forked from hashicorp/go-azure-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cached_authorizer_test.go
164 lines (151 loc) · 6.71 KB
/
cached_authorizer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package auth_test
import (
"context"
"net/http"
"regexp"
"testing"
"time"
"github.com/hashicorp/go-azure-sdk/sdk/auth"
"github.com/hashicorp/go-azure-sdk/sdk/claims"
"github.com/hashicorp/go-azure-sdk/sdk/internal/test"
)
func TestCachedAuthorizer(t *testing.T) {
tokenPattern := regexp.MustCompile("^[a-zA-Z0-9_-]+[.][a-zA-Z0-9_-]+[.][a-zA-Z0-9_-]+")
req := &http.Request{}
authorizer, err := auth.NewCachedAuthorizer(&test.TestAuthorizer{})
if err != nil {
t.Fatalf("received error for NewCachedAuthorizer(): %+v", err)
}
// Retrieve the first access tokens
token, err := authorizer.Token(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.Token(): %+v", err)
}
if !tokenPattern.MatchString(token.AccessToken) {
t.Fatalf("unexpected access token received: %q", token.AccessToken)
}
auxTokens, err := authorizer.AuxiliaryTokens(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.AuxiliaryTokens(): %+v", err)
}
for i, auxToken := range auxTokens {
if !tokenPattern.MatchString(auxToken.AccessToken) {
t.Fatalf("unexpected auxiliary access token received at %d: %q", i, token.AccessToken)
}
}
// Parse the claims and compare the IssuedAt and Expiry times
tokenClaims, err := claims.ParseClaims(token)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if tokenClaims.IssuedAt != test.TestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for access token, expected: %d, received: %d", test.TestTokenIssued.Unix(), tokenClaims.IssuedAt)
}
if tokenClaims.Expires != test.TestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for access token, expected: %d, received: %d", test.TestTokenExpiry.Unix(), tokenClaims.Expires)
}
for i, auxToken := range auxTokens {
auxTokenClaims, err := claims.ParseClaims(auxToken)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if auxTokenClaims.IssuedAt != test.TestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for auxiliary access token at %d, expected: %d, received: %d", i, test.TestTokenIssued.Unix(), auxTokenClaims.IssuedAt)
}
if auxTokenClaims.Expires != test.TestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for auxiliary access token at %d, expected: %d, received: %d", i, test.TestTokenExpiry.Unix(), auxTokenClaims.Expires)
}
}
// Wait for 5 seconds and advance the issued/expiry times for the testAuthorizer
time.Sleep(5 * time.Second)
earlierTestTokenIssued := test.TestTokenIssued
earlierTestTokenExpiry := test.TestTokenExpiry
test.TestTokenIssued = time.Now()
test.TestTokenExpiry = time.Now().Add(3599 * time.Second)
// Retrieve a second token, this should be retrieved from the cache
token, err = authorizer.Token(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.Token(): %+v", err)
}
if !tokenPattern.MatchString(token.AccessToken) {
t.Fatalf("unexpected access token received: %q", token.AccessToken)
}
auxTokens, err = authorizer.AuxiliaryTokens(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.AuxiliaryTokens(): %+v", err)
}
for i, auxToken := range auxTokens {
if !tokenPattern.MatchString(auxToken.AccessToken) {
t.Fatalf("unexpected auxiliary access token received at %d: %q", i, token.AccessToken)
}
}
// Parse the claims for the second token, ensure the IssuedAt and Expiry times _have not_ changed
tokenClaims, err = claims.ParseClaims(token)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if tokenClaims.IssuedAt != earlierTestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for access token, expected: %d, received: %d", earlierTestTokenIssued.Unix(), tokenClaims.IssuedAt)
}
if tokenClaims.Expires != earlierTestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for access token, expected: %d, received: %d", earlierTestTokenExpiry.Unix(), tokenClaims.Expires)
}
for i, auxToken := range auxTokens {
auxTokenClaims, err := claims.ParseClaims(auxToken)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if auxTokenClaims.IssuedAt != earlierTestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for auxiliary access token at %d, expected: %d, received: %d", i, earlierTestTokenIssued.Unix(), auxTokenClaims.IssuedAt)
}
if auxTokenClaims.Expires != earlierTestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for auxiliary access token at %d, expected: %d, received: %d", i, earlierTestTokenExpiry.Unix(), auxTokenClaims.Expires)
}
}
// Invalidate the access tokens
if err = authorizer.InvalidateCachedTokens(); err != nil {
t.Fatalf("received error for CachedAuthorizer.ExpireTokens(): %+v", err)
}
// Retrieve a third token, which should be re-acquired from the testAuthorizer
token, err = authorizer.Token(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.Token(): %+v", err)
}
if !tokenPattern.MatchString(token.AccessToken) {
t.Fatalf("unexpected access token received: %q", token.AccessToken)
}
auxTokens, err = authorizer.AuxiliaryTokens(context.Background(), req)
if err != nil {
t.Fatalf("received error for CachedAuthorizer.AuxiliaryTokens(): %+v", err)
}
for i, auxToken := range auxTokens {
if !tokenPattern.MatchString(auxToken.AccessToken) {
t.Fatalf("unexpected auxiliary access token received at %d: %q", i, token.AccessToken)
}
}
// Parse the claims for the third token, ensure the IssuedAt and Expiry times _have_ changed
tokenClaims, err = claims.ParseClaims(token)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if tokenClaims.IssuedAt != test.TestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for access token, expected: %d, received: %d", test.TestTokenIssued.Unix(), tokenClaims.IssuedAt)
}
if tokenClaims.Expires != test.TestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for access token, expected: %d, received: %d", test.TestTokenExpiry.Unix(), tokenClaims.Expires)
}
for i, auxToken := range auxTokens {
auxTokenClaims, err := claims.ParseClaims(auxToken)
if err != nil {
t.Fatalf("received error for claims.ParseClaims(): %+v", err)
}
if auxTokenClaims.IssuedAt != test.TestTokenIssued.Unix() {
t.Fatalf("unexpected `iat` claim for auxiliary access token at %d, expected: %d, received: %d", i, test.TestTokenIssued.Unix(), auxTokenClaims.IssuedAt)
}
if auxTokenClaims.Expires != test.TestTokenExpiry.Unix() {
t.Fatalf("unexpected `exp` claim for auxiliary access token at %d, expected: %d, received: %d", i, test.TestTokenExpiry.Unix(), auxTokenClaims.Expires)
}
}
}