|
@@ -92,13 +92,23 @@ func TestJWTBearerAuth(t *testing.T) {
|
92
|
92
|
t.Errorf("incorrect account name for token: `%s`", accountName)
|
93
|
93
|
}
|
94
|
94
|
|
|
95
|
+ // test expiration
|
|
96
|
+ jTok = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(map[string]any{"preferred_username": "slingamn", "exp": 1675740865}))
|
|
97
|
+ token, err = jTok.SignedString(privKey)
|
|
98
|
+ if err != nil {
|
|
99
|
+ t.Fatal(err)
|
|
100
|
+ }
|
|
101
|
+ accountName, err = j.Validate(token)
|
|
102
|
+ if err == nil {
|
|
103
|
+ t.Errorf("validated expired token")
|
|
104
|
+ }
|
|
105
|
+
|
95
|
106
|
// test for the infamous algorithm confusion bug
|
96
|
107
|
jTok = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(map[string]any{"preferred_username": "slingamn"}))
|
97
|
108
|
token, err = jTok.SignedString([]byte(rsaTestPubKey))
|
98
|
109
|
if err != nil {
|
99
|
110
|
t.Fatal(err)
|
100
|
111
|
}
|
101
|
|
-
|
102
|
112
|
accountName, err = j.Validate(token)
|
103
|
113
|
if err == nil {
|
104
|
114
|
t.Errorf("validated HS256 token despite RSA being required")
|