feat(crypto): HMAC signed session tokens
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestSessionRoundTrip(t *testing.T) {
|
||||
secret := []byte("s3cr3t")
|
||||
now := time.Unix(1_700_000_000, 0)
|
||||
tok := SignSession(secret, "admin", now.Add(time.Hour))
|
||||
user, ok := VerifySession(secret, tok, now)
|
||||
if !ok || user != "admin" {
|
||||
t.Fatalf("verify = %q,%v want admin,true", user, ok)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionRejectsExpired(t *testing.T) {
|
||||
secret := []byte("s3cr3t")
|
||||
now := time.Unix(1_700_000_000, 0)
|
||||
tok := SignSession(secret, "admin", now.Add(-time.Second))
|
||||
if _, ok := VerifySession(secret, tok, now); ok {
|
||||
t.Fatal("expired token must be rejected")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionRejectsTampered(t *testing.T) {
|
||||
secret := []byte("s3cr3t")
|
||||
now := time.Unix(1_700_000_000, 0)
|
||||
tok := SignSession(secret, "admin", now.Add(time.Hour))
|
||||
if _, ok := VerifySession([]byte("other"), tok, now); ok {
|
||||
t.Fatal("wrong secret must be rejected")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user