Skip to content

Commit 329d9e7

Browse files
ndyakovndyakov
committed
improve testing
1 parent 3cce203 commit 329d9e7

File tree

3 files changed

+87
-3
lines changed

3 files changed

+87
-3
lines changed

entraid_test.go

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import (
1111
"github.com/stretchr/testify/mock"
1212
)
1313

14-
// testJWT token is a JWT token for testing
14+
// testJWTToken is a JWT token for testing
1515
//
1616
// {
1717
// "iss": "test jwt",
@@ -21,8 +21,37 @@ import (
2121
// "sub": "[email protected]",
2222
// "oid": "test"
2323
// }
24+
//
25+
// key: qwertyuiopasdfghjklzxcvbnm123456
2426
const testJWTtoken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ0ZXN0IGp3dCIsImlhdCI6MTc0MzUxNTAxMSwiZXhwIjoxNzc1MDUxMDExLCJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJ0ZXN0QHRlc3QuY29tIiwib2lkIjoidGVzdCJ9.6RG721V2eFlSLsCRmo53kSRRrTZIe1UPdLZCUEvIarU"
2527

28+
// testJWTExpiredToken is an expired JWT token for testing
29+
//
30+
// {
31+
// "iss": "test jwt",
32+
// "iat": 1617795148,
33+
// "exp": 1617795148,
34+
// "aud": "www.example.com",
35+
// "sub": "[email protected]",
36+
// "oid": "test"
37+
// }
38+
//
39+
// key: qwertyuiopasdfghjklzxcvbnm123456
40+
const testJWTExpiredToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ0ZXN0IGp3dCIsImlhdCI6MTYxNzc5NTE0OCwiZXhwIjoxNjE3Nzk1MTQ4LCJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJ0ZXN0QHRlc3QuY29tIiwib2lkIjoidGVzdCJ9.IbGPhHRiPYcpUDrhAPf4h3gH1XXBOu560NYT59rUMzc"
41+
42+
// testJWTWithZeroExpiryToken is a JWT token with zero expiry for testing
43+
//
44+
// {
45+
// "iss": "test jwt",
46+
// "iat": 1744025944,
47+
// "exp": null,
48+
// "aud": "www.example.com",
49+
// "sub": "[email protected]",
50+
// "oid": "test"
51+
// }
52+
// key: qwertyuiopasdfghjklzxcvbnm123456
53+
const testJWTWithZeroExpiryToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ0ZXN0IGp3dCIsImlhdCI6MTc0NDAyNTk0NCwiZXhwIjpudWxsLCJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJ0ZXN0QHRlc3QuY29tIiwib2lkIjoidGVzdCJ9.bLSANIzawE5Y6rgspvvUaRhkBq6Y4E0ggjXlmHRn8ew"
54+
2655
var testTokenValid = NewToken(
2756
"test",
2857
"password",

token_manager.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response IdentityPro
127127
username = claims.Oid
128128
password = rawToken
129129

130-
if expiresOn.IsZero() {
130+
if expiresOn.IsZero() && claims.ExpiresAt != nil {
131131
expiresOn = claims.ExpiresAt.Time
132132
}
133133

@@ -146,7 +146,7 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response IdentityPro
146146
}
147147

148148
if time.Until(expiresOn) < MinTokenTTL {
149-
return nil, fmt.Errorf("expires on is less than minimum token TTL which is %d", MinTokenTTL)
149+
return nil, fmt.Errorf("expires on is less than minimum token TTL which is %s", MinTokenTTL)
150150
}
151151
// parse token as jwt token and get claims
152152

token_manager_test.go

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -423,6 +423,22 @@ func TestDefaultIdentityProviderResponseParser(t *testing.T) {
423423
assert.NotNil(t, token)
424424
})
425425

426+
t.Run("Default IdentityProviderResponseParser with expired JWT Token", func(t *testing.T) {
427+
idpResponse, err := NewIDPResponse(ResponseTypeRawToken, testJWTExpiredToken)
428+
assert.NoError(t, err)
429+
token, err := parser.ParseResponse(idpResponse)
430+
assert.Error(t, err)
431+
assert.Nil(t, token)
432+
})
433+
434+
t.Run("Default IdentityProviderResponseParser with zero expiry JWT Token", func(t *testing.T) {
435+
idpResponse, err := NewIDPResponse(ResponseTypeRawToken, testJWTWithZeroExpiryToken)
436+
assert.NoError(t, err)
437+
token, err := parser.ParseResponse(idpResponse)
438+
assert.Error(t, err)
439+
assert.Nil(t, token)
440+
})
441+
426442
t.Run("NewIDPResponse with type Unknown", func(t *testing.T) {
427443
idpResponse, err := NewIDPResponse("Unknown", testJWTtoken)
428444
assert.Error(t, err)
@@ -567,3 +583,42 @@ func TestEntraidTokenManager_GetToken(t *testing.T) {
567583

568584
})
569585
}
586+
587+
func TestEntraidTokenManager_durationToRenewal(t *testing.T) {
588+
// Test the durationToRenewal function
589+
t.Parallel()
590+
t.Run("durationToRenewal", func(t *testing.T) {
591+
idp := &mockIdentityProvider{}
592+
tokenManager, err := NewTokenManager(idp, TokenManagerOptions{
593+
LowerRefreshBoundMs: 1000 * 60 * 60, // 1 hour
594+
595+
})
596+
assert.NoError(t, err)
597+
assert.NotNil(t, tokenManager)
598+
tm, ok := tokenManager.(*entraidTokenManager)
599+
assert.True(t, ok)
600+
601+
result := tm.durationToRenewal()
602+
// returns 0 for nil token
603+
assert.Equal(t, time.Duration(0), result)
604+
605+
// get token that expires before the lower bound
606+
assert.NotPanics(t, func() {
607+
expiresSoon := &public.AuthResult{
608+
ExpiresOn: time.Now().Add(time.Duration(tm.lowerBoundDuration) - time.Minute).UTC(),
609+
}
610+
idpResponse, err := NewIDPResponse(ResponseTypeAuthResult,
611+
expiresSoon)
612+
assert.NoError(t, err)
613+
idp.On("RequestToken").Return(idpResponse, nil)
614+
615+
_, err = tm.GetToken()
616+
assert.NoError(t, err)
617+
assert.NotNil(t, tm.token)
618+
})
619+
620+
// return the lower bound
621+
result = tm.durationToRenewal()
622+
assert.Equal(t, tm.lowerBoundDuration, result)
623+
})
624+
}

0 commit comments

Comments
 (0)