navidrome/core/auth/auth_test.go

package auth_test

import (
	"testing"
	"time"

	"github.com/go-chi/jwtauth/v5"
	"github.com/navidrome/navidrome/conf"
	"github.com/navidrome/navidrome/consts"
	"github.com/navidrome/navidrome/core/auth"
	"github.com/navidrome/navidrome/log"
	"github.com/navidrome/navidrome/model"
	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"
)

func TestAuth(t *testing.T) {
	log.SetLevel(log.LevelCritical)
	RegisterFailHandler(Fail)
	RunSpecs(t, "Auth Test Suite")
}

const (
	testJWTSecret = "not so secret"
	oneDay        = 24 * time.Hour
)

var _ = BeforeSuite(func() {
	conf.Server.SessionTimeout = 2 * oneDay
})

var _ = Describe("Auth", func() {

	BeforeEach(func() {
		auth.Secret = []byte(testJWTSecret)
		auth.TokenAuth = jwtauth.New("HS256", auth.Secret, nil)
	})

	Describe("Validate", func() {
		It("returns error with an invalid JWT token", func() {
			_, err := auth.Validate("invalid.token")
			Expect(err).To(HaveOccurred())
		})

		It("returns the claims from a valid JWT token", func() {
			claims := map[string]interface{}{}
			claims["iss"] = "issuer"
			claims["iat"] = time.Now().Unix()
			claims["exp"] = time.Now().Add(1 * time.Minute).Unix()
			_, tokenStr, err := auth.TokenAuth.Encode(claims)
			Expect(err).NotTo(HaveOccurred())

			decodedClaims, err := auth.Validate(tokenStr)
			Expect(err).NotTo(HaveOccurred())
			Expect(decodedClaims["iss"]).To(Equal("issuer"))
		})

		It("returns ErrExpired if the `exp` field is in the past", func() {
			claims := map[string]interface{}{}
			claims["iss"] = "issuer"
			claims["exp"] = time.Now().Add(-1 * time.Minute).Unix()
			_, tokenStr, err := auth.TokenAuth.Encode(claims)
			Expect(err).NotTo(HaveOccurred())

			_, err = auth.Validate(tokenStr)
			Expect(err).To(MatchError("token is expired"))
		})
	})

	Describe("CreateToken", func() {
		It("creates a valid token", func() {
			u := &model.User{
				ID:       "123",
				UserName: "johndoe",
				IsAdmin:  true,
			}
			tokenStr, err := auth.CreateToken(u)
			Expect(err).NotTo(HaveOccurred())

			claims, err := auth.Validate(tokenStr)
			Expect(err).NotTo(HaveOccurred())

			Expect(claims["iss"]).To(Equal(consts.JWTIssuer))
			Expect(claims["sub"]).To(Equal("johndoe"))
			Expect(claims["uid"]).To(Equal("123"))
			Expect(claims["adm"]).To(Equal(true))
			Expect(claims["exp"]).To(BeTemporally(">", time.Now()))
		})
	})

	Describe("TouchToken", func() {
		It("updates the expiration time", func() {
			yesterday := time.Now().Add(-oneDay)
			claims := map[string]interface{}{}
			claims["iss"] = "issuer"
			claims["exp"] = yesterday.Unix()
			token, _, err := auth.TokenAuth.Encode(claims)
			Expect(err).NotTo(HaveOccurred())

			touched, err := auth.TouchToken(token)
			Expect(err).NotTo(HaveOccurred())

			decodedClaims, err := auth.Validate(touched)
			Expect(err).NotTo(HaveOccurred())
			exp := decodedClaims["exp"].(time.Time)
			Expect(exp.Sub(yesterday)).To(BeNumerically(">=", oneDay))
		})
	})
})
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`package auth_test`

			`import (`
			`"testing"`
			`"time"`

Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`"github.com/go-chi/jwtauth/v5"`
More auth tests 2021-04-30 16:00:03 +02:00			`"github.com/navidrome/navidrome/conf"`
			`"github.com/navidrome/navidrome/consts"`
Started the big refactor to extract common logic from `engine` package (Subsonic only) to `core` package (more generic) 2020-07-10 18:45:58 +02:00			`"github.com/navidrome/navidrome/core/auth"`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`"github.com/navidrome/navidrome/log"`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`"github.com/navidrome/navidrome/model"`
Upgrade Ginkgo to V2 2022-07-26 22:47:16 +02:00			`. "github.com/onsi/ginkgo/v2"`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`. "github.com/onsi/gomega"`
			`)`

			`func TestAuth(t *testing.T) {`
			`log.SetLevel(log.LevelCritical)`
			`RegisterFailHandler(Fail)`
			`RunSpecs(t, "Auth Test Suite")`
			`}`

More auth tests 2021-04-30 16:00:03 +02:00			`const (`
			`testJWTSecret = "not so secret"`
			`oneDay = 24 * time.Hour`
			`)`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00
Upgrade Ginkgo to V2 2022-07-26 22:47:16 +02:00			`var _ = BeforeSuite(func() {`
			`conf.Server.SessionTimeout = 2 * oneDay`
			`})`

feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`var _ = Describe("Auth", func() {`
More auth tests 2021-04-30 16:00:03 +02:00
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`BeforeEach(func() {`
More auth tests 2021-04-30 16:00:03 +02:00			`auth.Secret = []byte(testJWTSecret)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`auth.TokenAuth = jwtauth.New("HS256", auth.Secret, nil)`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`})`
More auth tests 2021-04-30 16:00:03 +02:00
			`Describe("Validate", func() {`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`It("returns error with an invalid JWT token", func() {`
			`_, err := auth.Validate("invalid.token")`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).To(HaveOccurred())`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`})`

			`It("returns the claims from a valid JWT token", func() {`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`claims := map[string]interface{}{}`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`claims["iss"] = "issuer"`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`claims["iat"] = time.Now().Unix()`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`claims["exp"] = time.Now().Add(1 * time.Minute).Unix()`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`_, tokenStr, err := auth.TokenAuth.Encode(claims)`
			`Expect(err).NotTo(HaveOccurred())`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00
			`decodedClaims, err := auth.Validate(tokenStr)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).NotTo(HaveOccurred())`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`Expect(decodedClaims["iss"]).To(Equal("issuer"))`
			`})`

			It("returns ErrExpired if the `exp` field is in the past", func() {
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`claims := map[string]interface{}{}`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`claims["iss"] = "issuer"`
			`claims["exp"] = time.Now().Add(-1 * time.Minute).Unix()`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`_, tokenStr, err := auth.TokenAuth.Encode(claims)`
			`Expect(err).NotTo(HaveOccurred())`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`_, err = auth.Validate(tokenStr)`
			`Expect(err).To(MatchError("token is expired"))`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`})`
			`})`
More auth tests 2021-04-30 16:00:03 +02:00
			`Describe("CreateToken", func() {`
			`It("creates a valid token", func() {`
			`u := &model.User{`
			`ID: "123",`
			`UserName: "johndoe",`
			`IsAdmin: true,`
			`}`
			`tokenStr, err := auth.CreateToken(u)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).NotTo(HaveOccurred())`
More auth tests 2021-04-30 16:00:03 +02:00
			`claims, err := auth.Validate(tokenStr)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).NotTo(HaveOccurred())`
More auth tests 2021-04-30 16:00:03 +02:00
			`Expect(claims["iss"]).To(Equal(consts.JWTIssuer))`
			`Expect(claims["sub"]).To(Equal("johndoe"))`
			`Expect(claims["uid"]).To(Equal("123"))`
			`Expect(claims["adm"]).To(Equal(true))`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(claims["exp"]).To(BeTemporally(">", time.Now()))`
More auth tests 2021-04-30 16:00:03 +02:00			`})`
			`})`

			`Describe("TouchToken", func() {`
			`It("updates the expiration time", func() {`
			`yesterday := time.Now().Add(-oneDay)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`claims := map[string]interface{}{}`
More auth tests 2021-04-30 16:00:03 +02:00			`claims["iss"] = "issuer"`
			`claims["exp"] = yesterday.Unix()`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`token, _, err := auth.TokenAuth.Encode(claims)`
			`Expect(err).NotTo(HaveOccurred())`
More auth tests 2021-04-30 16:00:03 +02:00
			`touched, err := auth.TouchToken(token)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).NotTo(HaveOccurred())`
More auth tests 2021-04-30 16:00:03 +02:00
			`decodedClaims, err := auth.Validate(touched)`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`Expect(err).NotTo(HaveOccurred())`
			`exp := decodedClaims["exp"].(time.Time)`
			`Expect(exp.Sub(yesterday)).To(BeNumerically(">=", oneDay))`
More auth tests 2021-04-30 16:00:03 +02:00			`})`
			`})`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`})`