netbird/management/server/jwtclaims/extractor_test.go

package jwtclaims

import (
	"context"
	"github.com/golang-jwt/jwt"
	"github.com/stretchr/testify/require"
	"net/http"
	"testing"
)

func newTestRequestWithJWT(t *testing.T, claims AuthorizationClaims, audiance string) *http.Request {
	claimMaps := jwt.MapClaims{}
	if claims.UserId != "" {
		claimMaps[UserIDClaim] = claims.UserId
	}
	if claims.AccountId != "" {
		claimMaps[audiance+AccountIDSuffix] = claims.AccountId
	}
	if claims.Domain != "" {
		claimMaps[audiance+DomainIDSuffix] = claims.Domain
	}
	if claims.DomainCategory != "" {
		claimMaps[audiance+DomainCategorySuffix] = claims.DomainCategory
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps)
	r, err := http.NewRequest(http.MethodGet, "http://localhost", nil)
	require.NoError(t, err, "creating testing request failed")
	testRequest := r.WithContext(context.WithValue(r.Context(), TokenUserProperty, token)) //nolint

	return testRequest
}

func TestExtractClaimsFromRequestContext(t *testing.T) {

	type test struct {
		name                     string
		inputAuthorizationClaims AuthorizationClaims
		inputAudiance            string
		testingFunc              require.ComparisonAssertionFunc
		expectedMSG              string
	}

	testCase1 := test{
		name:          "All Claim Fields",
		inputAudiance: "https://login/",
		inputAuthorizationClaims: AuthorizationClaims{
			UserId:         "test",
			Domain:         "test.com",
			AccountId:      "testAcc",
			DomainCategory: "public",
		},
		testingFunc: require.EqualValues,
		expectedMSG: "extracted claims should match input claims",
	}

	testCase2 := test{
		name:          "Domain Is Empty",
		inputAudiance: "https://login/",
		inputAuthorizationClaims: AuthorizationClaims{
			UserId:    "test",
			AccountId: "testAcc",
		},
		testingFunc: require.EqualValues,
		expectedMSG: "extracted claims should match input claims",
	}

	testCase3 := test{
		name:          "Account ID Is Empty",
		inputAudiance: "https://login/",
		inputAuthorizationClaims: AuthorizationClaims{
			UserId: "test",
			Domain: "test.com",
		},
		testingFunc: require.EqualValues,
		expectedMSG: "extracted claims should match input claims",
	}

	testCase4 := test{
		name:          "Category Is Empty",
		inputAudiance: "https://login/",
		inputAuthorizationClaims: AuthorizationClaims{
			UserId:    "test",
			Domain:    "test.com",
			AccountId: "testAcc",
		},
		testingFunc: require.EqualValues,
		expectedMSG: "extracted claims should match input claims",
	}

	testCase5 := test{
		name:          "Only User ID Is set",
		inputAudiance: "https://login/",
		inputAuthorizationClaims: AuthorizationClaims{
			UserId: "test",
		},
		testingFunc: require.EqualValues,
		expectedMSG: "extracted claims should match input claims",
	}

	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5} {
		t.Run(testCase.name, func(t *testing.T) {

			request := newTestRequestWithJWT(t, testCase.inputAuthorizationClaims, testCase.inputAudiance)

			extractedClaims := ExtractClaimsFromRequestContext(request, testCase.inputAudiance)

			testCase.testingFunc(t, testCase.inputAuthorizationClaims, extractedClaims, testCase.expectedMSG)
		})
	}
}
Jwtclaims package (#242) * Move JWTClaims logic to its own package * Add extractor tests 2022-02-23 20:02:02 +01:00			`package jwtclaims`

			`import (`
			`"context"`
			`"github.com/golang-jwt/jwt"`
			`"github.com/stretchr/testify/require"`
			`"net/http"`
			`"testing"`
			`)`

			`func newTestRequestWithJWT(t testing.T, claims AuthorizationClaims, audiance string) http.Request {`
			`claimMaps := jwt.MapClaims{}`
			`if claims.UserId != "" {`
			`claimMaps[UserIDClaim] = claims.UserId`
			`}`
			`if claims.AccountId != "" {`
			`claimMaps[audiance+AccountIDSuffix] = claims.AccountId`
			`}`
			`if claims.Domain != "" {`
			`claimMaps[audiance+DomainIDSuffix] = claims.Domain`
			`}`
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com> 2022-03-01 15:22:18 +01:00			`if claims.DomainCategory != "" {`
			`claimMaps[audiance+DomainCategorySuffix] = claims.DomainCategory`
			`}`
Jwtclaims package (#242) * Move JWTClaims logic to its own package * Add extractor tests 2022-02-23 20:02:02 +01:00			`token := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps)`
			`r, err := http.NewRequest(http.MethodGet, "http://localhost", nil)`
			`require.NoError(t, err, "creating testing request failed")`
			`testRequest := r.WithContext(context.WithValue(r.Context(), TokenUserProperty, token)) //nolint`

			`return testRequest`
			`}`

			`func TestExtractClaimsFromRequestContext(t *testing.T) {`

			`type test struct {`
			`name string`
			`inputAuthorizationClaims AuthorizationClaims`
			`inputAudiance string`
			`testingFunc require.ComparisonAssertionFunc`
			`expectedMSG string`
			`}`

			`testCase1 := test{`
			`name: "All Claim Fields",`
			`inputAudiance: "https://login/",`
			`inputAuthorizationClaims: AuthorizationClaims{`
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com> 2022-03-01 15:22:18 +01:00			`UserId: "test",`
			`Domain: "test.com",`
			`AccountId: "testAcc",`
			`DomainCategory: "public",`
Jwtclaims package (#242) * Move JWTClaims logic to its own package * Add extractor tests 2022-02-23 20:02:02 +01:00			`},`
			`testingFunc: require.EqualValues,`
			`expectedMSG: "extracted claims should match input claims",`
			`}`

			`testCase2 := test{`
			`name: "Domain Is Empty",`
			`inputAudiance: "https://login/",`
			`inputAuthorizationClaims: AuthorizationClaims{`
			`UserId: "test",`
			`AccountId: "testAcc",`
			`},`
			`testingFunc: require.EqualValues,`
			`expectedMSG: "extracted claims should match input claims",`
			`}`

			`testCase3 := test{`
			`name: "Account ID Is Empty",`
			`inputAudiance: "https://login/",`
			`inputAuthorizationClaims: AuthorizationClaims{`
			`UserId: "test",`
			`Domain: "test.com",`
			`},`
			`testingFunc: require.EqualValues,`
			`expectedMSG: "extracted claims should match input claims",`
			`}`

			`testCase4 := test{`
Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com> 2022-03-01 15:22:18 +01:00			`name: "Category Is Empty",`
			`inputAudiance: "https://login/",`
			`inputAuthorizationClaims: AuthorizationClaims{`
			`UserId: "test",`
			`Domain: "test.com",`
			`AccountId: "testAcc",`
			`},`
			`testingFunc: require.EqualValues,`
			`expectedMSG: "extracted claims should match input claims",`
			`}`

			`testCase5 := test{`
Jwtclaims package (#242) * Move JWTClaims logic to its own package * Add extractor tests 2022-02-23 20:02:02 +01:00			`name: "Only User ID Is set",`
			`inputAudiance: "https://login/",`
			`inputAuthorizationClaims: AuthorizationClaims{`
			`UserId: "test",`
			`},`
			`testingFunc: require.EqualValues,`
			`expectedMSG: "extracted claims should match input claims",`
			`}`

Group users of same private domain (#243) * Added Domain Category field and fix store tests * Add GetAccountByDomain method * Add Domain Category to authorization claims * Initial GetAccountWithAuthorizationClaims test cases * Renamed Private Domain map and index it on saving account * New Go build tags * Added NewRegularUser function * Updated restore to account for primary domain account Also, added another test case * Added grouping user of private domains Also added auxiliary methods for update metadata and domain attributes * Update http handles get account method and tests * Fix lint and document another case * Removed unnecessary log * Move use cases to method and add flow comments * Split the new user and existing logic from GetAccountWithAuthorizationClaims * Review: minor corrections Co-authored-by: braginini <bangvalo@gmail.com> 2022-03-01 15:22:18 +01:00			`for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5} {`
Jwtclaims package (#242) * Move JWTClaims logic to its own package * Add extractor tests 2022-02-23 20:02:02 +01:00			`t.Run(testCase.name, func(t *testing.T) {`

			`request := newTestRequestWithJWT(t, testCase.inputAuthorizationClaims, testCase.inputAudiance)`

			`extractedClaims := ExtractClaimsFromRequestContext(request, testCase.inputAudiance)`

			`testCase.testingFunc(t, testCase.inputAuthorizationClaims, extractedClaims, testCase.expectedMSG)`
			`})`
			`}`
			`}`