auth/pkce_test.go

package auth

import (
	"testing"
)

func TestVerifyPKCE_Plain(t *testing.T) {
	verifier := "test-verifier-12345"
	challenge := "test-verifier-12345"

	if !VerifyPKCE(verifier, challenge, PKCEMethodPlain) {
		t.Error("expected plain PKCE verification to succeed")
	}

	if VerifyPKCE("wrong-verifier", challenge, PKCEMethodPlain) {
		t.Error("expected plain PKCE verification to fail with wrong verifier")
	}
}

func TestVerifyPKCE_S256(t *testing.T) {
	// Test vector from RFC 7636
	verifier := "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
	challenge := ComputeS256Challenge(verifier)

	if !VerifyPKCE(verifier, challenge, PKCEMethodS256) {
		t.Error("expected S256 PKCE verification to succeed")
	}

	if VerifyPKCE("wrong-verifier", challenge, PKCEMethodS256) {
		t.Error("expected S256 PKCE verification to fail with wrong verifier")
	}
}

func TestVerifyPKCE_EmptyValues(t *testing.T) {
	if VerifyPKCE("", "challenge", PKCEMethodS256) {
		t.Error("expected PKCE verification to fail with empty verifier")
	}

	if VerifyPKCE("verifier", "", PKCEMethodS256) {
		t.Error("expected PKCE verification to fail with empty challenge")
	}
}

func TestVerifyPKCE_DefaultMethod(t *testing.T) {
	verifier := "test-verifier"
	challenge := "test-verifier"

	// Empty method should default to plain
	if !VerifyPKCE(verifier, challenge, "") {
		t.Error("expected PKCE verification with empty method to use plain")
	}
}

func TestComputeS256Challenge(t *testing.T) {
	// Known test case
	verifier := "abc123"
	challenge := ComputeS256Challenge(verifier)

	// Challenge should be base64url encoded without padding
	if challenge == "" {
		t.Error("expected non-empty challenge")
	}

	// Should not contain padding
	if len(challenge) > 0 && challenge[len(challenge)-1] == '=' {
		t.Error("challenge should not have padding")
	}

	// Same verifier should produce same challenge
	challenge2 := ComputeS256Challenge(verifier)
	if challenge != challenge2 {
		t.Error("same verifier should produce same challenge")
	}
}
feat: migrate auth0mock from Node.js to Go Refactor the application to a Go-based architecture for improved performance and maintainability. Replace the Dockerfile to utilize a multi-stage build process, enhancing image efficiency. Implement comprehensive session store tests to ensure reliability and create new OAuth handlers for managing authentication efficiently. Update documentation to reflect these structural changes. 2025-12-29 16:30:37 +01:00			`package auth`

			`import (`
			`"testing"`
			`)`

			`func TestVerifyPKCE_Plain(t *testing.T) {`
			`verifier := "test-verifier-12345"`
			`challenge := "test-verifier-12345"`

			`if !VerifyPKCE(verifier, challenge, PKCEMethodPlain) {`
			`t.Error("expected plain PKCE verification to succeed")`
			`}`

			`if VerifyPKCE("wrong-verifier", challenge, PKCEMethodPlain) {`
			`t.Error("expected plain PKCE verification to fail with wrong verifier")`
			`}`
			`}`

			`func TestVerifyPKCE_S256(t *testing.T) {`
			`// Test vector from RFC 7636`
			`verifier := "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"`
			`challenge := ComputeS256Challenge(verifier)`

			`if !VerifyPKCE(verifier, challenge, PKCEMethodS256) {`
			`t.Error("expected S256 PKCE verification to succeed")`
			`}`

			`if VerifyPKCE("wrong-verifier", challenge, PKCEMethodS256) {`
			`t.Error("expected S256 PKCE verification to fail with wrong verifier")`
			`}`
			`}`

			`func TestVerifyPKCE_EmptyValues(t *testing.T) {`
			`if VerifyPKCE("", "challenge", PKCEMethodS256) {`
			`t.Error("expected PKCE verification to fail with empty verifier")`
			`}`

			`if VerifyPKCE("verifier", "", PKCEMethodS256) {`
			`t.Error("expected PKCE verification to fail with empty challenge")`
			`}`
			`}`

			`func TestVerifyPKCE_DefaultMethod(t *testing.T) {`
			`verifier := "test-verifier"`
			`challenge := "test-verifier"`

			`// Empty method should default to plain`
			`if !VerifyPKCE(verifier, challenge, "") {`
			`t.Error("expected PKCE verification with empty method to use plain")`
			`}`
			`}`

			`func TestComputeS256Challenge(t *testing.T) {`
			`// Known test case`
			`verifier := "abc123"`
			`challenge := ComputeS256Challenge(verifier)`

			`// Challenge should be base64url encoded without padding`
			`if challenge == "" {`
			`t.Error("expected non-empty challenge")`
			`}`

			`// Should not contain padding`
			`if len(challenge) > 0 && challenge[len(challenge)-1] == '=' {`
			`t.Error("challenge should not have padding")`
			`}`

			`// Same verifier should produce same challenge`
			`challenge2 := ComputeS256Challenge(verifier)`
			`if challenge != challenge2 {`
			`t.Error("same verifier should produce same challenge")`
			`}`
			`}`