echo/middleware/jwt_test.go

package middleware

import (
	"net/http"
	"testing"

	"github.com/dgrijalva/jwt-go"
	"github.com/labstack/echo"
	"github.com/labstack/echo/test"
	"github.com/stretchr/testify/assert"
)

func TestJWT(t *testing.T) {
	e := echo.New()
	handler := func(c echo.Context) error {
		return c.String(http.StatusOK, "test")
	}
	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
	validKey := []byte("secret")
	invalidKey := []byte("invalid-key")
	validAuth := bearer + " " + token
	redirect := func(c echo.Context) error {
		return echo.NewHTTPError(http.StatusFound, "redirect")
	}

	for _, tc := range []struct {
		expPanic   bool
		expErrCode int // 0 for Success
		config     JWTConfig
		reqURL     string // "/" if empty
		hdrAuth    string
		info       string
	}{
		{expPanic: true, info: "No signing key provided"},
		{
			expErrCode: http.StatusBadRequest,
			config: JWTConfig{
				SigningKey:    validKey,
				SigningMethod: "RS256",
			},
			info: "Unexpected signing method",
		},
		{
			expErrCode: http.StatusUnauthorized,
			hdrAuth:    validAuth,
			config:     JWTConfig{SigningKey: invalidKey},
			info:       "Invalid key",
		},
		{
			hdrAuth: validAuth,
			config:  JWTConfig{SigningKey: validKey},
			info:    "Valid JWT",
		},
		{
			hdrAuth:    "invalid-auth",
			expErrCode: http.StatusBadRequest,
			config:     JWTConfig{SigningKey: validKey},
			info:       "Invalid Authorization header",
		},
		{
			config:     JWTConfig{SigningKey: validKey},
			hdrAuth:    "",
			expErrCode: http.StatusBadRequest,
			info:       "Empty header auth field",
		},
		{
			config: JWTConfig{
				SigningKey:       validKey,
				HandleEmptyToken: redirect,
			},
			hdrAuth:    "",
			expErrCode: http.StatusFound,
			info:       "Empty header auth field with redirect",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL: "/?a=b&jwt=" + token,
			info:   "Valid query method",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b&jwtxyz=" + token,
			expErrCode: http.StatusBadRequest,
			info:       "Invalid query param name",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b&jwt=invalid-token",
			expErrCode: http.StatusUnauthorized,
			info:       "Invalid query param value",
		},
		{
			config: JWTConfig{
				SigningKey:  validKey,
				TokenLookup: "query:jwt",
			},
			reqURL:     "/?a=b",
			expErrCode: http.StatusBadRequest,
			info:       "Empty query",
		},
		{
			config: JWTConfig{
				SigningKey:       validKey,
				TokenLookup:      "query:jwt",
				HandleEmptyToken: redirect,
			},
			reqURL:     "/?a=b",
			expErrCode: http.StatusFound,
			info:       "Empty query with redirect",
		},
	} {

		if tc.reqURL == "" {
			tc.reqURL = "/"
		}

		req := test.NewRequest(echo.GET, tc.reqURL, nil)
		res := test.NewResponseRecorder()
		req.Header().Set(echo.HeaderAuthorization, tc.hdrAuth)
		c := e.NewContext(req, res)

		if tc.expPanic {
			assert.Panics(t, func() {
				JWTWithConfig(tc.config)
			}, tc.info)
			continue
		}

		if tc.expErrCode != 0 {
			h := JWTWithConfig(tc.config)(handler)
			he := h(c).(*echo.HTTPError)
			assert.Equal(t, tc.expErrCode, he.Code, tc.info)
			continue
		}

		h := JWTWithConfig(tc.config)(handler)
		if assert.NoError(t, h(c), tc.info) {
			user := c.Get("user").(*jwt.Token)
			claims := user.Claims.(jwt.MapClaims)
			assert.Equal(t, claims["name"], "John Doe", tc.info)
		}
	}
}
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`package middleware`

			`import (`
			`"net/http"`
			`"testing"`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 19:58:11 +02:00			`"github.com/dgrijalva/jwt-go"`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			`"github.com/labstack/echo"`
v2 is compiling now Signed-off-by: Vishal Rana <vr@labstack.com> 2016-01-29 09:46:11 +02:00			`"github.com/labstack/echo/test"`
Total coverage for middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-30 19:54:55 +02:00			`"github.com/stretchr/testify/assert"`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`)`

JWTAuth to JWT Signed-off-by: Vishal Rana <vr@labstack.com> 2016-05-07 16:45:03 +02:00			`func TestJWT(t *testing.T) {`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 19:58:11 +02:00			`e := echo.New()`
			`handler := func(c echo.Context) error {`
			`return c.String(http.StatusOK, "test")`
			`}`
			`token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"`
Refactor JWT tests to table based Now state isn't shared. 2016-07-02 00:07:40 +02:00			`validKey := []byte("secret")`
			`invalidKey := []byte("invalid-key")`
			`validAuth := bearer + " " + token`
Add HandleEmptyToken to JWT middleware Now it is possible to add custom handler for missing JWT. 2016-07-02 00:55:11 +02:00			`redirect := func(c echo.Context) error {`
			`return echo.NewHTTPError(http.StatusFound, "redirect")`
			`}`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 19:58:11 +02:00
Refactor JWT tests to table based Now state isn't shared. 2016-07-02 00:07:40 +02:00			`for _, tc := range []struct {`
			`expPanic bool`
			`expErrCode int // 0 for Success`
			`config JWTConfig`
			`reqURL string // "/" if empty`
			`hdrAuth string`
			`info string`
			`}{`
			`{expPanic: true, info: "No signing key provided"},`
			`{`
			`expErrCode: http.StatusBadRequest,`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`SigningMethod: "RS256",`
			`},`
			`info: "Unexpected signing method",`
			`},`
			`{`
			`expErrCode: http.StatusUnauthorized,`
			`hdrAuth: validAuth,`
			`config: JWTConfig{SigningKey: invalidKey},`
			`info: "Invalid key",`
			`},`
			`{`
			`hdrAuth: validAuth,`
			`config: JWTConfig{SigningKey: validKey},`
			`info: "Valid JWT",`
			`},`
			`{`
			`hdrAuth: "invalid-auth",`
			`expErrCode: http.StatusBadRequest,`
			`config: JWTConfig{SigningKey: validKey},`
			`info: "Invalid Authorization header",`
			`},`
			`{`
			`config: JWTConfig{SigningKey: validKey},`
			`hdrAuth: "",`
			`expErrCode: http.StatusBadRequest,`
			`info: "Empty header auth field",`
			`},`
Add HandleEmptyToken to JWT middleware Now it is possible to add custom handler for missing JWT. 2016-07-02 00:55:11 +02:00			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`HandleEmptyToken: redirect,`
			`},`
			`hdrAuth: "",`
			`expErrCode: http.StatusFound,`
			`info: "Empty header auth field with redirect",`
			`},`
Add JWT tests for _query_ method 2016-07-02 00:27:48 +02:00			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`TokenLookup: "query:jwt",`
			`},`
			`reqURL: "/?a=b&jwt=" + token,`
			`info: "Valid query method",`
			`},`
			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`TokenLookup: "query:jwt",`
			`},`
			`reqURL: "/?a=b&jwtxyz=" + token,`
			`expErrCode: http.StatusBadRequest,`
			`info: "Invalid query param name",`
			`},`
			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`TokenLookup: "query:jwt",`
			`},`
			`reqURL: "/?a=b&jwt=invalid-token",`
			`expErrCode: http.StatusUnauthorized,`
			`info: "Invalid query param value",`
			`},`
			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`TokenLookup: "query:jwt",`
			`},`
			`reqURL: "/?a=b",`
			`expErrCode: http.StatusBadRequest,`
			`info: "Empty query",`
			`},`
Add HandleEmptyToken to JWT middleware Now it is possible to add custom handler for missing JWT. 2016-07-02 00:55:11 +02:00			`{`
			`config: JWTConfig{`
			`SigningKey: validKey,`
			`TokenLookup: "query:jwt",`
			`HandleEmptyToken: redirect,`
			`},`
			`reqURL: "/?a=b",`
			`expErrCode: http.StatusFound,`
			`info: "Empty query with redirect",`
			`},`
Refactor JWT tests to table based Now state isn't shared. 2016-07-02 00:07:40 +02:00			`} {`

			`if tc.reqURL == "" {`
			`tc.reqURL = "/"`
			`}`

			`req := test.NewRequest(echo.GET, tc.reqURL, nil)`
			`res := test.NewResponseRecorder()`
			`req.Header().Set(echo.HeaderAuthorization, tc.hdrAuth)`
			`c := e.NewContext(req, res)`
Added JWT middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-25 19:58:11 +02:00
Refactor JWT tests to table based Now state isn't shared. 2016-07-02 00:07:40 +02:00			`if tc.expPanic {`
			`assert.Panics(t, func() {`
			`JWTWithConfig(tc.config)`
			`}, tc.info)`
			`continue`
			`}`

			`if tc.expErrCode != 0 {`
			`h := JWTWithConfig(tc.config)(handler)`
			`he := h(c).(*echo.HTTPError)`
			`assert.Equal(t, tc.expErrCode, he.Code, tc.info)`
			`continue`
			`}`

			`h := JWTWithConfig(tc.config)(handler)`
			`if assert.NoError(t, h(c), tc.info) {`
			`user := c.Get("user").(*jwt.Token)`
			`claims := user.Claims.(jwt.MapClaims)`
			`assert.Equal(t, claims["name"], "John Doe", tc.info)`
			`}`
			`}`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`