(t *testing.T)
| 1245 | } |
| 1246 | |
| 1247 | func TestExpiredAuthentication(t *testing.T) { |
| 1248 | // The goal of these tests was to check how a client with an expiring JWT |
| 1249 | // behaves. It should receive an async -ERR indicating that the auth |
| 1250 | // has expired, which will trigger reconnects. There, the lib should |
| 1251 | // received -ERR for auth violation in response to the CONNECT (instead |
| 1252 | // of the PONG). The library should close the connection after receiving |
| 1253 | // twice the same auth error. |
| 1254 | // If we use an actual JWT that expires, the way the JWT library expires |
| 1255 | // a JWT cause the server to send the async -ERR first but then accepts |
| 1256 | // the CONNECT (since JWT lib does not say that it has expired), but |
| 1257 | // when the server sets up the expire callback, that callback fires right |
| 1258 | // away and so client receives async -ERR again. |
| 1259 | // So for a deterministic test, we won't use an actual NATS Server. |
| 1260 | // Instead, we will use a mock that simply returns appropriate -ERR and |
| 1261 | // ensure the client behaves as expected. |
| 1262 | for _, test := range []struct { |
| 1263 | name string |
| 1264 | expectedProto string |
| 1265 | expectedErr error |
| 1266 | ignoreAbort bool |
| 1267 | }{ |
| 1268 | {"expired users credentials", AUTHENTICATION_EXPIRED_ERR, ErrAuthExpired, false}, |
| 1269 | {"revoked users credentials", AUTHENTICATION_REVOKED_ERR, ErrAuthRevoked, false}, |
| 1270 | {"expired account", ACCOUNT_AUTHENTICATION_EXPIRED_ERR, ErrAccountAuthExpired, false}, |
| 1271 | {"expired users credentials", AUTHENTICATION_EXPIRED_ERR, ErrAuthExpired, true}, |
| 1272 | {"revoked users credentials", AUTHENTICATION_REVOKED_ERR, ErrAuthRevoked, true}, |
| 1273 | {"expired account", ACCOUNT_AUTHENTICATION_EXPIRED_ERR, ErrAccountAuthExpired, true}, |
| 1274 | } { |
| 1275 | t.Run(test.name, func(t *testing.T) { |
| 1276 | l, e := net.Listen("tcp", "127.0.0.1:0") |
| 1277 | if e != nil { |
| 1278 | t.Fatal("Could not listen on an ephemeral port") |
| 1279 | } |
| 1280 | tl := l.(*net.TCPListener) |
| 1281 | defer tl.Close() |
| 1282 | |
| 1283 | addr := tl.Addr().(*net.TCPAddr) |
| 1284 | |
| 1285 | wg := sync.WaitGroup{} |
| 1286 | wg.Add(1) |
| 1287 | |
| 1288 | go func() { |
| 1289 | defer wg.Done() |
| 1290 | connect := 0 |
| 1291 | for { |
| 1292 | conn, err := l.Accept() |
| 1293 | if err != nil { |
| 1294 | return |
| 1295 | } |
| 1296 | defer conn.Close() |
| 1297 | |
| 1298 | info := "INFO {\"server_id\":\"foobar\",\"nonce\":\"anonce\"}\r\n" |
| 1299 | conn.Write([]byte(info)) |
| 1300 | |
| 1301 | // Read connect and ping commands sent from the client |
| 1302 | br := bufio.NewReaderSize(conn, 10*1024) |
| 1303 | br.ReadLine() |
| 1304 | br.ReadLine() |
nothing calls this directly
no test coverage detected