node: make jwt tests less time-dependent (#25120)
This commit is contained in:
parent
01e5e9c2c3
commit
21129ec838
@ -319,55 +319,100 @@ func TestJWT(t *testing.T) {
|
|||||||
wsUrl := fmt.Sprintf("ws://%v", srv.listenAddr())
|
wsUrl := fmt.Sprintf("ws://%v", srv.listenAddr())
|
||||||
htUrl := fmt.Sprintf("http://%v", srv.listenAddr())
|
htUrl := fmt.Sprintf("http://%v", srv.listenAddr())
|
||||||
|
|
||||||
expOk := []string{
|
expOk := []func() string{
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
func() string {
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 4})),
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 4})),
|
},
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
func() string {
|
||||||
"iat": time.Now().Unix(),
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 4}))
|
||||||
"exp": time.Now().Unix() + 2,
|
},
|
||||||
})),
|
func() string {
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 4}))
|
||||||
"iat": time.Now().Unix(),
|
},
|
||||||
"bar": "baz",
|
func() string {
|
||||||
})),
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
||||||
|
"iat": time.Now().Unix(),
|
||||||
|
"exp": time.Now().Unix() + 2,
|
||||||
|
}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{
|
||||||
|
"iat": time.Now().Unix(),
|
||||||
|
"bar": "baz",
|
||||||
|
}))
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for i, token := range expOk {
|
for i, tokenFn := range expOk {
|
||||||
|
token := tokenFn()
|
||||||
if err := wsRequest(t, wsUrl, "Authorization", token); err != nil {
|
if err := wsRequest(t, wsUrl, "Authorization", token); err != nil {
|
||||||
t.Errorf("test %d-ws, token '%v': expected ok, got %v", i, token, err)
|
t.Errorf("test %d-ws, token '%v': expected ok, got %v", i, token, err)
|
||||||
}
|
}
|
||||||
|
token = tokenFn()
|
||||||
if resp := rpcRequest(t, htUrl, "Authorization", token); resp.StatusCode != 200 {
|
if resp := rpcRequest(t, htUrl, "Authorization", token); resp.StatusCode != 200 {
|
||||||
t.Errorf("test %d-http, token '%v': expected ok, got %v", i, token, resp.StatusCode)
|
t.Errorf("test %d-http, token '%v': expected ok, got %v", i, token, resp.StatusCode)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
expFail := []string{
|
|
||||||
|
expFail := []func() string{
|
||||||
// future
|
// future
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 6})),
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 6}))
|
||||||
|
},
|
||||||
// stale
|
// stale
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 6})),
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 6}))
|
||||||
|
},
|
||||||
// wrong algo
|
// wrong algo
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, jwt.SigningMethodHS512, testClaim{"iat": time.Now().Unix() + 4})),
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(secret, jwt.SigningMethodHS512, testClaim{"iat": time.Now().Unix() + 4}))
|
||||||
|
},
|
||||||
// expired
|
// expired
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix(), "exp": time.Now().Unix()})),
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix(), "exp": time.Now().Unix()}))
|
||||||
|
},
|
||||||
// missing mandatory iat
|
// missing mandatory iat
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{})),
|
func() string {
|
||||||
// wrong secret
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{}))
|
||||||
fmt.Sprintf("Bearer %v", issueToken([]byte("wrong"), nil, testClaim{"iat": time.Now().Unix()})),
|
},
|
||||||
fmt.Sprintf("Bearer %v", issueToken([]byte{}, nil, testClaim{"iat": time.Now().Unix()})),
|
// wrong secret
|
||||||
fmt.Sprintf("Bearer %v", issueToken(nil, nil, testClaim{"iat": time.Now().Unix()})),
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken([]byte("wrong"), nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken([]byte{}, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer %v", issueToken(nil, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
// Various malformed syntax
|
// Various malformed syntax
|
||||||
fmt.Sprintf("%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
func() string {
|
||||||
fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
return fmt.Sprintf("%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
fmt.Sprintf("bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
},
|
||||||
fmt.Sprintf("Bearer: %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
func() string {
|
||||||
fmt.Sprintf("Bearer:%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
fmt.Sprintf("Bearer\t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
},
|
||||||
fmt.Sprintf("Bearer \t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()})),
|
func() string {
|
||||||
|
return fmt.Sprintf("bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer: %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer:%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer\t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
|
func() string {
|
||||||
|
return fmt.Sprintf("Bearer \t%v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix()}))
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for i, token := range expFail {
|
for i, tokenFn := range expFail {
|
||||||
|
token := tokenFn()
|
||||||
if err := wsRequest(t, wsUrl, "Authorization", token); err == nil {
|
if err := wsRequest(t, wsUrl, "Authorization", token); err == nil {
|
||||||
t.Errorf("tc %d-ws, token '%v': expected not to allow, got ok", i, token)
|
t.Errorf("tc %d-ws, token '%v': expected not to allow, got ok", i, token)
|
||||||
}
|
}
|
||||||
|
token = tokenFn()
|
||||||
if resp := rpcRequest(t, htUrl, "Authorization", token); resp.StatusCode != 403 {
|
if resp := rpcRequest(t, htUrl, "Authorization", token); resp.StatusCode != 403 {
|
||||||
t.Errorf("tc %d-http, token '%v': expected not to allow, got %v", i, token, resp.StatusCode)
|
t.Errorf("tc %d-http, token '%v': expected not to allow, got %v", i, token, resp.StatusCode)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user