mirror of
https://tangled.org/evan.jarrett.net/at-container-registry
synced 2026-04-20 16:40:29 +00:00
78 lines
1.9 KiB
Go
78 lines
1.9 KiB
Go
package token
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"atcr.io/pkg/auth"
|
|
)
|
|
|
|
func TestNewClaims(t *testing.T) {
|
|
subject := "did:plc:user123"
|
|
issuer := "atcr.io"
|
|
audience := "registry"
|
|
expiration := 15 * time.Minute
|
|
access := []auth.AccessEntry{
|
|
{
|
|
Type: "repository",
|
|
Name: "alice/myapp",
|
|
Actions: []string{"pull", "push"},
|
|
},
|
|
}
|
|
|
|
claims := NewClaims(subject, issuer, audience, expiration, access, AuthMethodOAuth)
|
|
|
|
if claims.Subject != subject {
|
|
t.Errorf("Expected subject %q, got %q", subject, claims.Subject)
|
|
}
|
|
|
|
if claims.Issuer != issuer {
|
|
t.Errorf("Expected issuer %q, got %q", issuer, claims.Issuer)
|
|
}
|
|
|
|
if len(claims.Audience) != 1 || claims.Audience[0] != audience {
|
|
t.Errorf("Expected audience [%q], got %v", audience, claims.Audience)
|
|
}
|
|
|
|
if claims.IssuedAt == nil {
|
|
t.Error("Expected IssuedAt to be set")
|
|
}
|
|
|
|
if claims.NotBefore == nil {
|
|
t.Error("Expected NotBefore to be set")
|
|
}
|
|
|
|
if claims.ExpiresAt == nil {
|
|
t.Error("Expected ExpiresAt to be set")
|
|
}
|
|
|
|
// Check expiration is approximately correct (within 1 second)
|
|
expectedExpiry := time.Now().Add(expiration)
|
|
actualExpiry := claims.ExpiresAt.Time
|
|
diff := actualExpiry.Sub(expectedExpiry)
|
|
if diff < -time.Second || diff > time.Second {
|
|
t.Errorf("Expected expiry around %v, got %v (diff: %v)", expectedExpiry, actualExpiry, diff)
|
|
}
|
|
|
|
if len(claims.Access) != 1 {
|
|
t.Errorf("Expected 1 access entry, got %d", len(claims.Access))
|
|
}
|
|
|
|
if len(claims.Access) > 0 {
|
|
if claims.Access[0].Type != "repository" {
|
|
t.Errorf("Expected type %q, got %q", "repository", claims.Access[0].Type)
|
|
}
|
|
if claims.Access[0].Name != "alice/myapp" {
|
|
t.Errorf("Expected name %q, got %q", "alice/myapp", claims.Access[0].Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestNewClaims_EmptyAccess(t *testing.T) {
|
|
claims := NewClaims("did:plc:user123", "atcr.io", "registry", 15*time.Minute, nil, AuthMethodOAuth)
|
|
|
|
if claims.Access != nil {
|
|
t.Error("Expected Access to be nil when not provided")
|
|
}
|
|
}
|