wip rework

gw2auth · Nov 12, 2023 · 5b5c3c0 · 5b5c3c0
1 parent c776513
commit 5b5c3c0
Showing 1 changed file with 15 additions and 29 deletions.
diff --git a/service/jwt_test.go b/service/jwt_test.go
@@ -86,27 +86,7 @@ func newRandomKeys(t *testing.T) (string, *rsa.PrivateKey, *rsa.PublicKey) {
 
 func TestSessionJwtConverter_WriteRead(t *testing.T) {
 	conv := newConverter(t)
-	jwtStr, err := conv.WriteJWT(SessionJwtClaims{
-		SessionId:     "test",
-		EncryptionKey: []byte{1, 2, 3, 4, 5},
-	}, time.Now().Add(time.Minute))
-
-	if err != nil {
-		t.Fatalf("failed to write jwt: %v", err)
-	}
-
-	claims, err := conv.ReadJWT(jwtStr)
-	if err != nil {
-		t.Fatalf("failed to read jwt: %v", err)
-	}
-
-	if claims.SessionId != "test" {
-		t.Fatalf("invalid session id: %v", claims.SessionId)
-	}
-
-	if !bytes.Equal(claims.EncryptionKey, []byte{1, 2, 3, 4, 5}) {
-		t.Fatalf("invalid encryption key: %v", claims.EncryptionKey)
-	}
+	testReadWrite(t, conv, conv)
 }
 
 func TestSessionJwtConverter_WriteReadExpired(t *testing.T) {
@@ -120,7 +100,7 @@ func TestSessionJwtConverter_WriteReadExpired(t *testing.T) {
 		t.Fatalf("failed to write jwt: %v", err)
 	}
 
-	_, err = conv.ReadJWT(jwtStr)
+	_, _, err = conv.ReadJWT(jwtStr)
 	if err == nil {
 		t.Fatal("should fail to read expired jwt; err is nil")
 	}
@@ -136,7 +116,7 @@ func TestSessionJwtConverter_WriteReadInvalidSignature1(t *testing.T) {
 		t.Fatalf("failed to write jwt: %v", err)
 	}
 
-	_, err = newRandomConverter(t).ReadJWT(jwtStr)
+	_, _, err = newRandomConverter(t).ReadJWT(jwtStr)
 	if err == nil {
 		t.Fatal("should fail to read with invalid signature; err is nil")
 	}
@@ -166,7 +146,7 @@ func TestSessionJwtConverter_WriteReadInvalidSignature2(t *testing.T) {
 	partsB := strings.Split(jwtStrB, ".")
 	partsA[2] = partsB[2]
 
-	_, err = convA.ReadJWT(strings.Join(partsA, "."))
+	_, _, err = convA.ReadJWT(strings.Join(partsA, "."))
 	if err == nil {
 		t.Fatal("should fail to read with invalid signature; err is nil")
 	}
@@ -198,7 +178,7 @@ func TestSessionJwtConverter_WriteReadInvalidSignature3(t *testing.T) {
 	partsB := strings.Split(jwtStrB, ".")
 	partsA[1] = partsB[1]
 
-	_, err = conv.ReadJWT(strings.Join(partsA, "."))
+	_, _, err = conv.ReadJWT(strings.Join(partsA, "."))
 	if err == nil {
 		t.Fatal("should fail to read with invalid signature; err is nil")
 	}
@@ -231,23 +211,25 @@ func TestSessionJwtConverter_WriteReadWithTwoKnownPubs(t *testing.T) {
 
 	for i, v := range matrix {
 		t.Run(matrixNames[i], func(t *testing.T) {
-			runReadWriteTest(t, v[0], v[1])
+			testReadWrite(t, v[0], v[1])
 		})
 	}
 }
 
-func runReadWriteTest(t *testing.T, convA *SessionJwtConverter, convB *SessionJwtConverter) {
-	exp := time.Now().Add(time.Minute)
+func testReadWrite(t *testing.T, convA *SessionJwtConverter, convB *SessionJwtConverter) {
+	start := time.Now().Truncate(time.Second)
+	exp := start.Add(time.Minute)
 	jwtStr, err := convA.WriteJWT(SessionJwtClaims{
 		SessionId:     "test",
 		EncryptionKey: []byte{1, 2, 3, 4, 5},
 	}, exp)
+	end := time.Now().Truncate(time.Second)
 
 	if err != nil {
 		t.Fatalf("failed to write jwt: %v", err)
 	}
 
-	claims, err := convB.ReadJWT(jwtStr)
+	claims, iat, err := convB.ReadJWT(jwtStr)
 	if err != nil {
 		t.Fatalf("failed to read jwt: %v", err)
 	}
@@ -259,4 +241,8 @@ func runReadWriteTest(t *testing.T, convA *SessionJwtConverter, convB *SessionJw
 	if !bytes.Equal(claims.EncryptionKey, []byte{1, 2, 3, 4, 5}) {
 		t.Fatalf("invalid encryption key: %v", claims.EncryptionKey)
 	}
+
+	if iat.Before(start) || iat.After(end) {
+		t.Fatalf("iat out of bounds: expected [start(%v) < iat(%v) < end(%v)]", start, iat, end)
+	}
 }