Merge pull request #4 from mgrzybek/master

fcomte · web-flow · commit 66d150539600 · 2021-09-06T13:39:53.000+02:00
Issue #3: add a test against GetID
diff --git a/utils/oidc.go b/utils/oidc.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"strings"
+	"regexp"
 )
 
 type ID struct {
@@ -51,11 +52,21 @@ func stripCtlFromUTF8(str string) string {
 }
 
 func GetID(tokenString string) ID {
+	if ( validateTokenstring(tokenString) == false ) {
+		panic("Given token string is not valid.")
+	}
+
 	dataString := strings.Split(tokenString, ".")[1]
 	data, _ := base64.RawStdEncoding.DecodeString(dataString)
+
 	var id ID
 	if err := json.Unmarshal((data), &id); err != nil {
 		panic(err)
 	}
 	return id
-}
+}
+
+func validateTokenstring(tokenString string) bool {
+	matched, err := regexp.MatchString(`^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$`, tokenString)
+	return ( err == nil && matched == true )
+}
diff --git a/utils/oidc_test.go b/utils/oidc_test.go
@@ -0,0 +1,18 @@
+package utils
+
+import (
+	"testing"
+)
+
+const (
+	VALID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhUONCSzhYRC1od1gtMWJFbjdZZDRLS0tWS6hYRy03RHg3STZDaVZZWUtRIn0.eyJleHAiOjE2Mjg1MTMxNjMsImlhdCI6MTYyNzkxMTczOCwiYXV0aF90aW1lIjoxNjI3OTA4MzYzLCJqdGkiOiI0NGIxNWE3MC02ODU5LTRjZDItYjg5NS1kMjk0MWM0ZmFiZWIiLCJpc3MiOiJodHRwczovL2F1dGgubGFiLnNzcGNsb3VkLmZyL2F1dGgvcmVhbG1zL3NzcGNsb3VkIiwiYXVkIjpbIm9ueXhpYSIsIm1pbmlvLXRlc3QiLCJhY2NvdW50Il0sInN1YiI6IjUyYmVmNWU2LTE2YjktNDJkZC1hNGI3LWVmODhlYjUzZmY3MiIsInR5cCI6IkJlYXJlciIsImF6cCI6Im9ueXhpYSIsIm5vbmNlIjoiYzI1YmFlMzEtMmU3Mi00MjRjLTg3NWYtODVkNjgwYWVkMjY0Iiwic2Vzc2lvbl9zdGF0ZSI6IjY1ZmQwNzNlLThlZjEtNDA3Zi05YmY3LWMzOTVhYmJmYjMwMyIsImFjciI6IjAiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZ3JvdXBzIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJNYXRoaWV1IEdyenliZWsiLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtZ3J6eWJlayIsImdpdmVuX25hbWUiOiJNYXRoaWV1IiwiZmFtaWx5X25hbWUiOiJHcnp5YmVrIiwiZW1haWwiOiJtYXRoaWV1LmdyenliZWtAanVzdGljZS5nb3V2LmZyIiwicG9saWN5Ijoic3Rzb25seSJ9.arqzNJ1aptbUMg4noMVBzf2mnX-9pePNcn2HJ31XzAJR-2rxTsyJNrHe0Nj7-GXW31moAA4zNIZT1hyhlfr3wA7tNTeCgZCMtA2uWUPanwpmnW9ria4xvPV98h-YFOQ8TEaAHRDieAYZk6jMgBleXu14wgy13uMyHu1IQ-9NwM3Du6KBB1rY3T3uIhJxi5dUG0M-YgTHLwHNRsZMKknCW8fVxEAQjf6hOh_KZrHVrnCo0Go1sVP9fjxgkmqdQ_x5zC8jDIU-pJiPnIV5F-R3FHnP7tmNADjKFL-QUjdbHdMZvlWc6dbJb6GokcObmTUf5sUpoX5XKlCYOpVP5TSY4w"
+)
+
+func TestBadID(t *testing.T) {
+	defer func() { if r := recover(); r == nil { panic("Valid token detected, should have been invalid.") } }()
+	GetID("bullshit")
+}
+
+func TestCorrectID(t *testing.T) {
+	GetID(VALID_TOKEN)
+}
