|  | package jwt_test | 
|  |  | 
|  | import ( | 
|  | "testing" | 
|  | "time" | 
|  |  | 
|  | "github.com/SermoDigital/jose/crypto" | 
|  | "github.com/SermoDigital/jose/jws" | 
|  | "github.com/SermoDigital/jose/jwt" | 
|  | ) | 
|  |  | 
|  | func TestMultipleAudienceBug_AfterMarshal(t *testing.T) { | 
|  |  | 
|  | // Create JWS claims | 
|  | claims := jws.Claims{} | 
|  | claims.SetAudience("example.com", "api.example.com") | 
|  |  | 
|  | token := jws.NewJWT(claims, crypto.SigningMethodHS256) | 
|  | serializedToken, _ := token.Serialize([]byte("abcdef")) | 
|  |  | 
|  | // Unmarshal JSON | 
|  | newToken, _ := jws.ParseJWT(serializedToken) | 
|  |  | 
|  | c := newToken.Claims() | 
|  |  | 
|  | // Get Audience | 
|  | aud, ok := c.Audience() | 
|  | if !ok { | 
|  |  | 
|  | // Fails | 
|  | t.Fail() | 
|  | } | 
|  |  | 
|  | t.Logf("aud Value: %s", aud) | 
|  | t.Logf("aud Type : %T", aud) | 
|  | } | 
|  |  | 
|  | func TestMultipleAudienceFix_AfterMarshal(t *testing.T) { | 
|  | // Create JWS claims | 
|  | claims := jws.Claims{} | 
|  | claims.SetAudience("example.com", "api.example.com") | 
|  |  | 
|  | token := jws.NewJWT(claims, crypto.SigningMethodHS256) | 
|  | serializedToken, _ := token.Serialize([]byte("abcdef")) | 
|  |  | 
|  | // Unmarshal JSON | 
|  | newToken, _ := jws.ParseJWT(serializedToken) | 
|  |  | 
|  | c := newToken.Claims() | 
|  |  | 
|  | // Get Audience | 
|  | aud, ok := c.Audience() | 
|  | if !ok { | 
|  |  | 
|  | // Fails | 
|  | t.Fail() | 
|  | } | 
|  |  | 
|  | t.Logf("aud len(): %d", len(aud)) | 
|  | t.Logf("aud Value: %s", aud) | 
|  | t.Logf("aud Type : %T", aud) | 
|  | } | 
|  |  | 
|  | func TestSingleAudienceFix_AfterMarshal(t *testing.T) { | 
|  | // Create JWS claims | 
|  | claims := jws.Claims{} | 
|  | claims.SetAudience("example.com") | 
|  |  | 
|  | token := jws.NewJWT(claims, crypto.SigningMethodHS256) | 
|  | serializedToken, _ := token.Serialize([]byte("abcdef")) | 
|  |  | 
|  | // Unmarshal JSON | 
|  | newToken, _ := jws.ParseJWT(serializedToken) | 
|  | c := newToken.Claims() | 
|  |  | 
|  | // Get Audience | 
|  | aud, ok := c.Audience() | 
|  | if !ok { | 
|  |  | 
|  | // Fails | 
|  | t.Fail() | 
|  | } | 
|  |  | 
|  | t.Logf("aud len(): %d", len(aud)) | 
|  | t.Logf("aud Value: %s", aud) | 
|  | t.Logf("aud Type : %T", aud) | 
|  | } | 
|  |  | 
|  | func TestValidate(t *testing.T) { | 
|  | now := time.Date(2015, 1, 1, 0, 0, 0, 0, time.UTC) | 
|  | before, after := now.Add(-time.Minute), now.Add(time.Minute) | 
|  | leeway := 10 * time.Second | 
|  |  | 
|  | exp := func(t time.Time) jwt.Claims { | 
|  | return jwt.Claims{"exp": t.Unix()} | 
|  | } | 
|  | nbf := func(t time.Time) jwt.Claims { | 
|  | return jwt.Claims{"nbf": t.Unix()} | 
|  | } | 
|  |  | 
|  | var tests = []struct { | 
|  | desc      string | 
|  | c         jwt.Claims | 
|  | now       time.Time | 
|  | expLeeway time.Duration | 
|  | nbfLeeway time.Duration | 
|  | err       error | 
|  | }{ | 
|  | // test for nbf < now <= exp | 
|  | {desc: "exp == nil && nbf == nil", c: jwt.Claims{}, now: now, err: nil}, | 
|  |  | 
|  | {desc: "now > exp", now: now, c: exp(before), err: jwt.ErrTokenIsExpired}, | 
|  | {desc: "now = exp", now: now, c: exp(now), err: nil}, | 
|  | {desc: "now < exp", now: now, c: exp(after), err: nil}, | 
|  |  | 
|  | {desc: "nbf < now", c: nbf(before), now: now, err: nil}, | 
|  | {desc: "nbf = now", c: nbf(now), now: now, err: jwt.ErrTokenNotYetValid}, | 
|  | {desc: "nbf > now", c: nbf(after), now: now, err: jwt.ErrTokenNotYetValid}, | 
|  |  | 
|  | // test for nbf-x < now <= exp+y | 
|  | {desc: "now < exp+x", now: now.Add(leeway - time.Second), expLeeway: leeway, c: exp(now), err: nil}, | 
|  | {desc: "now = exp+x", now: now.Add(leeway), expLeeway: leeway, c: exp(now), err: nil}, | 
|  | {desc: "now > exp+x", now: now.Add(leeway + time.Second), expLeeway: leeway, c: exp(now), err: jwt.ErrTokenIsExpired}, | 
|  |  | 
|  | {desc: "nbf-x > now", c: nbf(now), nbfLeeway: leeway, now: now.Add(-leeway + time.Second), err: nil}, | 
|  | {desc: "nbf-x = now", c: nbf(now), nbfLeeway: leeway, now: now.Add(-leeway), err: jwt.ErrTokenNotYetValid}, | 
|  | {desc: "nbf-x < now", c: nbf(now), nbfLeeway: leeway, now: now.Add(-leeway - time.Second), err: jwt.ErrTokenNotYetValid}, | 
|  | } | 
|  |  | 
|  | for i, tt := range tests { | 
|  | if got, want := tt.c.Validate(tt.now, tt.expLeeway, tt.nbfLeeway), tt.err; got != want { | 
|  | t.Errorf("%d - %q: got %v want %v", i, tt.desc, got, want) | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | func TestGetAndSetTime(t *testing.T) { | 
|  | now := time.Now() | 
|  | nowUnix := now.Unix() | 
|  | c := jwt.Claims{ | 
|  | "int":     int(nowUnix), | 
|  | "int32":   int32(nowUnix), | 
|  | "int64":   int64(nowUnix), | 
|  | "uint":    uint(nowUnix), | 
|  | "uint32":  uint32(nowUnix), | 
|  | "uint64":  uint64(nowUnix), | 
|  | "float64": float64(nowUnix), | 
|  | } | 
|  | c.SetTime("setTime", now) | 
|  | for k := range c { | 
|  | v, ok := c.GetTime(k) | 
|  | if got, want := v, time.Unix(nowUnix, 0); !ok || !got.Equal(want) { | 
|  | t.Errorf("%s: got %v want %v", k, got, want) | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | // TestTimeValuesThroughJSON verifies that the time values | 
|  | // that are set via the Set{IssuedAt,NotBefore,Expiration}() | 
|  | // methods can actually be parsed back | 
|  | func TestTimeValuesThroughJSON(t *testing.T) { | 
|  | now := time.Unix(time.Now().Unix(), 0) | 
|  |  | 
|  | c := jws.Claims{} | 
|  | c.SetIssuedAt(now) | 
|  | c.SetNotBefore(now) | 
|  | c.SetExpiration(now) | 
|  |  | 
|  | // serialize to JWT | 
|  | tok := jws.NewJWT(c, crypto.SigningMethodHS256) | 
|  | b, err := tok.Serialize([]byte("key")) | 
|  | if err != nil { | 
|  | t.Fatal(err) | 
|  | } | 
|  |  | 
|  | // parse the JWT again | 
|  | tok2, err := jws.ParseJWT(b) | 
|  | if err != nil { | 
|  | t.Fatal(err) | 
|  | } | 
|  | c2 := tok2.Claims() | 
|  |  | 
|  | iat, ok1 := c2.IssuedAt() | 
|  | nbf, ok2 := c2.NotBefore() | 
|  | exp, ok3 := c2.Expiration() | 
|  | if !ok1 || !ok2 || !ok3 { | 
|  | t.Fatal("got false want true") | 
|  | } | 
|  |  | 
|  | if got, want := iat, now; !got.Equal(want) { | 
|  | t.Errorf("%s: got %v want %v", "iat", got, want) | 
|  | } | 
|  | if got, want := nbf, now; !got.Equal(want) { | 
|  | t.Errorf("%s: got %v want %v", "nbf", got, want) | 
|  | } | 
|  | if got, want := exp, now; !got.Equal(want) { | 
|  | t.Errorf("%s: got %v want %v", "exp", got, want) | 
|  | } | 
|  | } |