mirror of
https://github.com/labstack/echo.git
synced 2025-03-25 21:38:56 +02:00
83 lines
2.2 KiB
Go
83 lines
2.2 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/labstack/echo"
|
|
"github.com/labstack/echo/test"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// jwtCustomInfo defines some custom types we're going to use within our tokens.
|
|
type jwtCustomInfo struct {
|
|
Name string `json:"name"`
|
|
Admin bool `json:"admin"`
|
|
}
|
|
|
|
// jwtCustomClaims are custom claims expanding default ones.
|
|
type jwtCustomClaims struct {
|
|
*jwt.StandardClaims
|
|
jwtCustomInfo
|
|
}
|
|
|
|
func TestJWT(t *testing.T) {
|
|
e := echo.New()
|
|
req := test.NewRequest(echo.GET, "/", nil)
|
|
res := test.NewResponseRecorder()
|
|
c := e.NewContext(req, res)
|
|
handler := func(c echo.Context) error {
|
|
return c.String(http.StatusOK, "test")
|
|
}
|
|
config := JWTConfig{}
|
|
token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
|
|
|
|
// No signing key provided
|
|
assert.Panics(t, func() {
|
|
JWTWithConfig(config)
|
|
})
|
|
|
|
// Unexpected signing method
|
|
config.SigningKey = []byte("secret")
|
|
config.SigningMethod = "RS256"
|
|
h := JWTWithConfig(config)(handler)
|
|
he := h(c).(*echo.HTTPError)
|
|
assert.Equal(t, http.StatusBadRequest, he.Code)
|
|
|
|
// Invalid key
|
|
auth := bearer + " " + token
|
|
req.Header().Set(echo.HeaderAuthorization, auth)
|
|
config.SigningKey = []byte("invalid-key")
|
|
h = JWTWithConfig(config)(handler)
|
|
he = h(c).(*echo.HTTPError)
|
|
assert.Equal(t, http.StatusUnauthorized, he.Code)
|
|
|
|
// Valid JWT
|
|
h = JWT([]byte("secret"))(handler)
|
|
if assert.NoError(t, h(c)) {
|
|
user := c.Get("user").(*jwt.Token)
|
|
claims := user.Claims.(jwt.MapClaims)
|
|
assert.Equal(t, claims["name"], "John Doe")
|
|
}
|
|
|
|
// Valid JWT with custom claims
|
|
config = JWTConfig{
|
|
Claims: &jwtCustomClaims{},
|
|
SigningKey: []byte("secret"),
|
|
}
|
|
h = JWTWithConfig(config)(handler)
|
|
if assert.NoError(t, h(c)) {
|
|
user := c.Get("user").(*jwt.Token)
|
|
claims := user.Claims.(*jwtCustomClaims)
|
|
assert.Equal(t, claims.Name, "John Doe")
|
|
assert.Equal(t, claims.Admin, true)
|
|
}
|
|
|
|
// Invalid Authorization header
|
|
req.Header().Set(echo.HeaderAuthorization, "invalid-auth")
|
|
h = JWT([]byte("secret"))(handler)
|
|
he = h(c).(*echo.HTTPError)
|
|
assert.Equal(t, http.StatusBadRequest, he.Code)
|
|
}
|