From df82782ba5a7965ba7d51729d0a1df122f386e7a Mon Sep 17 00:00:00 2001 From: "$(pass /github/name)" <$(pass /github/email)> Date: Fri, 6 Sep 2024 09:22:37 +0200 Subject: [PATCH] add: auth_test cases & null attack test --- internal/middlewares/auth_test.go | 48 +++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/internal/middlewares/auth_test.go b/internal/middlewares/auth_test.go index 7f503f1..41595de 100644 --- a/internal/middlewares/auth_test.go +++ b/internal/middlewares/auth_test.go @@ -1,9 +1,14 @@ package middlewares import ( + "GoMembership/internal/config" + "GoMembership/pkg/logger" "encoding/json" + "log" "net/http" "net/http/httptest" + "os" + "path/filepath" "testing" "time" @@ -15,6 +20,26 @@ import ( func TestAuthMiddleware(t *testing.T) { gin.SetMode(gin.TestMode) + cwd, err := os.Getwd() + if err != nil { + log.Fatalf("Failed to get current working directory: %v", err) + } + configFilePath := filepath.Join(cwd, "..", "..", "configs", "config.json") + templateHTMLPath := filepath.Join(cwd, "..", "..", "templates", "html") + templateMailPath := filepath.Join(cwd, "..", "..", "templates", "email") + + if err := os.Setenv("TEMPLATE_MAIL_PATH", templateMailPath); err != nil { + log.Fatalf("Error setting environment variable: %v", err) + } + if err := os.Setenv("TEMPLATE_HTML_PATH", templateHTMLPath); err != nil { + log.Fatalf("Error setting environment variable: %v", err) + } + if err := os.Setenv("CONFIG_FILE_PATH", configFilePath); err != nil { + log.Fatalf("Error setting environment variable: %v", err) + } + config.LoadConfig() + logger.Info.Printf("Config: %#v", config.CFG) + tests := []struct { name string setupAuth func(r *http.Request) @@ -31,15 +56,15 @@ func TestAuthMiddleware(t *testing.T) { expectedUserID: 123, }, { - name: "Missing Auth Header", + name: "Missing Cookie", setupAuth: func(r *http.Request) {}, expectedStatus: http.StatusUnauthorized, expectedUserID: 0, }, { - name: "Invalid Token Format", + name: "Invalid Token", setupAuth: func(r *http.Request) { - r.Header.Set("Authorization", "InvalidFormat") + r.AddCookie(&http.Cookie{Name: "jwt", Value: "InvalidToken"}) }, expectedStatus: http.StatusUnauthorized, expectedUserID: 0, @@ -48,7 +73,7 @@ func TestAuthMiddleware(t *testing.T) { name: "Expired Token", setupAuth: func(r *http.Request) { token := jwt.NewWithClaims(jwtSigningMethod, jwt.MapClaims{ - "user_id": "user123", + "user_id": 123, "exp": time.Now().Add(-time.Hour).Unix(), // Expired 1 hour ago }) tokenString, _ := token.SignedString(jwtKey) @@ -61,7 +86,7 @@ func TestAuthMiddleware(t *testing.T) { name: "Invalid Signature", setupAuth: func(r *http.Request) { token := jwt.NewWithClaims(jwtSigningMethod, jwt.MapClaims{ - "user_id": "user123", + "user_id": 123, "exp": time.Now().Add(time.Hour).Unix(), }) tokenString, _ := token.SignedString([]byte("wrong_secret")) @@ -70,6 +95,19 @@ func TestAuthMiddleware(t *testing.T) { expectedStatus: http.StatusUnauthorized, expectedUserID: 0, }, + { + name: "Invalid Signing Method", + setupAuth: func(r *http.Request) { + token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ + "user_id": 123, + "exp": time.Now().Add(time.Hour).Unix(), + }) + tokenString, _ := token.SignedString([]byte(config.Auth.JWTSecret)) + r.AddCookie(&http.Cookie{Name: "jwt", Value: tokenString}) + }, + expectedStatus: http.StatusUnauthorized, + expectedUserID: 0, + }, } for _, tt := range tests {