From d6a9988eae35897ef79ab9467f1f224507ce154a Mon Sep 17 00:00:00 2001 From: Umputun Date: Tue, 1 Jan 2019 18:27:12 -0600 Subject: [PATCH] fix test for failed token refresh --- middleware/auth_test.go | 36 ++++++++++++++++++++++++++---------- token/jwt.go | 4 ++++ 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/middleware/auth_test.go b/middleware/auth_test.go index d2a4efce..882e7c99 100644 --- a/middleware/auth_test.go +++ b/middleware/auth_test.go @@ -11,6 +11,7 @@ import ( "github.com/go-pkgz/auth/logger" "github.com/go-pkgz/auth/token" + "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -76,7 +77,7 @@ func TestAuthJWTCookie(t *testing.T) { func TestAuthJWTHeader(t *testing.T) { a := makeTestAuth(t) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() client := &http.Client{Timeout: 5 * time.Second} @@ -97,7 +98,7 @@ func TestAuthJWTHeader(t *testing.T) { func TestAuthJWTRefresh(t *testing.T) { a := makeTestAuth(t) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() jar, err := cookiejar.New(nil) @@ -124,21 +125,36 @@ func TestAuthJWTRefresh(t *testing.T) { } +type badJwtService struct { + *token.Service +} + +func (b *badJwtService) Set(w http.ResponseWriter, claims token.Claims) error { + return errors.New("jwt set fake error") +} + func TestAuthJWTRefreshFailed(t *testing.T) { + a := makeTestAuth(t) - a.Validator = token.ValidatorFunc(func(token string, claims token.Claims) bool { return false }) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() jar, err := cookiejar.New(nil) require.Nil(t, err) client := &http.Client{Jar: jar, Timeout: 5 * time.Second} - req, err := http.NewRequest("GET", server.URL+"/auth", nil) require.NoError(t, err) req.Header.Add("X-JWT", testJwtExpired) resp, err := client.Do(req) require.NoError(t, err) + assert.Equal(t, 201, resp.StatusCode, "token expired and refreshed") + + a.JWTService = &badJwtService{Service: a.JWTService.(*token.Service)} + req, err = http.NewRequest("GET", server.URL+"/auth", nil) + require.NoError(t, err) + req.Header.Add("X-JWT", testJwtExpired) + resp, err = client.Do(req) + require.NoError(t, err) defer resp.Body.Close() assert.Equal(t, 401, resp.StatusCode) @@ -150,7 +166,7 @@ func TestAuthJWTRefreshFailed(t *testing.T) { func TestAuthJWtBlocked(t *testing.T) { a := makeTestAuth(t) a.Validator = token.ValidatorFunc(func(token string, claims token.Claims) bool { return false }) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() jar, err := cookiejar.New(nil) @@ -166,7 +182,7 @@ func TestAuthJWtBlocked(t *testing.T) { func TestAuthJWtWithHandshake(t *testing.T) { a := makeTestAuth(t) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() jar, err := cookiejar.New(nil) @@ -182,7 +198,7 @@ func TestAuthJWtWithHandshake(t *testing.T) { func TestAuthWithBasic(t *testing.T) { a := makeTestAuth(t) - server := httptest.NewServer(makeTestMux(t, a, true)) + server := httptest.NewServer(makeTestMux(t, &a, true)) defer server.Close() client := &http.Client{Timeout: 1 * time.Second} @@ -203,7 +219,7 @@ func TestAuthWithBasic(t *testing.T) { func TestAuthNotRequired(t *testing.T) { a := makeTestAuth(t) - server := httptest.NewServer(makeTestMux(t, a, false)) + server := httptest.NewServer(makeTestMux(t, &a, false)) defer server.Close() client := &http.Client{Timeout: 1 * time.Second} @@ -256,7 +272,7 @@ func TestAdminRequired(t *testing.T) { assert.Equal(t, 403, resp.StatusCode, "valid token user, not admin") } -func makeTestMux(t *testing.T, a Authenticator, required bool) http.Handler { +func makeTestMux(t *testing.T, a *Authenticator, required bool) http.Handler { mux := http.NewServeMux() authMiddleware := a.Auth if !required { diff --git a/token/jwt.go b/token/jwt.go index c27cae2c..13ae2b4d 100644 --- a/token/jwt.go +++ b/token/jwt.go @@ -134,6 +134,10 @@ func (j *Service) Parse(tokenString string) (Claims, error) { return Claims{}, errors.Wrap(err, "failed to get aud from token token") } + if j.SecretReader == nil { + return Claims{}, errors.New("secretreader not defined") + } + secret, err := j.SecretReader.Get(aud) if err != nil { return Claims{}, errors.Wrap(err, "can't get secret")