Use reference test data for signature unit tests

Author: khanh.nguyen

signature/claims.go

@@ -42,26 +42,28 @@ func (c Claims) Valid() error {
 	}
 
 	if iat := time.Unix(c.IssuedAt, int64(c.receivedTime.Nanosecond())).Add(-maxSkew); c.receivedTime.Before(iat) {
-		errs = append(errs, "iat is in the future")
+		errs = append(errs, "claim iat is in the future")
 	}
 
 	if exp := time.Unix(c.ExpirationTime, int64(c.receivedTime.Nanosecond())).Add(maxSkew); c.receivedTime.After(exp) {
-		errs = append(errs, "exp is in the past")
+		errs = append(errs, "claim exp is in the past")
 	}
 
 	if c.JWTID == "" {
-		errs = append(errs, "jti is empty or missing")
+		errs = append(errs, "claim jti is empty or missing")
 	}
 
 	if c.correctURLHash != c.URLHash {
-		errs = append(errs, "url_hash is invalid")
+		errs = append(errs, "claim url_hash is invalid")
 	}
 
 	switch {
 	case c.correctPayloadHash == "" && c.PayloadHash != "":
-		errs = append(errs, "payload_hash was set; expected no payload value")
-	case c.correctPayloadHash != "" && c.correctPayloadHash != c.PayloadHash:
-		errs = append(errs, "payload_hash is invalid")
+		errs = append(errs, "claim payload_hash is set but actual payload is missing")
+	case c.correctPayloadHash != "" && c.PayloadHash == "":
+		errs = append(errs, "claim payload_hash is not set but payload is present")
+	case c.correctPayloadHash != c.PayloadHash:
+		errs = append(errs, "claim payload_hash is invalid")
 	}
 
 	if len(errs) == 0 {

signature/signature_test.go

@@ -1,11 +1,13 @@
 package signature
 
 import (
+	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"
 
+	"github.com/messagebird/go-rest-api/v7/internal/mbtest"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -84,101 +86,36 @@ func TestValidate(t *testing.T) {
 }
 
 func TestValidSignature(t *testing.T) {
-	var cases = []struct {
-		name           string
-		requestParams  string
-		requestPayload string
-		receivedAt     string
-		signature      string
-		wantErr        string
-	}{
-		{
-			name:       "valid with no params/body",
-			receivedAt: "2021-07-05T12:00:00+02:00",
-			signature:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiI1OWEyNDRkYy1lOWFkLTRlMjMtOTc3OC0zNzFmYWEyMzhmNzIiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDcifQ.SrhlKJ-ES4Dg8BBXKtop3u92Z_k4L4VjHKsyHWpweGE",
-		},
-		{
-			name:          "valid with params and without body",
-			requestParams: "/path?bar=1&foo=2",
-			receivedAt:    "2021-07-05T12:00:00+02:00",
-			signature:     "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiJjOTQ2YWY3Ny1lMTgyLTRlYWEtYjJmZi0xYTU0NWI1ZTk5MWEiLCJ1cmxfaGFzaCI6IjQxZjA1ZjBkZGQwYTIyYWIyMDlhYzQ2ZjQ3YzQ1NzJkOWNlZmEyNTdlZDc0YjI0MDA0YmFlNzUzZWNlNmMyNjAifQ.wUeGukU50HcPIr8d-zcCpttlGnPE-W57ujVb36AbAYw",
-		},
-		{
-			name:           "valid with params and body",
-			requestParams:  "/path?bar=1&foo=2",
-			requestPayload: "Hello, World!",
-			receivedAt:     "2021-07-05T12:00:00+02:00",
-			signature:      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiI5M2U1NTAwNi1hMGU4LTQ1MjYtYTE5MC1mYTVmZjAwZWExMTYiLCJ1cmxfaGFzaCI6IjQxZjA1ZjBkZGQwYTIyYWIyMDlhYzQ2ZjQ3YzQ1NzJkOWNlZmEyNTdlZDc0YjI0MDA0YmFlNzUzZWNlNmMyNjAiLCJwYXlsb2FkX2hhc2giOiJkZmZkNjAyMWJiMmJkNWIwYWY2NzYyOTA4MDllYzNhNTMxOTFkZDgxYzdmNzBhNGIyODY4OGEzNjIxODI5ODZmIn0.K6HyLDRdYgQBKN2tBcu0dOSxsfb_lOLaWby3un4rxIc",
-		},
-		{
-			name:       "invalid token received before it is issued",
-			receivedAt: "2021-07-05T12:00:00+02:00",
-			signature:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ4MjgwMCwiZXhwIjoxNjI1NDgyODYwLCJqdGkiOiJmOWY4YzM4Mi0yNDQ5LTQzMTEtYjcyYi0xZGY3MTY4NzkzMWUiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDcifQ._59NNTg0j5YVXCRHgyeJAj8n6rTg1gwTh_I_coe7RDQ",
-			wantErr:    "invalid jwt: iat is in the future",
-		},
-		{
-			name:       "invalid token received after it is expired",
-			receivedAt: "2021-07-05T12:00:00+02:00",
-			signature:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3NTYwMCwiZXhwIjoxNjI1NDc1NjYwLCJqdGkiOiI1ZjAyZjUyMi02MDMwLTQ2YzgtYjVhMy0wMTI0NjQ3OGQ4YmMiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDcifQ.iGUCLsYVQG4iYWe2MkRoLQBBMzq7p_bLy4u0mhC3Jfc",
-			wantErr:    "invalid jwt: exp is in the past",
-		},
-		{
-			name:          "invalid token received on different URL",
-			requestParams: "/path?bar=1&foo=2",
-			receivedAt:    "2021-07-05T12:00:00+02:00",
-			signature:     "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiJhNzVjOTA5Ni1lODIzLTQ0MmItODVmMi03ZDNjOWQ5YjcyNmIiLCJ1cmxfaGFzaCI6IjlmZGExZmNkYzc0YjEwMzUzNjhlNWY2NjhmNTdjOTFlOTk0MTJmZjU5Y2YwM2E0NmNlYjk1YWVhNWU2YjU4ZmQifQ.G4lpxrDOxZs75G1vIJ6J1jVbYS19tx2yq-lkIE-oETY",
-			wantErr:       "invalid jwt: url_hash is invalid",
-		},
-
-		{
-			name:           "invalid payload not match",
-			requestPayload: "Hello, World!",
-			receivedAt:     "2021-07-05T12:00:00+02:00",
-			signature:      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiIxNDUwMTUzMi05NmYyLTQ2ODQtOTgzMi02OGYwOTUxYWUzNDIiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDciLCJwYXlsb2FkX2hhc2giOiIzMjRjYzA2N2IyNTdlZGEwYmNiZDljOGQ4MTgwNzdhMDlhOTU2OGMwZDRjYTA2MDM4ZGVkOGZhZGRmODEzZmQ2In0.rQqiANogDOMafgg_B6p362PuhInAro9lMm2j_vruBA0",
-			wantErr:        "invalid jwt: payload_hash is invalid",
-		},
-
-		{
-			name:       "invalid signature key",
-			receivedAt: "2021-07-05T12:00:00+02:00",
-			signature:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiIyNDNjMjdhZS0yZjAyLTQ2YTAtODg1Mi1jNjZmMzdlYTlmNDYiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDcifQ._Uwf4HMtfAT6jvbBbh85Q9TunX0QlsXoaLGKX0I4VDg",
-			wantErr:    "invalid jwt: signature is invalid",
-		},
-
-		{
-			name:       "invalid missing payload",
-			receivedAt: "2021-07-05T12:00:00+02:00",
-			signature:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiIxNDUwMTUzMi05NmYyLTQ2ODQtOTgzMi02OGYwOTUxYWUzNDIiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDciLCJwYXlsb2FkX2hhc2giOiIzMjRjYzA2N2IyNTdlZGEwYmNiZDljOGQ4MTgwNzdhMDlhOTU2OGMwZDRjYTA2MDM4ZGVkOGZhZGRmODEzZmQ2In0.rQqiANogDOMafgg_B6p362PuhInAro9lMm2j_vruBA0",
-			wantErr:    "invalid jwt: payload_hash was set; expected no payload value",
-		},
-
-		{
-			name:           "invalid unexpected payload",
-			requestPayload: "Hello, World!",
-			receivedAt:     "2021-07-05T12:00:00+02:00",
-			signature:      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNZXNzYWdlQmlyZCIsImlhdCI6MTYyNTQ3OTIwMCwiZXhwIjoxNjI1NDc5MjYwLCJqdGkiOiI1OWEyNDRkYy1lOWFkLTRlMjMtOTc3OC0zNzFmYWEyMzhmNzIiLCJ1cmxfaGFzaCI6IjBmMTE1ZGIwNjJiN2MwZGQwMzBiMTY4NzhjOTlkZWE1YzM1NGI0OWRjMzdiMzhlYjg4NDYxNzljNzc4M2U5ZDcifQ.SrhlKJ-ES4Dg8BBXKtop3u92Z_k4L4VjHKsyHWpweGE",
-			wantErr:        "invalid jwt: payload_hash is invalid",
-		},
+	testData := mbtest.Testdata(t, "reference.json")
+
+	var tcs []struct {
+		Name      string `json:"name"`
+		Method    string `json:"method"`
+		Secret    string `json:"secret"`
+		Url       string `json:"url"`
+		Payload   string `json:"payload"`
+		Timestamp string `json:"timestamp"`
+		Token     string `json:"token"`
+		Outcome   string `json:"outcome"`
+	}
+	if err := json.Unmarshal(testData, &tcs); err != nil {
+		assert.NoError(t, err)
 	}
 
-	for _, test := range cases {
-		t.Run(test.name, func(t *testing.T) {
+	for _, tc := range tcs {
+		t.Run(tc.Name, func(t *testing.T) {
 			TimeFunc = func() time.Time {
-				r, _ := time.Parse(time.RFC3339, test.receivedAt)
+				r, _ := time.Parse(time.RFC3339, tc.Timestamp)
 				return r
 			}
 
 			v := NewValidator(testSecret)
-			reqUrl := testBaseUrl + test.requestParams
-			if test.requestParams == "" {
-				reqUrl += "/"
-			}
-			err := v.ValidSignature(test.signature, reqUrl, []byte(test.requestPayload))
-			if test.wantErr == "" {
+			err := v.ValidSignature(tc.Token, tc.Url, []byte(tc.Payload))
+			if tc.Outcome == "valid" {
 				assert.NoError(t, err)
 				return
 			}
-			assert.EqualError(t, err, test.wantErr)
+			assert.EqualError(t, err, tc.Outcome)
 		})
 	}
 }