forked from mandiant/gocrack
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthentication_test.go
More file actions
146 lines (126 loc) · 3.64 KB
/
authentication_test.go
File metadata and controls
146 lines (126 loc) · 3.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
package authentication
import (
"strings"
"testing"
"time"
test "github.com/fireeye/gocrack/server/authentication/test"
"github.com/fireeye/gocrack/server/storage"
"github.com/fireeye/gocrack/shared"
"github.com/stretchr/testify/assert"
)
var testSecretKey = "aw3som3_Security!@"
func TestConfigValidation(t *testing.T) {
for _, test := range []struct {
cfg *AuthSettings
ExpectedError error
}{
// Valid with default expiration
{
cfg: &AuthSettings{
Backend: "database",
SecretKey: &testSecretKey,
},
},
// Valid with user set token duration
{
cfg: &AuthSettings{
Backend: "database",
SecretKey: &testSecretKey,
TokenExpiry: &shared.HumanDuration{Duration: 1 * time.Hour},
},
},
// Invalid with negative token expiry
{
cfg: &AuthSettings{
Backend: "database",
SecretKey: &testSecretKey,
TokenExpiry: &shared.HumanDuration{Duration: -1 * time.Hour},
},
ExpectedError: errTokenExpiryNegative,
},
// Invalid with no backend
{
cfg: &AuthSettings{
Backend: "",
SecretKey: &testSecretKey,
TokenExpiry: &shared.HumanDuration{Duration: 1 * time.Hour},
},
ExpectedError: errNoBackend,
},
// Invalid secret key
{
cfg: &AuthSettings{
Backend: "database",
SecretKey: nil,
TokenExpiry: &shared.HumanDuration{Duration: 1 * time.Hour},
},
ExpectedError: errSecretKeyBad,
},
} {
err := test.cfg.Validate()
assert.Equal(t, test.ExpectedError, err)
}
}
func TestAuthWrapper_Login(t *testing.T) {
fakedb := test.NewFakeDatabase()
dbauth := test.NewFakeAuthProv(fakedb)
dbauth.CreateUser(storage.User{
UserUUID: "013337-deadbeef",
Username: "test_user",
Password: "myawesomepassword",
})
wrapper := WrapProvider(dbauth, AuthSettings{
SecretKey: &testSecretKey,
TokenExpiry: &DefaultTokenExpiry,
})
claim, err := wrapper.Login("test_user", "myawesomepassword", true)
assert.Nil(t, err)
assert.True(t, strings.Contains(claim, "."))
claim, err = wrapper.Login("test_user", "no", true)
assert.NotNil(t, err)
assert.Empty(t, claim)
}
func TestAuthWrapper_VerifyClaim(t *testing.T) {
fakedb := test.NewFakeDatabase()
dbauth := test.NewFakeAuthProv(fakedb)
dbauth.CreateUser(storage.User{
UserUUID: "013337-deadbeef",
Username: "test_user",
Password: "myawesomepassword",
})
wrapper := WrapProvider(dbauth, AuthSettings{
SecretKey: &testSecretKey,
TokenExpiry: &DefaultTokenExpiry,
})
rawClaim, err := wrapper.Login("test_user", "myawesomepassword", true)
assert.Nil(t, err)
assert.NotEmpty(t, rawClaim)
parsedClaim, err := wrapper.VerifyClaim(rawClaim, "gocrack")
assert.Nil(t, err)
assert.Equal(t, "test_user", parsedClaim.Username)
assert.Equal(t, "013337-deadbeef", parsedClaim.UserUUID)
// Validate a missing audience
parsedClaim, err = wrapper.VerifyClaim(rawClaim, "gocrack", "NotAValidAudience")
assert.EqualError(t, err, "missing aud `NotAValidAudience` in claim")
assert.Nil(t, parsedClaim)
}
func TestAuthWrapper_VerifyExpiredClaim(t *testing.T) {
fakedb := test.NewFakeDatabase()
dbauth := test.NewFakeAuthProv(fakedb)
dbauth.CreateUser(storage.User{
UserUUID: "013337-deadbeef",
Username: "test_user",
Password: "myawesomepassword",
})
wrapper := WrapProvider(dbauth, AuthSettings{
SecretKey: &testSecretKey,
TokenExpiry: &shared.HumanDuration{Duration: -2 * time.Minute},
})
rawClaim, err := wrapper.Login("test_user", "myawesomepassword", true)
assert.Nil(t, err)
assert.NotEmpty(t, rawClaim)
parsedClaim, err := wrapper.VerifyClaim(rawClaim, "gocrack")
assert.NotNil(t, err)
assert.EqualError(t, err, "authentication has expired")
assert.Nil(t, parsedClaim)
}