argoyle
9992fb4ef1
Refactor the application to a Go-based architecture for improved performance and maintainability. Replace the Dockerfile to utilize a multi-stage build process, enhancing image efficiency. Implement comprehensive session store tests to ensure reliability and create new OAuth handlers for managing authentication efficiently. Update documentation to reflect these structural changes.
75 lines
2.0 KiB
Go
75 lines
2.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestVerifyPKCE_Plain(t *testing.T) {
|
|
verifier := "test-verifier-12345"
|
|
challenge := "test-verifier-12345"
|
|
|
|
if !VerifyPKCE(verifier, challenge, PKCEMethodPlain) {
|
|
t.Error("expected plain PKCE verification to succeed")
|
|
}
|
|
|
|
if VerifyPKCE("wrong-verifier", challenge, PKCEMethodPlain) {
|
|
t.Error("expected plain PKCE verification to fail with wrong verifier")
|
|
}
|
|
}
|
|
|
|
func TestVerifyPKCE_S256(t *testing.T) {
|
|
// Test vector from RFC 7636
|
|
verifier := "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
|
|
challenge := ComputeS256Challenge(verifier)
|
|
|
|
if !VerifyPKCE(verifier, challenge, PKCEMethodS256) {
|
|
t.Error("expected S256 PKCE verification to succeed")
|
|
}
|
|
|
|
if VerifyPKCE("wrong-verifier", challenge, PKCEMethodS256) {
|
|
t.Error("expected S256 PKCE verification to fail with wrong verifier")
|
|
}
|
|
}
|
|
|
|
func TestVerifyPKCE_EmptyValues(t *testing.T) {
|
|
if VerifyPKCE("", "challenge", PKCEMethodS256) {
|
|
t.Error("expected PKCE verification to fail with empty verifier")
|
|
}
|
|
|
|
if VerifyPKCE("verifier", "", PKCEMethodS256) {
|
|
t.Error("expected PKCE verification to fail with empty challenge")
|
|
}
|
|
}
|
|
|
|
func TestVerifyPKCE_DefaultMethod(t *testing.T) {
|
|
verifier := "test-verifier"
|
|
challenge := "test-verifier"
|
|
|
|
// Empty method should default to plain
|
|
if !VerifyPKCE(verifier, challenge, "") {
|
|
t.Error("expected PKCE verification with empty method to use plain")
|
|
}
|
|
}
|
|
|
|
func TestComputeS256Challenge(t *testing.T) {
|
|
// Known test case
|
|
verifier := "abc123"
|
|
challenge := ComputeS256Challenge(verifier)
|
|
|
|
// Challenge should be base64url encoded without padding
|
|
if challenge == "" {
|
|
t.Error("expected non-empty challenge")
|
|
}
|
|
|
|
// Should not contain padding
|
|
if len(challenge) > 0 && challenge[len(challenge)-1] == '=' {
|
|
t.Error("challenge should not have padding")
|
|
}
|
|
|
|
// Same verifier should produce same challenge
|
|
challenge2 := ComputeS256Challenge(verifier)
|
|
if challenge != challenge2 {
|
|
t.Error("same verifier should produce same challenge")
|
|
}
|
|
}
|