Adding upstream version 0.28.1.
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
88f1d47ab6
commit
e28c88ef14
GPG key ID:
FBB4F0E80A80222F
933 changed files with 194711 additions and 0 deletions
176
core/record_tokens_test.go
Normal file
176
core/record_tokens_test.go
Normal file
|
|
@ -0,0 +1,176 @@
|
|||
package core_test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/pocketbase/pocketbase/core"
|
||||
"github.com/pocketbase/pocketbase/tests"
|
||||
"github.com/pocketbase/pocketbase/tools/security"
|
||||
"github.com/spf13/cast"
|
||||
)
|
||||
|
||||
func TestNewStaticAuthToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypeAuth, func(record *core.Record) (string, error) {
|
||||
return record.NewStaticAuthToken(0)
|
||||
}, map[string]any{
|
||||
core.TokenClaimRefreshable: false,
|
||||
})
|
||||
}
|
||||
|
||||
func TestNewStaticAuthTokenWithCustomDuration(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
app, _ := tests.NewTestApp()
|
||||
defer app.Cleanup()
|
||||
|
||||
user, err := app.FindAuthRecordByEmail("users", "test@example.com")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
var tolerance int64 = 1 // in sec
|
||||
|
||||
durations := []int64{-100, 0, 100}
|
||||
|
||||
for i, d := range durations {
|
||||
t.Run(fmt.Sprintf("%d_%d", i, d), func(t *testing.T) {
|
||||
now := time.Now()
|
||||
|
||||
duration := time.Duration(d) * time.Second
|
||||
|
||||
token, err := user.NewStaticAuthToken(duration)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
claims, err := security.ParseUnverifiedJWT(token)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
exp := cast.ToInt64(claims["exp"])
|
||||
|
||||
expectedDuration := duration
|
||||
// should fallback to the collection setting
|
||||
if expectedDuration <= 0 {
|
||||
expectedDuration = user.Collection().AuthToken.DurationTime()
|
||||
}
|
||||
expectedMinExp := now.Add(expectedDuration).Unix() - tolerance
|
||||
expectedMaxExp := now.Add(expectedDuration).Unix() + tolerance
|
||||
|
||||
if exp < expectedMinExp {
|
||||
t.Fatalf("Expected token exp to be greater than %d, got %d", expectedMinExp, exp)
|
||||
}
|
||||
|
||||
if exp > expectedMaxExp {
|
||||
t.Fatalf("Expected token exp to be less than %d, got %d", expectedMaxExp, exp)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewAuthToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypeAuth, func(record *core.Record) (string, error) {
|
||||
return record.NewAuthToken()
|
||||
}, map[string]any{
|
||||
core.TokenClaimRefreshable: true,
|
||||
})
|
||||
}
|
||||
|
||||
func TestNewVerificationToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypeVerification, func(record *core.Record) (string, error) {
|
||||
return record.NewVerificationToken()
|
||||
}, nil)
|
||||
}
|
||||
|
||||
func TestNewPasswordResetToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypePasswordReset, func(record *core.Record) (string, error) {
|
||||
return record.NewPasswordResetToken()
|
||||
}, nil)
|
||||
}
|
||||
|
||||
func TestNewEmailChangeToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypeEmailChange, func(record *core.Record) (string, error) {
|
||||
return record.NewEmailChangeToken("new@example.com")
|
||||
}, nil)
|
||||
}
|
||||
|
||||
func TestNewFileToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testRecordToken(t, core.TokenTypeFile, func(record *core.Record) (string, error) {
|
||||
return record.NewFileToken()
|
||||
}, nil)
|
||||
}
|
||||
|
||||
func testRecordToken(
|
||||
t *testing.T,
|
||||
tokenType string,
|
||||
tokenFunc func(record *core.Record) (string, error),
|
||||
expectedClaims map[string]any,
|
||||
) {
|
||||
app, _ := tests.NewTestApp()
|
||||
defer app.Cleanup()
|
||||
|
||||
demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
user, err := app.FindAuthRecordByEmail("users", "test@example.com")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
t.Run("non-auth record", func(t *testing.T) {
|
||||
_, err = tokenFunc(demo1)
|
||||
if err == nil {
|
||||
t.Fatal("Expected error for non-auth records")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("auth record", func(t *testing.T) {
|
||||
token, err := tokenFunc(user)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
tokenRecord, _ := app.FindAuthRecordByToken(token, tokenType)
|
||||
if tokenRecord == nil || tokenRecord.Id != user.Id {
|
||||
t.Fatalf("Expected auth record\n%v\ngot\n%v", user, tokenRecord)
|
||||
}
|
||||
|
||||
if len(expectedClaims) > 0 {
|
||||
claims, _ := security.ParseUnverifiedJWT(token)
|
||||
for k, v := range expectedClaims {
|
||||
if claims[k] != v {
|
||||
t.Errorf("Expected claim %q with value %#v, got %#v", k, v, claims[k])
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("empty signing key", func(t *testing.T) {
|
||||
user.SetTokenKey("")
|
||||
collection := user.Collection()
|
||||
*collection = core.Collection{}
|
||||
collection.Type = core.CollectionTypeAuth
|
||||
|
||||
_, err := tokenFunc(user)
|
||||
if err == nil {
|
||||
t.Fatal("Expected empty signing key error")
|
||||
}
|
||||
})
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue