luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/builtin/logical/jwt/backend_test.go
Erik Kristensen ae34ec2bff adding basic tests
2015-08-06 17:50:34 -06:00

163 lines
4.3 KiB
Go
Raw Blame History

package jwt
import (
"fmt"
"testing"
jwt "github.com/dgrijalva/jwt-go"
"github.com/hashicorp/vault/logical"
logicaltest "github.com/hashicorp/vault/logical/testing"
"github.com/mitchellh/mapstructure"
)
func TestBackend_basic(t *testing.T) {
tokenClaims := map[string]interface{}{
"iss": "Test Issuer",
"sub": "Test Subject",
"aud": "Test Audience",
"iat": 1438898720,
"nbf": 1438898720,
"exp": 1538898720,
"jti": "jti",
"ran": "random",
}
logicaltest.Test(t, logicaltest.TestCase{
Backend: Backend(),
Steps: []logicaltest.TestStep{
testAccStepWriteRole(t, "test", "HS256", "test"),
testAccStepReadRole(t, "test", "HS256", "test"),
testAccStepSignToken(t, "test", tokenClaims, false),
testAccStepDeleteRole(t, "test"),
testAccStepReadRole(t, "test", "HS256", "test"),
},
})
}
func TestBackend_defaults(t *testing.T) {
tokenClaims := map[string]interface{}{
"iat": 1438898720,
"nbf": 1438898720,
"exp": 1538898720,
"jti": "9fe94d93-7bb4-434c-b197-731b4b4c70d3",
"ran": "random",
}
logicaltest.Test(t, logicaltest.TestCase{
Backend: Backend(),
Steps: []logicaltest.TestStep{
testAccStepWriteRole(t, "test", "HS256", "test"),
testAccStepReadRole(t, "test", "HS256", "test"),
testAccStepSignToken(t, "test", tokenClaims, true),
testAccStepDeleteRole(t, "test"),
testAccStepReadRole(t, "test", "HS256", "test"),
},
})
}
func testAccStepWriteRole(t *testing.T, name string, algorithm string, key string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: "roles/" + name,
Data: map[string]interface{}{
"algorithm": algorithm,
"key": key,
"default_issuer": "Test Default Issuer",
"default_subject": "Test Default Subject",
"default_audience": "Test Default Audience",
},
}
}
func testAccStepDeleteRole(t *testing.T, name string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.DeleteOperation,
Path: "roles/" + name,
}
}
func testAccStepReadRole(t *testing.T, name string, algorithm string, key string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.ReadOperation,
Path: "roles/" + name,
Check: func(resp *logical.Response) error {
if resp == nil {
return fmt.Errorf("missing response")
}
var d struct {
Name string `json:"name" mapstructure:"name"`
Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"`
Key string `json:"key" structs:"key" mapstructure:"key"`
Issuer string `json:"iss" structs:"iss" mapstructure:"iss"`
Subject string `json:"sub" structs:"sub" mapstructure:"sub"`
Audience string `json:"aud" structs:"aud" mapstructure:"aud"`
}
if err := mapstructure.Decode(resp.Data, &d); err != nil {
return err
}
if d.Name != name {
return fmt.Errorf("bad: %#v", d)
}
if d.Algorithm != algorithm {
return fmt.Errorf("bad: %#v", d)
}
if d.Key != key {
return fmt.Errorf("bad: %#v", d)
}
return nil
},
}
}
func testAccStepSignToken(t *testing.T, name string, tokenClaims map[string]interface{}, defaults bool) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: "issue/" + name,
Data: tokenClaims,
Check: func(resp *logical.Response) error {
var d struct {
JTI string `mapstructure:"jti"`
Token string `mapstructure:"token"`
}
if err := mapstructure.Decode(resp.Data, &d); err != nil {
return err
}
if d.Token == "" {
return fmt.Errorf("missing token")
}
token, err := jwt.Parse(d.Token, func(token *jwt.Token) (interface{}, error) {
return token, nil
})
if err != nil {
return fmt.Errorf("error parsing token")
}
if d.JTI != token.Claims["jti"] {
return fmt.Errorf("bad: %#v", d)
}
if token.Claims["ran"] != "random" {
return fmt.Errorf("bad: %#v", d)
}
if defaults == true {
if token.Claims["sub"] != "Test Default Subject" {
return fmt.Errorf("bad: %#v", d)
}
if token.Claims["aud"] != "Test Default Audience" {
return fmt.Errorf("bad: %#v", d)
}
if token.Claims["iss"] != "Test Default Issuer" {
return fmt.Errorf("bad: %#v", d)
}
}
return nil
},
}
}
Reference in a new issue View git blame Copy permalink