| 280 | } |
| 281 | |
| 282 | func Test_FromRequest(t *testing.T) { |
| 283 | t.Parallel() |
| 284 | |
| 285 | t.Run("MultipleTokens", func(t *testing.T) { |
| 286 | t.Parallel() |
| 287 | r := httptest.NewRequest("GET", "/", nil) |
| 288 | |
| 289 | // Add an invalid token |
| 290 | r.AddCookie(&http.Cookie{ |
| 291 | Name: codersdk.SignedAppTokenCookie, |
| 292 | Value: "invalid", |
| 293 | }) |
| 294 | |
| 295 | ctx := testutil.Context(t, testutil.WaitShort) |
| 296 | signer := newSigner(t) |
| 297 | |
| 298 | token := workspaceapps.SignedToken{ |
| 299 | RegisteredClaims: jwtutils.RegisteredClaims{ |
| 300 | Expiry: jwt.NewNumericDate(time.Now().Add(time.Hour)), |
| 301 | }, |
| 302 | Request: workspaceapps.Request{ |
| 303 | AccessMethod: workspaceapps.AccessMethodSubdomain, |
| 304 | BasePath: "/", |
| 305 | UsernameOrID: "user", |
| 306 | WorkspaceAndAgent: "workspace/agent", |
| 307 | WorkspaceNameOrID: "workspace", |
| 308 | AgentNameOrID: "agent", |
| 309 | AppSlugOrPort: "app", |
| 310 | }, |
| 311 | UserID: uuid.New(), |
| 312 | WorkspaceID: uuid.New(), |
| 313 | AgentID: uuid.New(), |
| 314 | AppURL: "/", |
| 315 | } |
| 316 | |
| 317 | // Add an expired cookie |
| 318 | expired := token |
| 319 | expired.RegisteredClaims.Expiry = jwt.NewNumericDate(time.Now().Add(time.Hour * -1)) |
| 320 | expiredStr, err := jwtutils.Sign(ctx, signer, expired) |
| 321 | require.NoError(t, err) |
| 322 | r.AddCookie(&http.Cookie{ |
| 323 | Name: codersdk.SignedAppTokenCookie, |
| 324 | Value: expiredStr, |
| 325 | }) |
| 326 | |
| 327 | validStr, err := jwtutils.Sign(ctx, signer, token) |
| 328 | require.NoError(t, err) |
| 329 | |
| 330 | r.AddCookie(&http.Cookie{ |
| 331 | Name: codersdk.SignedAppTokenCookie, |
| 332 | Value: validStr, |
| 333 | }) |
| 334 | |
| 335 | signed, ok := workspaceapps.FromRequest(r, signer) |
| 336 | require.True(t, ok, "expected a token to be found") |
| 337 | // Confirm it is the correct token. |
| 338 | require.Equal(t, signed.UserID, token.UserID) |
| 339 | }) |