echo/middleware/jwt_test.go

package middleware

import (
	"net/http"
	"testing"

	"github.com/dgrijalva/jwt-go"
	"github.com/labstack/echo"
	"github.com/labstack/echo/test"
	"github.com/stretchr/testify/assert"
)

func TestJWT(t *testing.T) {
	e := echo.New()
	req := test.NewRequest(echo.GET, "/", nil)
	res := test.NewResponseRecorder()
	c := e.NewContext(req, res)
	handler := func(c echo.Context) error {
		return c.String(http.StatusOK, "test")
	}
	config := JWTConfig{}
	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

	// No signing key provided
	assert.Panics(t, func() {
		JWTWithConfig(config)
	})

	// Unexpected signing method
	config.SigningKey = []byte("secret")
	config.SigningMethod = "RS256"
	h := JWTWithConfig(config)(handler)
	he := h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusBadRequest, he.Code)

	// Invalid key
	auth := bearer + " " + token
	req.Header().Set(echo.HeaderAuthorization, auth)
	config.SigningKey = []byte("invalid-key")
	h = JWTWithConfig(config)(handler)
	he = h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)

	// Valid JWT
	h = JWT([]byte("secret"))(handler)
	if assert.NoError(t, h(c)) {
		user := c.Get("user").(*jwt.Token)
		assert.Equal(t, user.Claims["name"], "John Doe")
	}

	// Invalid Authorization header
	req.Header().Set(echo.HeaderAuthorization, "invalid-auth")
	h = JWT([]byte("secret"))(handler)
	he = h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusBadRequest, he.Code)
}
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-11 15:43:54 -07:00			`package middleware`

			`import (`
			`"net/http"`
			`"testing"`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-17 22:54:29 -07:00
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`"github.com/dgrijalva/jwt-go"`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-17 22:54:29 -07:00			`"github.com/labstack/echo"`
v2 is compiling now Signed-off-by: Vishal Rana <vr@labstack.com> 2016-01-28 23:46:11 -08:00			`"github.com/labstack/echo/test"`
Total coverage for middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-30 10:54:55 -07:00			`"github.com/stretchr/testify/assert"`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-11 15:43:54 -07:00			`)`

JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`func TestJWT(t *testing.T) {`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`e := echo.New()`
			`req := test.NewRequest(echo.GET, "/", nil)`
			`res := test.NewResponseRecorder()`
			`c := e.NewContext(req, res)`
			`handler := func(c echo.Context) error {`
			`return c.String(http.StatusOK, "test")`
			`}`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`config := JWTConfig{}`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"`

			`// No signing key provided`
			`assert.Panics(t, func() {`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`JWTWithConfig(config)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`})`

			`// Unexpected signing method`
Fixed #488 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-26 02:10:57 -07:00			`config.SigningKey = []byte("secret")`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`config.SigningMethod = "RS256"`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`h := JWTWithConfig(config)(handler)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`he := h(c).(*echo.HTTPError)`
			`assert.Equal(t, http.StatusBadRequest, he.Code)`

			`// Invalid key`
			`auth := bearer + " " + token`
			`req.Header().Set(echo.HeaderAuthorization, auth)`
Fixed #488 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-26 02:10:57 -07:00			`config.SigningKey = []byte("invalid-key")`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`h = JWTWithConfig(config)(handler)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`he = h(c).(*echo.HTTPError)`
Closes #314 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-03-11 07:53:54 -08:00			`assert.Equal(t, http.StatusUnauthorized, he.Code)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00
			`// Valid JWT`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`h = JWT([]byte("secret"))(handler)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`if assert.NoError(t, h(c)) {`
			`user := c.Get("user").(*jwt.Token)`
			`assert.Equal(t, user.Claims["name"], "John Doe")`
			`}`

			`// Invalid Authorization header`
			`req.Header().Set(echo.HeaderAuthorization, "invalid-auth")`
JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 07:45:03 -07:00			`h = JWT([]byte("secret"))(handler)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 10:58:11 -07:00			`he = h(c).(*echo.HTTPError)`
			`assert.Equal(t, http.StatusBadRequest, he.Code)`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-11 15:43:54 -07:00			`}`