diff options
Diffstat (limited to 'auth/extract_test.go')
-rw-r--r-- | auth/extract_test.go | 66 |
1 files changed, 6 insertions, 60 deletions
diff --git a/auth/extract_test.go b/auth/extract_test.go index 4274785c4..510fb1790 100644 --- a/auth/extract_test.go +++ b/auth/extract_test.go @@ -7,51 +7,8 @@ import ( "github.com/grpc-ecosystem/go-grpc-middleware/util/metautils" "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/status" ) -func TestCheckTokenV1(t *testing.T) { - secret := "secret 1234" - - testCases := []struct { - desc string - md metadata.MD - code codes.Code - }{ - { - desc: "ok", - md: credsMD(t, RPCCredentials(secret)), - code: codes.OK, - }, - { - desc: "denied", - md: credsMD(t, RPCCredentials("wrong secret")), - code: codes.PermissionDenied, - }, - { - desc: "invalid, not bearer", - md: credsMD(t, &invalidCreds{"foobar"}), - code: codes.Unauthenticated, - }, - { - desc: "invalid, bearer but not base64", - md: credsMD(t, &invalidCreds{"Bearer foo!!bar"}), - code: codes.Unauthenticated, - }, - } - - for _, tc := range testCases { - t.Run(tc.desc, func(t *testing.T) { - ctx := metadata.NewIncomingContext(context.Background(), tc.md) - err := CheckToken(ctx, secret, time.Now()) - require.Equal(t, tc.code, status.Code(err), "expected grpc code in error %v", err) - }) - } -} - func TestCheckTokenV2(t *testing.T) { targetTime := time.Unix(1535671600, 0) secret := []byte("foo") @@ -97,9 +54,14 @@ func TestCheckTokenV2(t *testing.T) { result: errDenied, }, { + desc: "Invalid token format", + token: "foo.bar", + result: errUnauthenticated, + }, + { desc: "Empty token", token: "", - result: errDenied, + result: errUnauthenticated, }, } @@ -113,19 +75,3 @@ func TestCheckTokenV2(t *testing.T) { }) } } - -func credsMD(t *testing.T, creds credentials.PerRPCCredentials) metadata.MD { - md, err := creds.GetRequestMetadata(context.Background()) - require.NoError(t, err) - return metadata.New(md) -} - -type invalidCreds struct { - authHeader string -} - -func (invalidCreds) RequireTransportSecurity() bool { return false } - -func (ic *invalidCreds) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { - return map[string]string{"authorization": ic.authHeader}, nil -} |