amend test, H256 secrets needs 256 bit aka at least 32 chars long

auth0 · Jun 5, 2024 · d3ac3f7 · d3ac3f7
1 parent d2cb4ab
commit d3ac3f7
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 28 deletions.
diff --git a/middleware_test.go b/middleware_test.go
@@ -17,8 +17,8 @@ import (
 
 func Test_CheckJWT(t *testing.T) {
 	const (
-		validToken   = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0SXNzdWVyIiwiYXVkIjoidGVzdEF1ZGllbmNlIn0.Bg8HXYXZ13zaPAcB0Bl0kRKW0iVF-2LTmITcEYUcWoo"
-		invalidToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0aW5nIn0.eM1Jd7VA7nFSI09FlmLmtuv7cLnv8qicZ8s76-jTOoE"
+		validToken   = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0SXNzdWVyIiwiYXVkIjoidGVzdEF1ZGllbmNlIn0.PObulEU1cVh-gXvE9p9X7ljwqj_ySgPLOcdyVaWkBZ0"
+		invalidToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0aW5nIn0.7weA6mqBZrF5BFggsul_iB_69E5B1PptE7XIteygHZM"
 		issuer       = "testIssuer"
 		audience     = "testAudience"
 	)
@@ -31,7 +31,7 @@ func Test_CheckJWT(t *testing.T) {
 	}
 
 	keyFunc := func(context.Context) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte("your-256-bit-secret-is-just-enough"), nil
 	}
 
 	jwtValidator, err := validator.New(keyFunc, validator.HS256, issuer, []string{audience})

diff --git a/validator/validator_test.go b/validator/validator_test.go
@@ -40,9 +40,9 @@ func TestValidator_ValidateToken(t *testing.T) {
 	}{
 		{
 			name:  "it successfully validates a token",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.-R2K2tZHDrgsEh9JNWcyk4aljtR6gZK0s2anNGlfwz0",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.Gc76TzJG4-yYm6VOPPHBrGZYX5Bk9NUl97By9IPFPzk",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm: HS256,
 			expectedClaims: &ValidatedClaims{
@@ -55,9 +55,9 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it successfully validates a token with custom claims",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm: HS256,
 			customClaims: func() CustomClaims {
@@ -76,18 +76,18 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it throws an error when token has a different signing algorithm than the validator",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.-R2K2tZHDrgsEh9JNWcyk4aljtR6gZK0s2anNGlfwz0",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.Gc76TzJG4-yYm6VOPPHBrGZYX5Bk9NUl97By9IPFPzk",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     RS256,
-			expectedError: errors.New(`signing method is invalid: expected "RS256" signing algorithm but token specified "HS256"`),
+			expectedError: errors.New(`could not parse the token: go-jose/go-jose: unexpected signature algorithm "HS256"; expected ["RS256"]`),
 		},
 		{
 			name:  "it throws an error when it cannot parse the token",
 			token: "",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: errors.New("could not parse the token: go-jose/go-jose: compact JWS format must have three parts"),
@@ -112,18 +112,18 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it throws an error when it fails to validate the registered claims",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIn0.VoIwDVmb--26wGrv93NmjNZYa4nrzjLw4JANgEjPI28",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIn0.Dg-euBraYMiF3ZT1pSsx43lFJHQtpH9dWGNABNOAbb8",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: errors.New("expected claims not validated: go-jose/go-jose/jwt: validation failed, invalid audience claim (aud)"),
 		},
 		{
 			name:  "it throws an error when it fails to validate the custom claims",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm: HS256,
 			customClaims: func() CustomClaims {
@@ -135,9 +135,9 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it successfully validates a token even if customClaims() returns nil",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm: HS256,
 			customClaims: func() CustomClaims {
@@ -154,9 +154,9 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it successfully validates a token with exp, nbf and iat",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo5NjY3OTM3Njg2fQ.FKZogkm08gTfYfPU6eYu7OHCjJKnKGLiC0IfoIOPEhs",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo5NjY3OTM3Njg2fQ.ivtod4R8ASSx29w2qCgE1M1I5EhW-ZpxYWoAd-qYrrw",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm: HS256,
 			expectedClaims: &ValidatedClaims{
@@ -172,36 +172,36 @@ func TestValidator_ValidateToken(t *testing.T) {
 		},
 		{
 			name:  "it throws an error when token is not valid yet",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6OTY2NjkzOTAwMCwiZXhwIjoxNjY3OTM3Njg2fQ.yUizJ-zK_33tv1qBVvDKO0RuCWtvJ02UQKs8gBadgGY",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6OTY2NjkzOTAwMCwiZXhwIjoxNjY3OTM3Njg2fQ.wO9bj2hweCg5rBqRFHGzqZ1E9pWH3RRfvOCwhMz1Je8",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrNotValidYet),
 		},
 		{
 			name:  "it throws an error when token is expired",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo2Njc5Mzc2ODZ9.SKvz82VOXRi_sjvZWIsPG9vSWAXKKgVS4DkGZcwFKL8",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo2Njc5Mzc2ODZ9.httCY_WC4yIiq1TRnOWxIEDcebNKv4rPvhFFoaMmEEQ",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrExpired),
 		},
 		{
 			name:  "it throws an error when token is issued in the future",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjkxNjY2OTM3Njg2LCJuYmYiOjE2NjY5MzkwMDAsImV4cCI6ODY2NzkzNzY4Nn0.ieFV7XNJxiJyw8ARq9yHw-01Oi02e3P2skZO10ypxL8",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjkxNjY2OTM3Njg2LCJuYmYiOjE2NjY5MzkwMDAsImV4cCI6ODY2NzkzNzY4Nn0.-XKXOAXFK8vdWA8qPVsTLEemQ_G-0um-UyIWVt_ngSg",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrIssuedInTheFuture),
 		},
 		{
 			name:  "it throws an error when token issuer is invalid",
-			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2hhY2tlZC1qd3QtbWlkZGxld2FyZS5ldS5hdXRoMC5jb20vIiwic3ViIjoiMTIzNDU2Nzg5MCIsImF1ZCI6WyJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLWFwaS8iXSwiaWF0Ijo5MTY2NjkzNzY4NiwibmJmIjoxNjY2OTM5MDAwLCJleHAiOjg2Njc5Mzc2ODZ9.b5gXNrUNfd_jyCWZF-6IPK_UFfvTr9wBQk9_QgRQ8rA",
+			token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2hhY2tlZC1qd3QtbWlkZGxld2FyZS5ldS5hdXRoMC5jb20vIiwic3ViIjoiMTIzNDU2Nzg5MCIsImF1ZCI6WyJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLWFwaS8iXSwiaWF0Ijo5MTY2NjkzNzY4NiwibmJmIjoxNjY2OTM5MDAwLCJleHAiOjg2Njc5Mzc2ODZ9.v1r03tuBF9Jv6OavAHIedCV8mW-9ardKS3WakweL70E",
 			keyFunc: func(context.Context) (interface{}, error) {
-				return []byte("secret"), nil
+				return []byte("your-256-bit-secret-is-just-enough"), nil
 			},
 			algorithm:     HS256,
 			expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrInvalidIssuer),
@@ -243,7 +243,7 @@ func TestNewValidator(t *testing.T) {
 	)
 
 	var keyFunc = func(context.Context) (interface{}, error) {
-		return []byte("secret"), nil
+		return []byte("your-256-bit-secret-is-just-enough"), nil
 	}
 
 	t.Run("it throws an error when the keyFunc is nil", func(t *testing.T) {