This commit is contained in:
@@ -25,8 +25,8 @@ describe ('authority', () => {
|
||||
.uninstall ();
|
||||
});
|
||||
|
||||
it ('should create an access token', () => {
|
||||
const token = auth.sign ('access_token', 60);
|
||||
it ('should create an access token', async () => {
|
||||
const token = await auth.sign ('access_token', 60);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
const res = auth.verify (token.signature);
|
||||
@@ -44,8 +44,8 @@ describe ('authority', () => {
|
||||
.toBeUndefined ();
|
||||
});
|
||||
|
||||
it ('should create a refresh token', () => {
|
||||
const token = auth.sign ('refresh_token', 600);
|
||||
it ('should create a refresh token', async () => {
|
||||
const token = await auth.sign ('refresh_token', 600);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
const res = auth.verify (token.signature);
|
||||
@@ -63,8 +63,8 @@ describe ('authority', () => {
|
||||
.toBeUndefined ();
|
||||
});
|
||||
|
||||
it ('should create a part token', () => {
|
||||
const token = auth.sign ('part_token', 60, { next_module: '2fa' });
|
||||
it ('should create a part token', async () => {
|
||||
const token = await auth.sign ('part_token', 60, { next_module: '2fa' });
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
const res = auth.verify (token.signature);
|
||||
@@ -82,8 +82,8 @@ describe ('authority', () => {
|
||||
.toBeUndefined ();
|
||||
});
|
||||
|
||||
it ('should reject an invalid access token', () => {
|
||||
const token = auth.sign ('access_token', 60);
|
||||
it ('should reject an invalid access token', async () => {
|
||||
const token = await auth.sign ('access_token', 60);
|
||||
token.signature = modify_signature (token.signature);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
@@ -102,8 +102,8 @@ describe ('authority', () => {
|
||||
.toEqual ('invalid signature');
|
||||
});
|
||||
|
||||
it ('should reject blacklisted access token', () => {
|
||||
const token = auth.sign ('access_token', 60);
|
||||
it ('should reject blacklisted access token', async () => {
|
||||
const token = await auth.sign ('access_token', 60);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
bl.add_signature (token.id);
|
||||
@@ -122,8 +122,8 @@ describe ('authority', () => {
|
||||
.toEqual ('blacklisted');
|
||||
});
|
||||
|
||||
it ('should reject an invalid refresh token', () => {
|
||||
const token = auth.sign ('refresh_token', 600);
|
||||
it ('should reject an invalid refresh token', async () => {
|
||||
const token = await auth.sign ('refresh_token', 600);
|
||||
token.signature = modify_signature (token.signature);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
@@ -142,8 +142,8 @@ describe ('authority', () => {
|
||||
.toEqual ('invalid signature');
|
||||
});
|
||||
|
||||
it ('should reject a blacklisted refresh token', () => {
|
||||
const token = auth.sign ('refresh_token', 600);
|
||||
it ('should reject a blacklisted refresh token', async () => {
|
||||
const token = await auth.sign ('refresh_token', 600);
|
||||
jasmine.clock ()
|
||||
.tick (30000);
|
||||
bl.add_signature (token.id);
|
||||
|
||||
@@ -57,7 +57,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should allow a valid access token', async () => {
|
||||
const token = authority.sign ('access_token', 60);
|
||||
const token = await authority.sign ('access_token', 60);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (200);
|
||||
@@ -66,7 +66,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should allow a valid access token using cookies', async () => {
|
||||
const token = authority.sign ('access_token', 60);
|
||||
const token = await authority.sign ('access_token', 60);
|
||||
const resp = await get ({ cookie: `cookie_jar=${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (200);
|
||||
@@ -75,7 +75,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should correctly deliver token data', async () => {
|
||||
const token = authority.sign ('access_token', 60, { data: 'foobar' });
|
||||
const token = await authority.sign ('access_token', 60, { data: 'foobar' });
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (200);
|
||||
@@ -87,7 +87,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should reject an outdated access token', async () => {
|
||||
const token = authority.sign ('access_token', 60);
|
||||
const token = await authority.sign ('access_token', 60);
|
||||
jasmine.clock ()
|
||||
.tick (70000);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
@@ -98,7 +98,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should reject a blacklisted access token', async () => {
|
||||
const token = authority.sign ('access_token', 60);
|
||||
const token = await authority.sign ('access_token', 60);
|
||||
blacklist.add_signature (token.id);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
@@ -108,7 +108,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should reject any refresh_token', async () => {
|
||||
const token = authority.sign ('refresh_token', 60);
|
||||
const token = await authority.sign ('refresh_token', 60);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (302);
|
||||
@@ -117,7 +117,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should reject any part_token', async () => {
|
||||
const token = authority.sign ('part_token', 60);
|
||||
const token = await authority.sign ('part_token', 60);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (302);
|
||||
@@ -126,7 +126,7 @@ describe ('gateway', () => {
|
||||
});
|
||||
|
||||
it ('should reject any noname token', async () => {
|
||||
const token = authority.sign ('none', 60);
|
||||
const token = await authority.sign ('none', 60);
|
||||
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (302);
|
||||
|
||||
@@ -20,54 +20,66 @@ describe ('key store', () => {
|
||||
.mockDate (base_date);
|
||||
});
|
||||
|
||||
const keys: {key:string, iat:number}[] = [];
|
||||
const keys: {key:string, sign:string, iat:number}[] = [];
|
||||
|
||||
it ('should generate a new key', () => {
|
||||
it ('should generate a new key', async () => {
|
||||
const iat = (new Date)
|
||||
.getTime () / 1000;
|
||||
const duration = 10 * frame;
|
||||
const key = ks.get_key (iat, duration);
|
||||
const key = await ks.get_sign_key (iat, duration);
|
||||
const sign = ks.get_key (iat);
|
||||
expect (typeof key)
|
||||
.toEqual ('string');
|
||||
expect (key.length)
|
||||
.toEqual (64);
|
||||
keys.push ({ iat, key });
|
||||
expect (typeof sign)
|
||||
.toEqual ('string');
|
||||
keys.push ({ iat, key, sign });
|
||||
});
|
||||
|
||||
it ('should return the generated key', () => {
|
||||
const key = ks.get_key (keys[0].iat);
|
||||
it ('should return the generated key', async () => {
|
||||
const key = await ks.get_sign_key (keys[0].iat, 1);
|
||||
expect (key)
|
||||
.toEqual (keys[0].key);
|
||||
const sign = ks.get_key (keys[0].iat);
|
||||
expect (sign)
|
||||
.toEqual (keys[0].sign);
|
||||
});
|
||||
|
||||
it ('should return the same key on a different time', () => {
|
||||
const key = ks.get_key (keys[0].iat + (frame / 2));
|
||||
it ('should return the same key on a different time', async () => {
|
||||
const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1);
|
||||
expect (key)
|
||||
.toEqual (keys[0].key);
|
||||
const sign = ks.get_key (keys[0].iat + (frame / 2));
|
||||
expect (sign)
|
||||
.toEqual (keys[0].sign);
|
||||
});
|
||||
|
||||
it ('should generate a new key after time frame is over', () => {
|
||||
it ('should generate a new key after time frame is over', async () => {
|
||||
jasmine.clock ()
|
||||
.tick (frame * 1000);
|
||||
const iat = (new Date)
|
||||
.getTime () / 1000;
|
||||
const duration = 10 * frame;
|
||||
const key = ks.get_key (iat, duration);
|
||||
const key = await ks.get_sign_key (iat, duration);
|
||||
const sign = ks.get_key (iat);
|
||||
expect (typeof key)
|
||||
.toEqual ('string');
|
||||
expect (key.length)
|
||||
.toEqual (64);
|
||||
expect (key).not.toEqual (keys[0].key);
|
||||
keys.push ({ iat, key });
|
||||
expect (sign).not.toEqual (keys[0].sign);
|
||||
keys.push ({ iat, key, sign });
|
||||
});
|
||||
|
||||
it ('should return both keys', () => {
|
||||
const key = ks.get_key (keys[0].iat);
|
||||
expect (key)
|
||||
.toEqual (keys[0].key);
|
||||
const k2 = ks.get_key (keys[1].iat);
|
||||
it ('should return both keys, but not the first sign key', async () => {
|
||||
const sign = ks.get_key (keys[0].iat);
|
||||
expect (sign)
|
||||
.toEqual (keys[0].sign);
|
||||
await expectAsync (ks.get_sign_key (keys[0].iat, 1))
|
||||
.toBeRejectedWithError ('cannot access already expired keys');
|
||||
const k2 = await ks.get_sign_key (keys[1].iat, 1);
|
||||
const s2 = ks.get_key (keys[1].iat);
|
||||
expect (k2)
|
||||
.toEqual (keys[1].key);
|
||||
expect (s2)
|
||||
.toEqual (keys[1].sign);
|
||||
});
|
||||
|
||||
it ('should throw on non existing key', () => {
|
||||
@@ -82,21 +94,26 @@ describe ('key store', () => {
|
||||
.toThrowError ('key could not be found');
|
||||
});
|
||||
|
||||
it ('should still retrieve the second key', () => {
|
||||
const key = ks.get_key (keys[1].iat);
|
||||
expect (key)
|
||||
.toEqual (keys[1].key);
|
||||
});
|
||||
it (
|
||||
'should still retrieve the second key, but not its sign key',
|
||||
async () => {
|
||||
await expectAsync (ks.get_sign_key (keys[1].iat, 1))
|
||||
.toBeRejectedWithError ('cannot access already expired keys');
|
||||
const sign = ks.get_key (keys[1].iat);
|
||||
expect (sign)
|
||||
.toEqual (keys[1].sign);
|
||||
}
|
||||
);
|
||||
|
||||
it ('should reject key generation of expired keys', () => {
|
||||
it ('should reject key generation of expired keys', async () => {
|
||||
const iat = ((new Date)
|
||||
.getTime () / 1000) - 2;
|
||||
const duration = 5;
|
||||
expect (() => ks.get_key (iat, duration))
|
||||
.toThrowError ('cannot create already expired keys');
|
||||
await expectAsync (ks.get_sign_key (iat, duration))
|
||||
.toBeRejectedWithError ('cannot access already expired keys');
|
||||
});
|
||||
|
||||
it ('key should live as long as the longest created token', () => {
|
||||
it ('key should live as long as the longest created token', async () => {
|
||||
const base = new Date;
|
||||
base.setSeconds (2, 0);
|
||||
jasmine.clock ()
|
||||
@@ -108,21 +125,22 @@ describe ('key store', () => {
|
||||
const duration1 = frame;
|
||||
const duration2 = frame * 10;
|
||||
|
||||
const key1 = ks.get_key (iat, duration1);
|
||||
const key1 = await ks.get_sign_key (iat, duration1);
|
||||
const step = 0.9 * frame;
|
||||
jasmine.clock ()
|
||||
.tick (step * 1000);
|
||||
const key2 = ks.get_key (iat + step, duration2);
|
||||
const key2 = await ks.get_sign_key (iat + step, duration2);
|
||||
const sign = ks.get_key (iat);
|
||||
expect (key1)
|
||||
.toEqual (key2);
|
||||
jasmine.clock ()
|
||||
.tick (5000 * frame);
|
||||
const keyv = ks.get_key (iat + step);
|
||||
expect (keyv)
|
||||
.toEqual (key1);
|
||||
const signv = ks.get_key (iat + step);
|
||||
expect (signv)
|
||||
.toEqual (sign);
|
||||
});
|
||||
|
||||
// required use case: insert keys for verification of old tokens
|
||||
// TODO: required use case: insert keys for verification of old tokens
|
||||
|
||||
afterAll (() => {
|
||||
jasmine.clock ()
|
||||
|
||||
Reference in New Issue
Block a user