Skip to content

Commit fa60591

Browse files
corbadomancorbadoman
committed
Extended JWT unit tests
1 parent f3023a0 commit fa60591

File tree

1 file changed

+29
-12
lines changed

1 file changed

+29
-12
lines changed

tests/unit/session/session_test.go

Lines changed: 29 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"context"
55
"crypto/rsa"
66
"encoding/json"
7+
"fmt"
78
"io"
89
"net/http"
910
"net/http/httptest"
@@ -25,8 +26,8 @@ import (
2526
"github.com/corbado/corbado-go/v2/pkg/generated/api"
2627
)
2728

28-
func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey) string {
29-
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
29+
func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey, method jwt.SigningMethod) string {
30+
token := jwt.NewWithClaims(method, jwt.MapClaims{
3031
"iss": iss,
3132
"iat": time.Now().Unix(),
3233
"exp": exp,
@@ -40,7 +41,14 @@ func generateJWT(iss string, exp, nbf int64, privateKey *rsa.PrivateKey) string
4041

4142
token.Header["kid"] = "kid123"
4243

43-
tokenString, err := token.SignedString(privateKey)
44+
var key any
45+
if method == jwt.SigningMethodNone {
46+
key = jwt.UnsafeAllowNoneSignatureType
47+
} else {
48+
key = privateKey
49+
}
50+
51+
tokenString, err := token.SignedString(key)
4452
if err != nil {
4553
panic(err)
4654
}
@@ -170,64 +178,71 @@ func TestValidateToken(t *testing.T) {
170178
validationErrorCode: validationerror.CodeJWTInvalidSignature,
171179
success: false,
172180
},
181+
{
182+
name: "JWT with alg none",
183+
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
184+
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodNone),
185+
validationErrorCode: validationerror.CodeJWTGeneral,
186+
success: false,
187+
},
173188
{
174189
name: "JWT with invalid private key signed",
175190
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
176-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey),
191+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), invalidPrivateKey, jwt.SigningMethodRS256),
177192
validationErrorCode: validationerror.CodeJWTInvalidSignature,
178193
success: false,
179194
},
180195
{
181196
name: "Not before (nbf) in future",
182197
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
183-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Add(100*time.Second).Unix(), validPrivateKey),
198+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Add(100*time.Second).Unix(), validPrivateKey, jwt.SigningMethodRS256),
184199
validationErrorCode: validationerror.CodeJWTBefore,
185200
success: false,
186201
},
187202
{
188203
name: "Expired (exp)",
189204
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
190-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(-100*time.Second).Unix(), time.Now().Add(-100*time.Second).Unix(), validPrivateKey),
205+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(-100*time.Second).Unix(), time.Now().Add(-100*time.Second).Unix(), validPrivateKey, jwt.SigningMethodRS256),
191206
validationErrorCode: validationerror.CodeJWTExpired,
192207
success: false,
193208
},
194209
{
195210
name: "Empty issuer (iss)",
196211
issuer: "https://pro-1.frontendapi.corbado.io",
197-
sessionToken: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
212+
sessionToken: generateJWT("", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
198213
validationErrorCode: validationerror.CodeJWTIssuerEmpty,
199214
success: false,
200215
},
201216
{
202217
name: "Invalid issuer 1 (iss)",
203218
issuer: "https://pro-1.frontendapi.corbado.io",
204-
sessionToken: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
219+
sessionToken: generateJWT("https://pro-2.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
205220
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
206221
success: false,
207222
},
208223
{
209224
name: "Invalid issuer 2 (iss)",
210225
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
211-
sessionToken: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
226+
sessionToken: generateJWT("https://pro-2.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
212227
validationErrorCode: validationerror.CodeJWTIssuerMismatch,
213228
success: false,
214229
},
215230
{
216231
name: "Success with old Frontend API URL in JWT",
217232
issuer: "https://pro-1.frontendapi.cloud.corbado.io",
218-
sessionToken: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
233+
sessionToken: generateJWT("https://pro-1.frontendapi.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
219234
success: true,
220235
},
221236
{
222237
name: "Success with old Frontend API URL in config",
223238
issuer: "https://pro-1.frontendapi.corbado.io",
224-
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
239+
sessionToken: generateJWT("https://pro-1.frontendapi.cloud.corbado.io", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
225240
success: true,
226241
},
227242
{
228243
name: "Success with CNAME",
229244
issuer: "https://auth.acme.com",
230-
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey),
245+
sessionToken: generateJWT("https://auth.acme.com", time.Now().Add(100*time.Second).Unix(), time.Now().Unix(), validPrivateKey, jwt.SigningMethodRS256),
231246
success: true,
232247
},
233248
}
@@ -238,6 +253,8 @@ func TestValidateToken(t *testing.T) {
238253
require.NoError(t, err)
239254

240255
user, err := sessionSvc.ValidateToken(test.sessionToken)
256+
fmt.Println(user)
257+
fmt.Println(err)
241258

242259
if test.success {
243260
assert.NoError(t, err)

0 commit comments

Comments
 (0)