Mainflux.mainflux/authn/jwt/token_test.go

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0

package jwt_test

import (
	"fmt"
	"testing"
	"time"

	"github.com/mainflux/mainflux/authn"
	"github.com/mainflux/mainflux/authn/jwt"
	"github.com/mainflux/mainflux/pkg/errors"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

const secret = "test"

func key() authn.Key {
	exp := time.Now().UTC().Add(10 * time.Minute).Round(time.Second)
	return authn.Key{
		ID:        "id",
		Type:      authn.UserKey,
		Issuer:    "user@email.com",
		Secret:    "",
		IssuedAt:  time.Now().UTC().Add(-10 * time.Second).Round(time.Second),
		ExpiresAt: exp,
	}
}

func TestIssue(t *testing.T) {
	tokenizer := jwt.New(secret)

	emptyIssuer := key()
	emptyIssuer.Issuer = ""

	cases := []struct {
		desc string
		key  authn.Key
		err  error
	}{
		{
			desc: "issue new token",
			key:  key(),
			err:  nil,
		},
	}

	for _, tc := range cases {
		_, err := tokenizer.Issue(tc.key)
		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s, got %s", tc.desc, tc.err, err))
	}
}

func TestParse(t *testing.T) {
	tokenizer := jwt.New(secret)

	token, err := tokenizer.Issue(key())
	require.Nil(t, err, fmt.Sprintf("issuing key expected to succeed: %s", err))

	userKey := key()
	userKey.Type = authn.APIKey
	userKey.ExpiresAt = time.Now().UTC().Add(-1 * time.Minute).Round(time.Second)
	userToken, err := tokenizer.Issue(userKey)
	require.Nil(t, err, fmt.Sprintf("issuing user key expected to succeed: %s", err))

	expKey := key()
	expKey.ExpiresAt = time.Now().UTC().Add(-1 * time.Minute).Round(time.Second)
	expToken, err := tokenizer.Issue(expKey)
	require.Nil(t, err, fmt.Sprintf("issuing expired key expected to succeed: %s", err))

	cases := []struct {
		desc  string
		key   authn.Key
		token string
		err   error
	}{
		{
			desc:  "parse valid key",
			key:   key(),
			token: token,
			err:   nil,
		},
		{
			desc:  "parse ivalid key",
			key:   authn.Key{},
			token: "invalid",
			err:   authn.ErrUnauthorizedAccess,
		},

		{
			desc:  "parse expired key",
			key:   authn.Key{},
			token: expToken,
			err:   authn.ErrKeyExpired,
		},
		{
			desc:  "parse expired user key",
			key:   userKey,
			token: userToken,
			err:   nil,
		},
	}

	for _, tc := range cases {
		key, err := tokenizer.Parse(tc.token)
		assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s, got %s", tc.desc, tc.err, err))
		assert.Equal(t, tc.key, key, fmt.Sprintf("%s expected %v, got %v", tc.desc, tc.key, key))
	}
}
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 16:22:09 +01:00			`// Copyright (c) Mainflux`
			`// SPDX-License-Identifier: Apache-2.0`

			`package jwt_test`

			`import (`
			`"fmt"`
			`"testing"`
			`"time"`

			`"github.com/mainflux/mainflux/authn"`
			`"github.com/mainflux/mainflux/authn/jwt"`
MF-1190 - Add pkg for library packages (#1191) * Move messaging to pkg Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Move errors to pkg Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Move Transformers to pkg Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Move SDK to pkg Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Remove Transformers from root Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix make proto Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Add copyrights header Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix CI Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Move Auth client to pkg Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix dependencies Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Update dependencies and vendors Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix CI Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> 2020-06-03 15:16:19 +02:00			`"github.com/mainflux/mainflux/pkg/errors"`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 16:22:09 +01:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

			`const secret = "test"`

			`func key() authn.Key {`
			`exp := time.Now().UTC().Add(10 * time.Minute).Round(time.Second)`
			`return authn.Key{`
			`ID: "id",`
			`Type: authn.UserKey,`
			`Issuer: "user@email.com",`
			`Secret: "",`
			`IssuedAt: time.Now().UTC().Add(-10 * time.Second).Round(time.Second),`
			`ExpiresAt: exp,`
			`}`
			`}`

			`func TestIssue(t *testing.T) {`
			`tokenizer := jwt.New(secret)`

			`emptyIssuer := key()`
			`emptyIssuer.Issuer = ""`

			`cases := []struct {`
			`desc string`
			`key authn.Key`
			`err error`
			`}{`
			`{`
			`desc: "issue new token",`
			`key: key(),`
			`err: nil,`
			`},`
			`}`

			`for _, tc := range cases {`
			`_, err := tokenizer.Issue(tc.key)`
NOISSUE - Implement errors package in Authentication service (#1105) * Implement errors package in Authn service Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove imported and not used fmt package Signed-off-by: Ivan Milošević <iva@blokovi.com> * wrapped errors when issued new key Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove blank line Signed-off-by: Ivan Milošević <iva@blokovi.com> * Change error message in tests Remove nil case in encode error Signed-off-by: Ivan Milošević <iva@blokovi.com> * return back nil value error handling Signed-off-by: Ivan Milošević <iva@blokovi.com> 2020-04-10 17:43:42 +02:00			`assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s, got %s", tc.desc, tc.err, err))`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 16:22:09 +01:00			`}`
			`}`

			`func TestParse(t *testing.T) {`
			`tokenizer := jwt.New(secret)`

			`token, err := tokenizer.Issue(key())`
			`require.Nil(t, err, fmt.Sprintf("issuing key expected to succeed: %s", err))`

			`userKey := key()`
			`userKey.Type = authn.APIKey`
			`userKey.ExpiresAt = time.Now().UTC().Add(-1 * time.Minute).Round(time.Second)`
			`userToken, err := tokenizer.Issue(userKey)`
			`require.Nil(t, err, fmt.Sprintf("issuing user key expected to succeed: %s", err))`

			`expKey := key()`
			`expKey.ExpiresAt = time.Now().UTC().Add(-1 * time.Minute).Round(time.Second)`
			`expToken, err := tokenizer.Issue(expKey)`
			`require.Nil(t, err, fmt.Sprintf("issuing expired key expected to succeed: %s", err))`

			`cases := []struct {`
			`desc string`
			`key authn.Key`
			`token string`
			`err error`
			`}{`
			`{`
			`desc: "parse valid key",`
			`key: key(),`
			`token: token,`
			`err: nil,`
			`},`
			`{`
			`desc: "parse ivalid key",`
			`key: authn.Key{},`
			`token: "invalid",`
			`err: authn.ErrUnauthorizedAccess,`
			`},`

			`{`
			`desc: "parse expired key",`
			`key: authn.Key{},`
			`token: expToken,`
			`err: authn.ErrKeyExpired,`
			`},`
			`{`
			`desc: "parse expired user key",`
			`key: userKey,`
			`token: userToken,`
			`err: nil,`
			`},`
			`}`

			`for _, tc := range cases {`
			`key, err := tokenizer.Parse(tc.token)`
NOISSUE - Implement errors package in Authentication service (#1105) * Implement errors package in Authn service Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove imported and not used fmt package Signed-off-by: Ivan Milošević <iva@blokovi.com> * wrapped errors when issued new key Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove blank line Signed-off-by: Ivan Milošević <iva@blokovi.com> * Change error message in tests Remove nil case in encode error Signed-off-by: Ivan Milošević <iva@blokovi.com> * return back nil value error handling Signed-off-by: Ivan Milošević <iva@blokovi.com> 2020-04-10 17:43:42 +02:00			`assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s expected %s, got %s", tc.desc, tc.err, err))`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 16:22:09 +01:00			`assert.Equal(t, tc.key, key, fmt.Sprintf("%s expected %v, got %v", tc.desc, tc.key, key))`
			`}`
			`}`