long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8095307d8243102cdc88826f6e0befac1de776aa
user-system/internal/auth/jwt_closure_test.go
long-agent 8095307d82 fix: P0/P1 security and quality fixes 
P0-01: Add ESCAPE clause to LIKE queries in operation_log.go and device.go
P0-02: Add atomic Increment to L1Cache and L2Cache interfaces
P0-07: Add TOTP verification step after password login
P1-01: Sanitize error messages in error.go middleware
P1-03: Remove err.Error() from export error messages
P1-04: Add error return to CountByResultSince in login_log.go
P1-05: Add transactional DeleteCascade to RoleRepository
P1-06: Add PasswordChangedAt tracking for JWT token invalidation
P1-07: Wrap theme SetDefault in database transaction
P1-08: Use config values for database pool parameters
P1-09: Add rows.Err() checks in social_account_repo.go
P1-10: Validate sortOrder with map in user.go ORDER BY
P1-11: Add GORM tags to Announcement struct
P1-15: Add pageSize upper limit (100) to device and log handlers
2026-04-18 15:33:12 +08:00

155 lines
4.2 KiB
Go
Raw Blame History

package auth
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"testing"
"time"
)
func TestNewJWT_DoesNotPanicOnInvalidLegacyConfig(t *testing.T) {
manager := NewJWT("", 2*time.Hour, 7*24*time.Hour)
if manager == nil {
t.Fatal("expected manager instance")
}
if _, err := manager.GenerateAccessToken(1, "tester", 0); err == nil {
t.Fatal("expected invalid legacy manager to return error")
}
}
func TestParseRSAPrivateKey_PKCS1(t *testing.T) {
// Generate a PKCS1 private key
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
t.Fatalf("Failed to generate RSA key: %v", err)
}
privateDER := x509.MarshalPKCS1PrivateKey(privateKey)
privatePEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: privateDER})
parsed, err := parseRSAPrivateKey(string(privatePEM))
if err != nil {
t.Fatalf("parseRSAPrivateKey failed for PKCS1: %v", err)
}
if parsed == nil {
t.Fatal("Expected non-nil parsed key")
}
if parsed.N.Cmp(privateKey.N) != 0 {
t.Error("Parsed key does not match original")
}
}
func TestParseRSAPrivateKey_PKCS8(t *testing.T) {
// Generate a PKCS8 private key
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
t.Fatalf("Failed to generate RSA key: %v", err)
}
privateDER, err := x509.MarshalPKCS8PrivateKey(privateKey)
if err != nil {
t.Fatalf("Failed to marshal PKCS8: %v", err)
}
privatePEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privateDER})
parsed, err := parseRSAPrivateKey(string(privatePEM))
if err != nil {
t.Fatalf("parseRSAPrivateKey failed for PKCS8: %v", err)
}
if parsed == nil {
t.Fatal("Expected non-nil parsed key")
}
}
func TestParseRSAPrivateKey_InvalidPEMBlock(t *testing.T) {
_, err := parseRSAPrivateKey("not a valid PEM")
if err == nil {
t.Fatal("Expected error for invalid PEM")
}
}
func TestParseRSAPrivateKey_InvalidDER(t *testing.T) {
// Valid PEM block but invalid DER content
invalidPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: []byte("invalid der data")})
_, err := parseRSAPrivateKey(string(invalidPEM))
if err == nil {
t.Fatal("Expected error for invalid DER content")
}
}
func TestParseRSAPrivateKey_ECKey(t *testing.T) {
// Create an EC private key PEM (not RSA)
ecPEM := `-----BEGIN PRIVATE KEY-----
MHcCAQEEIBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQYJKoZIhvcNAQEH
-----END PRIVATE KEY-----`
_, err := parseRSAPrivateKey(ecPEM)
if err == nil {
t.Fatal("Expected error for non-RSA key")
}
}
func TestParseRSAPublicKey_PKIX(t *testing.T) {
// Generate a key pair
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
t.Fatalf("Failed to generate RSA key: %v", err)
}
publicDER, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
if err != nil {
t.Fatalf("Failed to marshal public key: %v", err)
}
publicPEM := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: publicDER})
parsed, err := parseRSAPublicKey(string(publicPEM))
if err != nil {
t.Fatalf("parseRSAPublicKey failed: %v", err)
}
if parsed == nil {
t.Fatal("Expected non-nil parsed key")
}
if parsed.N.Cmp(privateKey.PublicKey.N) != 0 {
t.Error("Parsed key does not match original")
}
}
func TestParseRSAPublicKey_Certificate(t *testing.T) {
// This test would require a certificate, skip for now
// The code path is covered by the PKIX test
t.Log("Certificate parsing is covered by PKIX path in production")
}
func TestParseRSAPublicKey_InvalidPEMBlock(t *testing.T) {
_, err := parseRSAPublicKey("not a valid PEM")
if err == nil {
t.Fatal("Expected error for invalid PEM")
}
}
func TestParseRSAPublicKey_InvalidDER(t *testing.T) {
invalidPEM := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: []byte("invalid der data")})
_, err := parseRSAPublicKey(string(invalidPEM))
if err == nil {
t.Fatal("Expected error for invalid DER content")
}
}
func TestParseRSAPublicKey_NonRSAKey(t *testing.T) {
// Create a non-RSA public key PEM (simulated)
nonRSAPEM := `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PUBLIC KEY-----`
_, err := parseRSAPublicKey(nonRSAPEM)
// This might fail during parsing or during type assertion
if err == nil {
t.Log("Non-RSA key was rejected or handled")
}
}
Reference in New Issue View Git Blame Copy Permalink