package user import ( "net/url" "testing" "time" "github.com/kylelemons/godebug/pretty" "github.com/coreos/go-oidc/jose" "github.com/coreos/go-oidc/key" ) func TestInvitationParseAndVerify(t *testing.T) { issuer, _ := url.Parse("http://example.com") notIssuer, _ := url.Parse("http://other.com") client := "myclient" user := User{ID: "1234", Email: "user@example.com"} callback, _ := url.Parse("http://client.example.com") expires := time.Hour * 3 password := Password("Halloween is the best holiday") privKey, _ := key.GeneratePrivateKey() signer := privKey.Signer() publicKeys := []key.PublicKey{*key.NewPublicKey(privKey.JWK())} goodInvitation := NewInvitation(user, password, *issuer, client, *callback, expires) goodNoCB := NewInvitation(user, password, *issuer, client, *callback, expires) expired := NewInvitation(user, password, *issuer, client, *callback, -expires) wrongIssuer := NewInvitation(user, password, *notIssuer, client, *callback, expires) noSub := NewInvitation(User{Email: "noid@noid.com"}, password, *issuer, client, *callback, expires) noEmail := NewInvitation(User{ID: "JONNY_NO_EMAIL"}, password, *issuer, client, *callback, expires) noPassword := NewInvitation(user, Password(""), *issuer, client, *callback, expires) noClient := NewInvitation(user, password, *issuer, "", *callback, expires) noClientNoCB := NewInvitation(user, password, *issuer, "", url.URL{}, expires) tests := []struct { invite Invitation wantErr bool signer jose.Signer }{ { invite: goodInvitation, signer: signer, wantErr: false, }, { invite: goodNoCB, signer: signer, wantErr: false, }, { invite: expired, signer: signer, wantErr: true, }, { invite: wrongIssuer, signer: signer, wantErr: true, }, { invite: noSub, signer: signer, wantErr: true, }, { invite: noEmail, signer: signer, wantErr: true, }, { invite: noPassword, signer: signer, wantErr: true, }, { invite: noClient, signer: signer, wantErr: true, }, { invite: noClientNoCB, signer: signer, wantErr: true, }, } for i, tt := range tests { jwt, err := jose.NewSignedJWT(tt.invite.Claims, tt.signer) if err != nil { t.Fatalf("case %d: failed to generate JWT, error: %v", i, err) } token := jwt.Encode() parsed, err := ParseAndVerifyInvitationToken(token, *issuer, publicKeys) if tt.wantErr { if err == nil { t.Errorf("case %d: want no-nil error, got nil", i) } continue } if err != nil { t.Errorf("case %d: unexpected error: %v", i, err) continue } if diff := pretty.Compare(tt.invite, parsed); diff != "" { t.Errorf("case %d: Compare(want, got): %v", i, diff) } } }