Simplify tests

mw_jwt_test.go

@@ -514,11 +514,20 @@ func TestJWTSessionRSAWithRawSourceInvalidPolicyID(t *testing.T) {
 }
 
 func TestJWTSessionExpiresAtValidationConfigs(t *testing.T) {
-	const expiry = "exp"
-
 	ts := newTykTestServer()
 	defer ts.Close()
 
+	pID := createPolicy()
+	jwtAuthHeaderGen := func(scew time.Duration) map[string]string {
+		jwtToken := createJWKToken(func(t *jwt.Token) {
+			t.Claims.(jwt.MapClaims)["policy_id"] = pID
+			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
+			t.Claims.(jwt.MapClaims)["exp"] = time.Now().Add(scew).Unix()
+		})
+
+		return map[string]string{"authorization": jwtToken}
+	}
+
 	spec := buildAPI(func(spec *APISpec) {
 		spec.UseKeylessAccess = false
 		spec.EnableJWT = true
@@ -529,22 +538,14 @@ func TestJWTSessionExpiresAtValidationConfigs(t *testing.T) {
 		spec.Proxy.ListenPath = "/"
 	})[0]
 
-	pID := createPolicy()
-
 	// This test is successful by definition
 	t.Run("Expiry_After_now--Valid_jwt", func(t *testing.T) {
 		spec.JWTDisableExpiresAtValidation = false //Default value
 		spec.JWTExpiresAtValidationSkew = 0        //Default value
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[expiry] = time.Now().Add(+time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -553,14 +554,8 @@ func TestJWTSessionExpiresAtValidationConfigs(t *testing.T) {
 		spec.JWTExpiresAtValidationSkew = 0        //Default value
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[expiry] = time.Now().Add(-time.Second).Unix() //the jwt will be 1 second ahead
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers:   authHeaders,
+			Headers:   jwtAuthHeaderGen(-time.Second),
 			Code:      http.StatusUnauthorized,
 			BodyMatch: "Key not authorized: token has expired",
 		})
@@ -571,14 +566,8 @@ func TestJWTSessionExpiresAtValidationConfigs(t *testing.T) {
 		spec.JWTExpiresAtValidationSkew = 1000 // This value doesn't matter since validation is disabled
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[expiry] = time.Now().Add(-time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(-time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -587,24 +576,27 @@ func TestJWTSessionExpiresAtValidationConfigs(t *testing.T) {
 		spec.JWTExpiresAtValidationSkew = 1        //Default value
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[expiry] = time.Now().Add(-time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(-time.Second), Code: http.StatusOK,
 		})
 	})
 }
 
 func TestJWTSessionIssueAtValidationConfigs(t *testing.T) {
-	const issueAt = "iat"
-
 	ts := newTykTestServer()
 	defer ts.Close()
 
+	pID := createPolicy()
+	jwtAuthHeaderGen := func(scew time.Duration) map[string]string {
+		jwtToken := createJWKToken(func(t *jwt.Token) {
+			t.Claims.(jwt.MapClaims)["policy_id"] = pID
+			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
+			t.Claims.(jwt.MapClaims)["iat"] = time.Now().Add(scew).Unix()
+		})
+
+		return map[string]string{"authorization": jwtToken}
+	}
+
 	spec := buildAPI(func(spec *APISpec) {
 		spec.UseKeylessAccess = false
 		spec.EnableJWT = true
@@ -615,24 +607,15 @@ func TestJWTSessionIssueAtValidationConfigs(t *testing.T) {
 		spec.Proxy.ListenPath = "/"
 	})[0]
 
-	pID := createPolicy()
-
 	// This test is successful by definition
 	t.Run("IssuedAt_Before_now-no_skew--Valid_jwt", func(t *testing.T) {
 		spec.JWTDisableIssuedAtValidation = false
 		spec.JWTIssuedAtValidationSkew = 0
 
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[issueAt] = time.Now().Add(-time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(-time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -642,15 +625,8 @@ func TestJWTSessionIssueAtValidationConfigs(t *testing.T) {
 
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[issueAt] = time.Now().Add(+time.Minute).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-
-			Headers:   authHeaders,
+			Headers:   jwtAuthHeaderGen(+time.Minute),
 			Code:      http.StatusUnauthorized,
 			BodyMatch: "Key not authorized: token used before issued",
 		})
@@ -661,14 +637,8 @@ func TestJWTSessionIssueAtValidationConfigs(t *testing.T) {
 		spec.JWTIssuedAtValidationSkew = 1000 // This value doesn't matter since validation is disabled
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[issueAt] = time.Now().Add(+time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -678,25 +648,27 @@ func TestJWTSessionIssueAtValidationConfigs(t *testing.T) {
 
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[issueAt] = time.Now().Add(time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusOK,
 		})
 	})
 }
 
 func TestJWTSessionNotBeforeValidationConfigs(t *testing.T) {
-
-	const notBefore = "nbf"
-
 	ts := newTykTestServer()
 	defer ts.Close()
 
+	pID := createPolicy()
+	jwtAuthHeaderGen := func(scew time.Duration) map[string]string {
+		jwtToken := createJWKToken(func(t *jwt.Token) {
+			t.Claims.(jwt.MapClaims)["policy_id"] = pID
+			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
+			t.Claims.(jwt.MapClaims)["nbf"] = time.Now().Add(scew).Unix()
+		})
+
+		return map[string]string{"authorization": jwtToken}
+	}
+
 	spec := buildAPI(func(spec *APISpec) {
 		spec.UseKeylessAccess = false
 		spec.EnableJWT = true
@@ -707,23 +679,14 @@ func TestJWTSessionNotBeforeValidationConfigs(t *testing.T) {
 		spec.Proxy.ListenPath = "/"
 	})[0]
 
-	pID := createPolicy()
-
 	// This test is successful by definition
 	t.Run("NotBefore_Before_now-Valid_jwt", func(t *testing.T) {
 		spec.JWTDisableNotBeforeValidation = false
 		spec.JWTNotBeforeValidationSkew = 0
-
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[notBefore] = time.Now().Add(-time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(-time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -735,14 +698,8 @@ func TestJWTSessionNotBeforeValidationConfigs(t *testing.T) {
 
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[notBefore] = time.Now().Add(+time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusUnauthorized, BodyMatch: "Key not authorized: token is not valid yet",
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusUnauthorized, BodyMatch: "Key not authorized: token is not valid yet",
 		})
 	})
 
@@ -751,14 +708,8 @@ func TestJWTSessionNotBeforeValidationConfigs(t *testing.T) {
 		spec.JWTNotBeforeValidationSkew = 1000 // This value doesn't matter since validation is disabled
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[notBefore] = time.Now().Add(+time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusOK,
 		})
 	})
 
@@ -768,14 +719,8 @@ func TestJWTSessionNotBeforeValidationConfigs(t *testing.T) {
 
 		loadAPI(spec)
 
-		jwtToken := createJWKToken(func(t *jwt.Token) {
-			t.Claims.(jwt.MapClaims)["policy_id"] = pID
-			t.Claims.(jwt.MapClaims)["user_id"] = "user123"
-			t.Claims.(jwt.MapClaims)[notBefore] = time.Now().Add(+time.Second).Unix()
-		})
-		authHeaders := map[string]string{"authorization": jwtToken}
 		ts.Run(t, test.TestCase{
-			Headers: authHeaders, Code: http.StatusOK,
+			Headers: jwtAuthHeaderGen(+time.Second), Code: http.StatusOK,
 		})
 	})
 }