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
// JSON Body.
e.POST(path).WithJSON(iris.Map{"access_token": rawToken}).Expect().
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
Status(httptest.StatusOK).JSON().Equal(customClaims)
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
// Missing "Bearer".
e.POST(path).WithHeader("Authorization", rawToken).Expect().
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
Status(httptest.StatusUnauthorized).Body().Equal("token is missing")
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
// Invalidate the token.
e.POST("/middleware/invalidate").WithQuery("token", rawToken).Expect().
Status(httptest.StatusOK)
// Token is blocked by server.
e.POST("/middleware/protected").WithQuery("token", rawToken).Expect().
Status(httptest.StatusUnauthorized).Body().Equal("token is blocked")
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
expireRemDur := testMaxAge - time.Since(now)
// Expiration.
time.Sleep(expireRemDur /* -end */)
for _, path := range restrictedPaths {
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
e.POST(path).WithQuery("token", rawToken).Expect().
Status(httptest.StatusUnauthorized).Body().Equal("token is expired (exp)")
}
}
func TestVerifyMap(t *testing.T) {
j := jwt.HMAC(testMaxAge, "secret", "itsa16bytesecret")
expectedClaims := iris.Map{
"iss": "tester",
"username": "makis",
"roles": []string{"admin"},
}
app := iris.New()
app.Get("/user/auth", func(ctx iris.Context) {
err := j.WriteToken(ctx, expectedClaims)
if err != nil {
ctx.StopWithError(iris.StatusUnauthorized, err)
return
}
if expectedClaims["exp"] == nil || expectedClaims["iat"] == nil {
ctx.StopWithText(iris.StatusBadRequest,
"exp or/and iat is nil - this means that the expiry was not set")
return
}
})
userAPI := app.Party("/user")
userAPI.Post("/", func(ctx iris.Context) {
var claims iris.Map
if _, err := j.VerifyToken(ctx, &claims); err != nil {
ctx.StopWithError(iris.StatusUnauthorized, iris.PrivateError(err))
return
}
ctx.JSON(claims)
})
// Test map + Verify middleware.
jwt: add VerifyJSON and ReadJSON helpers
2020-10-17 14:22:42 +02:00
userAPI.Post("/middleware", j.Verify(nil), func(ctx iris.Context) {
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
claims := jwt.Get(ctx)
ctx.JSON(claims)
})
e := httptest.New(t, app, httptest.LogLevel("error"))
token := e.GET("/user/auth").Expect().Status(httptest.StatusOK).Body().Raw()
if token == "" {
t.Fatalf("empty token")
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
e.POST("/user").WithHeader("Authorization", "Bearer "+token).Expect().
Status(httptest.StatusOK).JSON().Equal(expectedClaims)
e.POST("/user/middleware").WithHeader("Authorization", "Bearer "+token).Expect().
Status(httptest.StatusOK).JSON().Equal(expectedClaims)
e.POST("/user").Expect().Status(httptest.StatusUnauthorized)
}
type customClaims struct {
Username string `json:"username"`
Token string `json:"token"`
}
func (c *customClaims) SetToken(tok string) {
c.Token = tok
}
func TestVerifyStruct(t *testing.T) {
maxAge := testMaxAge / 2
j := jwt.HMAC(maxAge, "secret", "itsa16bytesecret")
app := iris.New()
app.Get("/user/auth", func(ctx iris.Context) {
err := j.WriteToken(ctx, customClaims{
Username: "makis",
})
if err != nil {
ctx.StopWithError(iris.StatusUnauthorized, err)
return
}
})
userAPI := app.Party("/user")
userAPI.Post("/", func(ctx iris.Context) {
var claims customClaims
if _, err := j.VerifyToken(ctx, &claims); err != nil {
ctx.StopWithError(iris.StatusUnauthorized, iris.PrivateError(err))
return
}
ctx.JSON(claims)
})
e := httptest.New(t, app)
token := e.GET("/user/auth").Expect().Status(httptest.StatusOK).Body().Raw()
if token == "" {
t.Fatalf("empty token")
}
e.POST("/user").WithHeader("Authorization", "Bearer "+token).Expect().
Status(httptest.StatusOK).JSON().Object().ContainsMap(iris.Map{
"username": "makis",
"token": token, // Test SetToken.
})
e.POST("/user").Expect().Status(httptest.StatusUnauthorized)
time.Sleep(maxAge)
e.POST("/user").WithHeader("Authorization", "Bearer "+token).Expect().Status(httptest.StatusUnauthorized)
}
jwt: add VerifyJSON and ReadJSON helpers
2020-10-17 14:22:42 +02:00
func TestVerifyJSON(t *testing.T) {
j := jwt.HMAC(testMaxAge, "secret", "itsa16bytesecret")
app := iris.New()
app.Get("/user/auth", func(ctx iris.Context) {
err := j.WriteToken(ctx, iris.Map{"roles": []string{"admin"}})
if err != nil {
ctx.StopWithError(iris.StatusUnauthorized, err)
return
}
})
app.Post("/", j.VerifyJSON(), func(ctx iris.Context) {
claims := struct {
Roles []string `json:"roles"`
}{}
jwt.ReadJSON(ctx, &claims)
ctx.JSON(claims)
})
e := httptest.New(t, app, httptest.LogLevel("error"))
token := e.GET("/user/auth").Expect().Status(httptest.StatusOK).Body().Raw()
if token == "" {
t.Fatalf("empty token")
}
e.POST("/").WithHeader("Authorization", "Bearer "+token).Expect().
Status(httptest.StatusOK).JSON().Equal(iris.Map{"roles": []string{"admin"}})
e.POST("/").Expect().Status(httptest.StatusUnauthorized)
}
New JWT features and changes (examples updated). Improvements on the Context User and Private Error features TODO: Write the new e-book JWT section and the HISTORY entry of the chnages and add a simple example on site docs
2020-10-17 05:40:17 +02:00
func TestVerifyUserAndExpected(t *testing.T) { // Tests the jwt.User struct + context validator + expected.
maxAge := testMaxAge / 2
j := jwt.HMAC(maxAge, "secret", "itsa16bytesecret")
expectedUser := j.NewUser(jwt.Username("makis"), jwt.Roles("admin"), jwt.Fields(iris.Map{
"custom": true,
})) // only for the sake of the test, we iniitalize it here.
expectedUser.Issuer = "tester"
app := iris.New()
app.Get("/user/auth", func(ctx iris.Context) {
tok, err := expectedUser.GetToken()
if err != nil {
ctx.StopWithError(iris.StatusInternalServerError, err)
return
}
ctx.WriteString(tok)
})
userAPI := app.Party("/user")
userAPI.Use(jwt.WithExpected(jwt.Expected{Issuer: "tester"}, j.VerifyUser()))
userAPI.Post("/", func(ctx iris.Context) {
user := ctx.User()
ctx.JSON(user)
})
e := httptest.New(t, app)
token := e.GET("/user/auth").Expect().Status(httptest.StatusOK).Body().Raw()
if token == "" {
t.Fatalf("empty token")
}
e.POST("/user").WithHeader("Authorization", "Bearer "+token).Expect().
Status(httptest.StatusOK).JSON().Equal(expectedUser)
// Test generic client message if we don't manage the private error by ourselves.
e.POST("/user").Expect().Status(httptest.StatusUnauthorized).Body().Equal("Unauthorized")
New builtin JWT middleware - this one supports encryption and ed25519 Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc
2020-05-27 11:02:17 +02:00
}
Reference in New Issue Copy Permalink