112 lines
2.5 KiB
Go
112 lines
2.5 KiB
Go
package internal
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
func TestSetSessionSetsCookieAndJWTClaims(t *testing.T) {
|
|
origKey := sessionKey
|
|
origSecure := cookieSecure
|
|
sessionKey = []byte("session-test-key")
|
|
cookieSecure = false
|
|
t.Cleanup(func() {
|
|
sessionKey = origKey
|
|
cookieSecure = origSecure
|
|
})
|
|
|
|
rr := httptest.NewRecorder()
|
|
if err := SetSession(rr, "brad", "jf-access"); err != nil {
|
|
t.Fatalf("SetSession failed: %v", err)
|
|
}
|
|
|
|
res := rr.Result()
|
|
defer res.Body.Close()
|
|
cookies := res.Cookies()
|
|
if len(cookies) != 1 {
|
|
t.Fatalf("expected one cookie, got %d", len(cookies))
|
|
}
|
|
c := cookies[0]
|
|
|
|
if c.Name != CookieName {
|
|
t.Fatalf("unexpected cookie name %q", c.Name)
|
|
}
|
|
if c.HttpOnly != true {
|
|
t.Fatalf("expected HttpOnly cookie")
|
|
}
|
|
if c.Path != "/" {
|
|
t.Fatalf("unexpected cookie path %q", c.Path)
|
|
}
|
|
if c.Secure {
|
|
t.Fatalf("expected insecure cookie when PEGASUS_COOKIE_INSECURE=1 behavior is enabled in test")
|
|
}
|
|
if c.SameSite != http.SameSiteLaxMode {
|
|
t.Fatalf("unexpected SameSite value %v", c.SameSite)
|
|
}
|
|
|
|
tok, err := jwt.ParseWithClaims(c.Value, &Claims{}, func(_ *jwt.Token) (any, error) {
|
|
return sessionKey, nil
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("cookie token failed to parse: %v", err)
|
|
}
|
|
claims, ok := tok.Claims.(*Claims)
|
|
if !ok || !tok.Valid {
|
|
t.Fatalf("parsed claims invalid")
|
|
}
|
|
if claims.Username != "brad" || claims.JFToken != "jf-access" {
|
|
t.Fatalf("unexpected claims payload: %#v", claims)
|
|
}
|
|
}
|
|
|
|
func TestClearSessionExpiresCookie(t *testing.T) {
|
|
origSecure := cookieSecure
|
|
cookieSecure = true
|
|
t.Cleanup(func() {
|
|
cookieSecure = origSecure
|
|
})
|
|
|
|
rr := httptest.NewRecorder()
|
|
ClearSession(rr)
|
|
|
|
res := rr.Result()
|
|
defer res.Body.Close()
|
|
cookies := res.Cookies()
|
|
if len(cookies) != 1 {
|
|
t.Fatalf("expected one cookie, got %d", len(cookies))
|
|
}
|
|
c := cookies[0]
|
|
if c.Name != CookieName {
|
|
t.Fatalf("unexpected cookie name %q", c.Name)
|
|
}
|
|
if c.Value != "" {
|
|
t.Fatalf("expected cleared cookie value")
|
|
}
|
|
if c.MaxAge != -1 {
|
|
t.Fatalf("expected MaxAge=-1, got %d", c.MaxAge)
|
|
}
|
|
if !c.Expires.IsZero() && c.Expires.Unix() != 0 {
|
|
t.Fatalf("expected unix epoch expiry, got %v", c.Expires)
|
|
}
|
|
if !c.Secure {
|
|
t.Fatalf("expected secure cookie")
|
|
}
|
|
}
|
|
|
|
func TestSetSessionSigningError(t *testing.T) {
|
|
origSign := signJWT
|
|
defer func() { signJWT = origSign }()
|
|
|
|
signJWT = func(*jwt.Token) (string, error) {
|
|
return "", http.ErrNoCookie
|
|
}
|
|
|
|
rr := httptest.NewRecorder()
|
|
if err := SetSession(rr, "brad", "jf"); err == nil {
|
|
t.Fatalf("expected signing error")
|
|
}
|
|
}
|