djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more assertion to token_handler_test.go for token exchange exp claim

Browse Source
This commit is contained in:
Ryan Richard 2022-12-13 17:03:19 -08:00
parent e1a0367b03
commit 85b67f254c
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/oidc/token/token_handler_test.go
View File

@ -1433,6 +1433,7 @@ func TestTokenEndpointTokenExchange(t *testing.T) { // tests for grant_type "urn
// at and expires at dates which are newer than the old tokens. // at and expires at dates which are newer than the old tokens.
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
approxRequestTime := time.Now()
subject.ServeHTTP(rsp, req) subject.ServeHTTP(rsp, req)
t.Logf("response: %#v", rsp) t.Logf("response: %#v", rsp)
t.Logf("response body: %q", rsp.Body.String()) t.Logf("response body: %q", rsp.Body.String())
@ -1518,6 +1519,16 @@ func TestTokenEndpointTokenExchange(t *testing.T) { // tests for grant_type "urn
requireClaimsAreNotEqual(t, "iat", claimsOfFirstIDToken, tokenClaims) // issued at requireClaimsAreNotEqual(t, "iat", claimsOfFirstIDToken, tokenClaims) // issued at
require.Greater(t, tokenClaims["iat"], claimsOfFirstIDToken["iat"]) require.Greater(t, tokenClaims["iat"], claimsOfFirstIDToken["iat"])
// Assert that the timestamps in the token are approximately as expected.
expiresAtAsFloat, ok := tokenClaims["exp"].(float64)
require.True(t, ok, "expected exp claim to be a float64")
expiresAt := time.Unix(int64(expiresAtAsFloat), 0)
testutil.RequireTimeInDelta(t, approxRequestTime.UTC().Add(idTokenExpirationSeconds*time.Second), expiresAt, timeComparisonFudge)
issuedAtAsFloat, ok := tokenClaims["iat"].(float64)
require.True(t, ok, "expected iat claim to be a float64")
issuedAt := time.Unix(int64(issuedAtAsFloat), 0)
testutil.RequireTimeInDelta(t, approxRequestTime.UTC(), issuedAt, timeComparisonFudge)
// Assert that nothing in storage has been modified. // Assert that nothing in storage has been modified.
newSecrets, err := secrets.List(context.Background(), metav1.ListOptions{}) newSecrets, err := secrets.List(context.Background(), metav1.ListOptions{})
require.NoError(t, err) require.NoError(t, err)