/
signing_test.go
119 lines (76 loc) · 6.57 KB
/
signing_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package signature
import (
"fmt"
"github.com/stretchr/testify/assert"
"log"
"testing"
)
func TestGetSignature(t *testing.T) {
var signed string
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "body", "ABC123-private")
assert.Equal(t, "0bd60ce074a9a3ecda66a438f04a6cf779ab60d3", signed)
signed, _ = GetSignature("get", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "body", "ABC123-private")
assert.Equal(t, "0bd60ce074a9a3ecda66a438f04a6cf779ab60d3", signed, "Lower case method shouldn't affect GetSignature")
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "body", "DIFFERENT-PRIVATE")
assert.Equal(t, "be7348dd329e0791b3c082a9044e55bc16779587", signed)
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?:name=!Laurie&~key=ABC123&:age=>20&:name=!Mat", "body", "DIFFERENT-PRIVATE")
assert.Equal(t, "be7348dd329e0791b3c082a9044e55bc16779587", signed, "Different order of args shouldn't matter")
}
func TestGetSignedURL(t *testing.T) {
var signed string
signed, _ = GetSignedURL("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "body", "ABC123-private")
assert.Equal(t, "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=0bd60ce074a9a3ecda66a438f04a6cf779ab60d3", signed)
signed, _ = GetSignedURL("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "body", "DIFFERENT-PRIVATE")
assert.Equal(t, "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=be7348dd329e0791b3c082a9044e55bc16779587", signed)
}
func TestValidateSignature(t *testing.T) {
var valid bool
signed, _ := GetSignature("GET", "http://test.stretchr.com/api/v1?key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("GET", fmt.Sprintf("http://test.stretchr.com/api/v1?key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "1")
valid, _ = ValidateSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&~sign=qJWro1ZxLeToLjNr5Znfi2ZbD+o=", "ABC123", "ABC123-private-wrong")
assert.Equal(t, false, valid, "2")
signed, _ = GetSignature("get", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("GET", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "3")
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("get", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "4")
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:text=/test+plus", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("get", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:text=/test+plus&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "5")
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:text=/test%2bplus", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("get", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:text=/test%%2bplus&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "6")
valid, _ = ValidateSignature("get", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&", "ABC123", "ABC123-private")
assert.Equal(t, false, valid, "7")
}
func TestValidateSignature_NoTilde(t *testing.T) {
var valid bool
signed, _ := GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("GET", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "1")
valid, _ = ValidateSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=qJWro1ZxLeToLjNr5Znfi2ZbD+o=", "ABC123", "ABC123-private-wrong")
assert.Equal(t, false, valid, "2")
signed, _ = GetSignature("get", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("GET", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "3")
signed, _ = GetSignature("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "ABC123", "ABC123-private")
valid, _ = ValidateSignature("get", fmt.Sprintf("http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=%s", signed), "ABC123", "ABC123-private")
assert.Equal(t, true, valid, "4")
valid, _ = ValidateSignature("get", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&", "ABC123", "ABC123-private")
assert.Equal(t, false, valid, "5")
}
func TestNoBodyHashWhenNoBody(t *testing.T) {
signed, _ := GetSignedURL("GET", "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20", "", "ABC123-private")
assert.Equal(t, "http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&sign=0e1e85ebdf8c4bcebdfc9033b6590c6c4a13a78f", signed)
}
func TestSigning_BodyInURL(t *testing.T) {
valid, _ := ValidateSignature("GET", `http://test.stretchr.com/api/v1?~key=ABC123&:name=!Mat&:name=!Laurie&:age=>20&~body={"question":"Is this OK & working?"}&sign=a1f72a10e882ac64236c43dca381981c77aa8a48`, "", "ABC123-Private")
assert.Equal(t, true, valid, "1")
s, _ := GetSignature("GET", `http://test.stretchr.com/api/v2/test?always200=1&body=%7B%22question%22%3A%22Is%20this%20OK%20%26%20working%3F%22%7D&callback=Stretchr.callback&context=1&key=ABC123&method=POST`, "", "PRIVATE")
log.Printf(s)
// The tests below represent real requests via JSONP
valid, _ = ValidateSignature("GET", `http://test.stretchr.com/api/v2/test?always200=1&body=%7B%22question%22%3A%22Is%20this%20OK%20%26%20working%3F%22%7D&callback=Stretchr.callback&context=1&key=ABC123&method=POST&sign=6078d0be451bb783d31addb85db654a7759a8792`, "", "PRIVATE")
assert.Equal(t, true, valid, "2")
}