93 lines
2.9 KiB
Go
93 lines
2.9 KiB
Go
package test
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/authorizerdev/authorizer/server/db/models"
|
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
|
"github.com/authorizerdev/authorizer/server/memorystore"
|
|
"github.com/authorizerdev/authorizer/server/resolvers"
|
|
"github.com/authorizerdev/authorizer/server/token"
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
|
"github.com/google/uuid"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
|
t.Helper()
|
|
_, ctx := createContext(s)
|
|
t.Run(`validate params`, func(t *testing.T) {
|
|
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "access_token",
|
|
Token: "",
|
|
})
|
|
assert.Error(t, err)
|
|
assert.Nil(t, res)
|
|
res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "access_token",
|
|
Token: "invalid",
|
|
})
|
|
assert.Error(t, err)
|
|
assert.Nil(t, res)
|
|
_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "access_token_invalid",
|
|
Token: "invalid@invalid",
|
|
})
|
|
assert.Error(t, err, "invalid token")
|
|
})
|
|
|
|
scope := []string{"openid", "email", "profile", "offline_access"}
|
|
user := models.User{
|
|
ID: uuid.New().String(),
|
|
Email: "jwt_test_" + s.TestInfo.Email,
|
|
Roles: "user",
|
|
UpdatedAt: time.Now().Unix(),
|
|
CreatedAt: time.Now().Unix(),
|
|
}
|
|
|
|
roles := []string{"user"}
|
|
gc, err := utils.GinContextFromContext(ctx)
|
|
assert.NoError(t, err)
|
|
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
|
memorystore.Provider.SetUserSession(user.ID, authToken.FingerPrintHash, authToken.FingerPrint)
|
|
memorystore.Provider.SetUserSession(user.ID, authToken.AccessToken.Token, authToken.FingerPrint)
|
|
memorystore.Provider.SetUserSession(user.ID, authToken.RefreshToken.Token, authToken.FingerPrint)
|
|
|
|
t.Run(`should validate the access token`, func(t *testing.T) {
|
|
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "access_token",
|
|
Token: authToken.AccessToken.Token,
|
|
Roles: []string{"user"},
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.True(t, res.IsValid)
|
|
|
|
res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "access_token",
|
|
Token: authToken.AccessToken.Token,
|
|
Roles: []string{"invalid_role"},
|
|
})
|
|
|
|
assert.Error(t, err)
|
|
})
|
|
|
|
t.Run(`should validate the refresh token`, func(t *testing.T) {
|
|
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "refresh_token",
|
|
Token: authToken.RefreshToken.Token,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.True(t, res.IsValid)
|
|
})
|
|
|
|
t.Run(`should validate the id token`, func(t *testing.T) {
|
|
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
|
TokenType: "id_token",
|
|
Token: authToken.IDToken.Token,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.True(t, res.IsValid)
|
|
})
|
|
}
|