Skip to content

Commit dd41fa0

Browse files
corbadomancorbadoman
authored
Merge pull request #45 from corbado/44-extend-jwt-unit-tests
Extended JWT unit tests
2 parents f3023a0 + eae30f8 commit dd41fa0

File tree

1 file changed

+41
-16
lines changed

1 file changed

+41
-16
lines changed

tests/unit/session/session_test.go

Lines changed: 41 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@ import (
2525
"github.com/corbado/corbado-go/v2/pkg/generated/api"
2626
)
2727

28-
func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey) string {
29-
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
28+
func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey, method jwt.SigningMethod) string {
29+
token := jwt.NewWithClaims(method, jwt.MapClaims{
3030
"iss": iss,
3131
"iat": time.Now().Unix(),
3232
"exp": exp,
@@ -40,7 +40,14 @@ func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey) string
4040

4141
token.Header["kid"] = "kid123"
4242

43-
tokenString, err := token.SignedString(privateKey)
43+
var key any
44+
if method == jwt.SigningMethodNone {
45+
key = jwt.UnsafeAllowNoneSignatureType
46+
} else {
47+
key = privateKey
48+
}
49+
50+
tokenString, err := token.SignedString(key)
4451
if err != nil {
4552
panic(err)
4653
}
@@ -170,64 +177,82 @@ func TestValidateToken(t *testing.T) {
170177
validationErrorCode: validationerror.CodeJWTInvalidSignature,
171178
success: false,
172179
},
180+
{
181+
name: "JWT with alg none",
182+
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
183+
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodNone),
184+
validationErrorCode: validationerror.CodeJWTGeneral,
185+
success: false,
186+
},
173187
{
174188
name: "JWT with invalid private key signed",
175189
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
176-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey),
190+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey, jwt.SigningMethodRS256),
177191
validationErrorCode: validationerror.CodeJWTInvalidSignature,
178192
success: false,
179193
},
180194
{
181-
name: "Not before (nbf) in future",
182-
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
183-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Add(100*time.Second).Unix(), validPrivateKey),
195+
name: "Not before (nbf) in future",
196+
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
197+
sessionToken: generateJWT(
198+
"https://pro-1.frontendapi.cloud.corbado.io",
199+
time.Now().Add(100*time.Second).Unix(),
200+
time.Now().Add(100*time.Second).Unix(),
201+
validPrivateKey,
202+
jwt.SigningMethodRS256,
203+
),
184204
validationErrorCode: validationerror.CodeJWTBefore,
185205
success: false,
186206
},
187207
{
188-
name: "Expired (exp)",
189-
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
190-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(-100*time.Second).Unix(), time.Now().Add(-100*time.Second).Unix(), validPrivateKey),
208+
name: "Expired (exp)",
209+
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
210+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io",
211+
time.Now().Add(-100*time.Second).Unix(),
212+
time.Now().Add(-100*time.Second).Unix(),
213+
validPrivateKey,
214+
jwt.SigningMethodRS256,
215+
),
191216
validationErrorCode: validationerror.CodeJWTExpired,
192217
success: false,
193218
},
194219
{
195220
name: "Empty issuer (iss)",
196221
issuer: "https://pro-1.frontendapi.corbado.io",
197-
sessionToken: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
222+
sessionToken: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
198223
validationErrorCode: validationerror.CodeJWTIssuerEmpty,
199224
success: false,
200225
},
201226
{
202227
name: "Invalid issuer 1 (iss)",
203228
issuer: "https://pro-1.frontendapi.corbado.io",
204-
sessionToken: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
229+
sessionToken: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
205230
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
206231
success: false,
207232
},
208233
{
209234
name: "Invalid issuer 2 (iss)",
210235
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
211-
sessionToken: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
236+
sessionToken: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
212237
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
213238
success: false,
214239
},
215240
{
216241
name: "Success with old Frontend API URL in JWT",
217242
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
218-
sessionToken: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
243+
sessionToken: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
219244
success: true,
220245
},
221246
{
222247
name: "Success with old Frontend API URL in config",
223248
issuer: "https://pro-1.frontendapi.corbado.io",
224-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
249+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
225250
success: true,
226251
},
227252
{
228253
name: "Success with CNAME",
229254
issuer: "https://auth.acme.com",
230-
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
255+
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
231256
success: true,
232257
},
233258
}

0 commit comments

Comments
 (0)