128 lines
2.7 KiB
Go
128 lines
2.7 KiB
Go
package oidc_test
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
|
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestParseToken(t *testing.T) {
|
|
token, wantClaims := tu.ValidIDToken()
|
|
wantClaims.SignatureAlg = "" // unset, because is not part of the JSON payload
|
|
|
|
wantPayload, err := json.Marshal(wantClaims)
|
|
require.NoError(t, err)
|
|
|
|
tests := []struct {
|
|
name string
|
|
tokenString string
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "split error",
|
|
tokenString: "nope",
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "base64 error",
|
|
tokenString: "foo.~.bar",
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "success",
|
|
tokenString: token,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
gotClaims := new(oidc.IDTokenClaims)
|
|
gotPayload, err := oidc.ParseToken(tt.tokenString, gotClaims)
|
|
if tt.wantErr {
|
|
assert.Error(t, err)
|
|
return
|
|
}
|
|
require.NoError(t, err)
|
|
assert.Equal(t, wantClaims, gotClaims)
|
|
assert.JSONEq(t, string(wantPayload), string(gotPayload))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCheckSignature(t *testing.T) {
|
|
errCtx, cancel := context.WithCancel(context.Background())
|
|
cancel()
|
|
|
|
token, _ := tu.ValidIDToken()
|
|
payload, err := oidc.ParseToken(token, &oidc.IDTokenClaims{})
|
|
require.NoError(t, err)
|
|
|
|
type args struct {
|
|
ctx context.Context
|
|
token string
|
|
payload []byte
|
|
supportedSigAlgs []string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
wantErr error
|
|
}{
|
|
{
|
|
name: "parse error",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: "~",
|
|
payload: payload,
|
|
},
|
|
wantErr: oidc.ErrParse,
|
|
},
|
|
{
|
|
name: "default sigAlg",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: token,
|
|
payload: payload,
|
|
},
|
|
},
|
|
{
|
|
name: "unsupported sigAlg",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: token,
|
|
payload: payload,
|
|
supportedSigAlgs: []string{"foo", "bar"},
|
|
},
|
|
wantErr: oidc.ErrSignatureUnsupportedAlg,
|
|
},
|
|
{
|
|
name: "verify error",
|
|
args: args{
|
|
ctx: errCtx,
|
|
token: token,
|
|
payload: payload,
|
|
},
|
|
wantErr: oidc.ErrSignatureInvalid,
|
|
},
|
|
{
|
|
name: "inequal payloads",
|
|
args: args{
|
|
ctx: context.Background(),
|
|
token: token,
|
|
payload: []byte{0, 1, 2},
|
|
},
|
|
wantErr: oidc.ErrSignatureInvalidPayload,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
claims := new(oidc.TokenClaims)
|
|
err := oidc.CheckSignature(tt.args.ctx, tt.args.token, tt.args.payload, claims, tt.args.supportedSigAlgs, tu.KeySet{})
|
|
assert.ErrorIs(t, err, tt.wantErr)
|
|
})
|
|
}
|
|
}
|