()
| 190 | } |
| 191 | |
| 192 | func (ts *AuthTestSuite) TestMaybeLoadUserOrSession() { |
| 193 | u, err := models.FindUserByEmailAndAudience(ts.API.db, "test@example.com", ts.Config.JWT.Aud) |
| 194 | require.NoError(ts.T(), err) |
| 195 | |
| 196 | s, err := models.NewSession(u.ID, nil) |
| 197 | require.NoError(ts.T(), err) |
| 198 | require.NoError(ts.T(), ts.API.db.Create(s)) |
| 199 | |
| 200 | require.NoError(ts.T(), ts.API.db.Load(s)) |
| 201 | |
| 202 | cases := []struct { |
| 203 | Desc string |
| 204 | UserJwtClaims *AccessTokenClaims |
| 205 | ExpectedError error |
| 206 | ExpectedUser *models.User |
| 207 | ExpectedSession *models.Session |
| 208 | }{ |
| 209 | { |
| 210 | Desc: "Missing Subject Claim", |
| 211 | UserJwtClaims: &AccessTokenClaims{ |
| 212 | RegisteredClaims: jwt.RegisteredClaims{ |
| 213 | Subject: "", |
| 214 | }, |
| 215 | Role: "authenticated", |
| 216 | }, |
| 217 | ExpectedError: apierrors.NewForbiddenError(apierrors.ErrorCodeBadJWT, "invalid claim: missing sub claim"), |
| 218 | ExpectedUser: nil, |
| 219 | }, |
| 220 | { |
| 221 | Desc: "Valid Subject Claim", |
| 222 | UserJwtClaims: &AccessTokenClaims{ |
| 223 | RegisteredClaims: jwt.RegisteredClaims{ |
| 224 | Subject: u.ID.String(), |
| 225 | }, |
| 226 | Role: "authenticated", |
| 227 | }, |
| 228 | ExpectedError: nil, |
| 229 | ExpectedUser: u, |
| 230 | }, |
| 231 | { |
| 232 | Desc: "Invalid Subject Claim", |
| 233 | UserJwtClaims: &AccessTokenClaims{ |
| 234 | RegisteredClaims: jwt.RegisteredClaims{ |
| 235 | Subject: "invalid-subject-claim", |
| 236 | }, |
| 237 | Role: "authenticated", |
| 238 | }, |
| 239 | ExpectedError: apierrors.NewBadRequestError(apierrors.ErrorCodeBadJWT, "invalid claim: sub claim must be a UUID"), |
| 240 | ExpectedUser: nil, |
| 241 | }, |
| 242 | { |
| 243 | Desc: "Empty Session ID Claim", |
| 244 | UserJwtClaims: &AccessTokenClaims{ |
| 245 | RegisteredClaims: jwt.RegisteredClaims{ |
| 246 | Subject: u.ID.String(), |
| 247 | }, |
| 248 | Role: "authenticated", |
| 249 | SessionId: "", |
nothing calls this directly
no test coverage detected