(t *testing.T)
| 314 | } |
| 315 | |
| 316 | func TestCheckToken(t *testing.T) { |
| 317 | provider := setupProvider(t) |
| 318 | |
| 319 | tests := []struct { |
| 320 | name string |
| 321 | allowedUsers []string |
| 322 | allowedGroups []string |
| 323 | claims jwt.Claims |
| 324 | wantErr error |
| 325 | }{ |
| 326 | { |
| 327 | name: "Success - Valid token with allowed user", |
| 328 | allowedUsers: []string{"user1"}, |
| 329 | claims: jwt.MapClaims{ |
| 330 | "iss": provider.ts.URL, |
| 331 | "aud": clientID, |
| 332 | "exp": time.Now().Add(time.Hour).Unix(), |
| 333 | "preferred_username": "user1", |
| 334 | "groups": []string{"group1"}, |
| 335 | }, |
| 336 | }, |
| 337 | { |
| 338 | name: "Success - Valid token with allowed group", |
| 339 | allowedGroups: []string{"group1"}, |
| 340 | claims: jwt.MapClaims{ |
| 341 | "iss": provider.ts.URL, |
| 342 | "aud": clientID, |
| 343 | "exp": time.Now().Add(time.Hour).Unix(), |
| 344 | "preferred_username": "user1", |
| 345 | "groups": []string{"group1"}, |
| 346 | }, |
| 347 | }, |
| 348 | { |
| 349 | name: "Success - Server omits groups, but user is allowed", |
| 350 | allowedUsers: []string{"user1"}, |
| 351 | claims: jwt.MapClaims{ |
| 352 | "iss": provider.ts.URL, |
| 353 | "aud": clientID, |
| 354 | "exp": time.Now().Add(time.Hour).Unix(), |
| 355 | "preferred_username": "user1", |
| 356 | }, |
| 357 | }, |
| 358 | { |
| 359 | name: "Success - Server omits preferred_username, but group is allowed", |
| 360 | allowedGroups: []string{"group1"}, |
| 361 | claims: jwt.MapClaims{ |
| 362 | "iss": provider.ts.URL, |
| 363 | "aud": clientID, |
| 364 | "exp": time.Now().Add(time.Hour).Unix(), |
| 365 | "groups": []string{"group1"}, |
| 366 | }, |
| 367 | }, |
| 368 | { |
| 369 | name: "Success - Valid token with allowed user and group", |
| 370 | allowedUsers: []string{"user1"}, |
| 371 | allowedGroups: []string{"group1"}, |
| 372 | claims: jwt.MapClaims{ |
| 373 | "iss": provider.ts.URL, |
nothing calls this directly
no test coverage detected