65 lines
1.3 KiB
Go
65 lines
1.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestSignAndVerify(t *testing.T) {
|
|
svc := New("test-secret")
|
|
|
|
token, err := svc.Sign("user42")
|
|
if err != nil {
|
|
t.Fatalf("Sign: %v", err)
|
|
}
|
|
if token == "" {
|
|
t.Fatal("expected non-empty token")
|
|
}
|
|
|
|
claims, err := svc.Verify(token)
|
|
if err != nil {
|
|
t.Fatalf("Verify: %v", err)
|
|
}
|
|
if claims.UserID != "user42" {
|
|
t.Errorf("expected UserID 'user42', got %q", claims.UserID)
|
|
}
|
|
if claims.ExpiresAt == nil || claims.ExpiresAt.Before(time.Now()) {
|
|
t.Error("token should not be expired")
|
|
}
|
|
}
|
|
|
|
func TestVerify_InvalidToken(t *testing.T) {
|
|
svc := New("test-secret")
|
|
_, err := svc.Verify("not.a.valid.token")
|
|
if err == nil {
|
|
t.Fatal("expected error for invalid token")
|
|
}
|
|
}
|
|
|
|
func TestVerify_WrongSecret(t *testing.T) {
|
|
svc1 := New("secret-a")
|
|
svc2 := New("secret-b")
|
|
|
|
token, err := svc1.Sign("user1")
|
|
if err != nil {
|
|
t.Fatalf("Sign: %v", err)
|
|
}
|
|
|
|
_, err = svc2.Verify(token)
|
|
if err == nil {
|
|
t.Fatal("expected error when verifying with different secret")
|
|
}
|
|
}
|
|
|
|
func TestVerify_TamperedToken(t *testing.T) {
|
|
svc := New("test-secret")
|
|
token, _ := svc.Sign("admin")
|
|
|
|
// Append garbage to corrupt the signature.
|
|
tampered := token + "x"
|
|
_, err := svc.Verify(tampered)
|
|
if err == nil {
|
|
t.Fatal("expected error for tampered token")
|
|
}
|
|
}
|