mirror of
https://github.com/CJackHwang/ds2api.git
synced 2026-05-01 23:15:27 +08:00
87 lines
2.4 KiB
Go
87 lines
2.4 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"ds2api/internal/config"
|
|
)
|
|
|
|
func TestJWTCreateVerify(t *testing.T) {
|
|
token, err := CreateJWT(1)
|
|
if err != nil {
|
|
t.Fatalf("create jwt failed: %v", err)
|
|
}
|
|
payload, err := VerifyJWT(token)
|
|
if err != nil {
|
|
t.Fatalf("verify jwt failed: %v", err)
|
|
}
|
|
if payload["role"] != "admin" {
|
|
t.Fatalf("unexpected payload: %#v", payload)
|
|
}
|
|
}
|
|
|
|
func TestVerifyAdminRequest(t *testing.T) {
|
|
token, _ := CreateJWT(1)
|
|
req, _ := http.NewRequest(http.MethodGet, "/admin/config", nil)
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
if err := VerifyAdminRequest(req); err != nil {
|
|
t.Fatalf("expected token accepted: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestVerifyJWTWithStoreValidAfter(t *testing.T) {
|
|
t.Setenv("DS2API_CONFIG_JSON", `{"admin":{"password_hash":"`+HashAdminPassword("oldpass")+`"}}`)
|
|
store := config.LoadStore()
|
|
token, err := CreateJWTWithStore(1, store)
|
|
if err != nil {
|
|
t.Fatalf("create jwt failed: %v", err)
|
|
}
|
|
if _, err := VerifyJWTWithStore(token, store); err != nil {
|
|
t.Fatalf("verify before invalidation failed: %v", err)
|
|
}
|
|
if err := store.Update(func(c *config.Config) error {
|
|
c.Admin.JWTValidAfterUnix = 1<<62 - 1
|
|
return nil
|
|
}); err != nil {
|
|
t.Fatalf("set valid-after failed: %v", err)
|
|
}
|
|
if _, err := VerifyJWTWithStore(token, store); err == nil {
|
|
t.Fatal("expected token invalid after valid-after update")
|
|
}
|
|
}
|
|
|
|
func TestVerifyJWTWithStoreSameSecondInvalidationAndRelogin(t *testing.T) {
|
|
t.Setenv("DS2API_CONFIG_JSON", `{"admin":{"password_hash":"`+HashAdminPassword("oldpass")+`"}}`)
|
|
store := config.LoadStore()
|
|
|
|
oldToken, err := CreateJWTWithStore(1, store)
|
|
if err != nil {
|
|
t.Fatalf("create old jwt failed: %v", err)
|
|
}
|
|
oldPayload, err := VerifyJWTWithStore(oldToken, store)
|
|
if err != nil {
|
|
t.Fatalf("verify old jwt before invalidation failed: %v", err)
|
|
}
|
|
oldIAT, _ := oldPayload["iat"].(float64)
|
|
|
|
if err := store.Update(func(c *config.Config) error {
|
|
c.Admin.JWTValidAfterUnix = int64(oldIAT)
|
|
return nil
|
|
}); err != nil {
|
|
t.Fatalf("set valid-after failed: %v", err)
|
|
}
|
|
|
|
if _, err := VerifyJWTWithStore(oldToken, store); err == nil {
|
|
t.Fatal("expected old token invalid when iat == valid-after")
|
|
}
|
|
|
|
newToken, err := CreateJWTWithStore(1, store)
|
|
if err != nil {
|
|
t.Fatalf("create new jwt failed: %v", err)
|
|
}
|
|
if _, err := VerifyJWTWithStore(newToken, store); err != nil {
|
|
t.Fatalf("expected new token valid after invalidation cutoff: %v", err)
|
|
}
|
|
}
|