- Add tests for hmac/v2

- Fill token with algorithm
netbirdio · Sep 11, 2024 · 4b2b279 · 4b2b279
1 parent bc98346
commit 4b2b279
Show file tree

Hide file tree

Showing 2 changed files with 113 additions and 0 deletions.
diff --git a/relay/auth/hmac/v2/generator.go b/relay/auth/hmac/v2/generator.go
@@ -10,6 +10,7 @@ import (
 
 type Generator struct {
  algo func() hash.Hash
+ algoType AuthAlgo
  secret []byte
  timeToLive time.Duration
 }
@@ -21,6 +22,7 @@ func NewGenerator(algo AuthAlgo, secret []byte, timeToLive time.Duration) (*Gene
  }
  return &Generator{
  algo: algoFunc,
+ algoType: algo,
  secret: secret,
  timeToLive: timeToLive,
  }, nil
@@ -36,6 +38,7 @@ func (g *Generator) GenerateToken() (*Token, error) {
  signature := h.Sum(nil)
 
  return &Token{
+ AuthAlgo: g.algoType,
  Signature: signature,
  Payload: payload,
  }, nil

diff --git a/relay/auth/hmac/v2/hmac_test.go b/relay/auth/hmac/v2/hmac_test.go
@@ -0,0 +1,110 @@
+package v2
+
+import (
+ "strconv"
+ "testing"
+ "time"
+)
+
+func TestGenerateCredentials(t *testing.T) {
+ secret := "supersecret"
+ timeToLive := 1 * time.Hour
+ g, err := NewGenerator(AuthAlgoHMACSHA256, []byte(secret), timeToLive)
+ if err != nil {
+ t.Fatalf("failed to create generator: %v", err)
+ }
+
+ token, err := g.GenerateToken()
+ if err != nil {
+ t.Fatalf("expected no error, got %v", err)
+ }
+
+ if len(token.Payload) == 0 {
+ t.Fatalf("expected non-empty payload")
+ }
+
+ _, err = strconv.ParseInt(string(token.Payload), 10, 64)
+ if err != nil {
+ t.Fatalf("expected payload to be a valid unix timestamp, got %v", err)
+ }
+}
+
+func TestValidateCredentials(t *testing.T) {
+ secret := "supersecret"
+ timeToLive := 1 * time.Hour
+ g, err := NewGenerator(AuthAlgoHMACSHA256, []byte(secret), timeToLive)
+ if err != nil {
+ t.Fatalf("failed to create generator: %v", err)
+ }
+
+ token, err := g.GenerateToken()
+ if err != nil {
+ t.Fatalf("expected no error, got %v", err)
+ }
+
+ v := NewValidator([]byte(secret))
+ if err := v.Validate(token.Marshal()); err != nil {
+ t.Fatalf("expected valid token: %s", err)
+ }
+}
+
+func TestInvalidSignature(t *testing.T) {
+ secret := "supersecret"
+ timeToLive := 1 * time.Hour
+ g, err := NewGenerator(AuthAlgoHMACSHA256, []byte(secret), timeToLive)
+ if err != nil {
+ t.Fatalf("failed to create generator: %v", err)
+ }
+
+ token, err := g.GenerateToken()
+ if err != nil {
+ t.Fatalf("expected no error, got %v", err)
+ }
+
+ token.Signature = []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}
+
+ v := NewValidator([]byte(secret))
+ if err := v.Validate(token.Marshal()); err == nil {
+ t.Fatalf("expected valid token: %s", err)
+ }
+}
+
+func TestExpired(t *testing.T) {
+ secret := "supersecret"
+ timeToLive := -1 * time.Hour
+ g, err := NewGenerator(AuthAlgoHMACSHA256, []byte(secret), timeToLive)
+ if err != nil {
+ t.Fatalf("failed to create generator: %v", err)
+ }
+
+ token, err := g.GenerateToken()
+ if err != nil {
+ t.Fatalf("expected no error, got %v", err)
+ }
+
+ v := NewValidator([]byte(secret))
+ if err := v.Validate(token.Marshal()); err == nil {
+ t.Fatalf("expected valid token: %s", err)
+ }
+}
+
+func TestInvalidPayload(t *testing.T) {
+ secret := "supersecret"
+ timeToLive := 1 * time.Hour
+ g, err := NewGenerator(AuthAlgoHMACSHA256, []byte(secret), timeToLive)
+ if err != nil {
+ t.Fatalf("failed to create generator: %v", err)
+ }
+
+ token, err := g.GenerateToken()
+ if err != nil {
+ t.Fatalf("expected no error, got %v", err)
+ }
+
+ token.Payload = []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}
+
+ v := NewValidator([]byte(secret))
+ if err := v.Validate(token.Marshal()); err == nil {
+ t.Fatalf("expected invalid token due to invalid payload")
+ }
+}