Timo/auth-server-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

redis sync
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Timo Hocker
2022-08-08 15:52:56 +02:00
parent 122bd7b574
commit fd26975559
17 changed files with 1860 additions and 1403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
test/spec/AuthHandler.ts
View File

@ -38,8 +38,8 @@ function check_headers (resp: Response): CheckHeaderResult {
return { data, at, rt };
}
function check_token (token: string|null, type: string): void {
const v = auth.verify (token || '');
async function check_token (token: string|null, type: string): Promise<void> {
const v = await auth.verify (token || '');
expect (v.valid)
.toEqual (true);
expect (v.authorized)
@ -164,11 +164,11 @@ describe ('auth handler', () => {
expect (resp1.headers['set-cookie'])
.toContain (build_cookie ({ name: 'mint_cookies' }, res1.rt as string));
check_token (res1.at as string, 'access_token');
await check_token (res1.at as string, 'access_token');
expect (res1.data.expires_in)
.toEqual (expires_seconds);
check_token (res1.rt as string, 'refresh_token');
await check_token (res1.rt as string, 'refresh_token');
expect (res1.data.refresh_expires_in)
.toEqual (refresh_expires_seconds);
@ -185,12 +185,12 @@ describe ('auth handler', () => {
expect (resp2.headers['set-cookie'])
.toContain (build_cookie ({ name: 'mint_cookies' }, res2.rt as string));
check_token (res2.at as string, 'access_token');
await check_token (res2.at as string, 'access_token');
expect (res2.data.expires_in)
.toEqual (expires_seconds);
expect (res2.at).not.toEqual (res1.at);
check_token (res2.rt as string, 'refresh_token');
await check_token (res2.rt as string, 'refresh_token');
expect (res2.data.refresh_expires_in)
.toEqual (refresh_expires_seconds);
expect (res2.rt).not.toEqual (res1.rt);
@ -217,11 +217,11 @@ describe ('auth handler', () => {
expect (resp1.headers['set-cookie'])
.toContain (build_cookie ({ name: 'mint_cookies' }, res1.rt as string));
check_token (res1.at as string, 'access_token');
await check_token (res1.at as string, 'access_token');
expect (res1.data.expires_in)
.toEqual (expires_seconds);
check_token (res1.rt as string, 'refresh_token');
await check_token (res1.rt as string, 'refresh_token');
expect (res1.data.refresh_expires_in)
.toEqual (refresh_expires_seconds);
});
@ -242,11 +242,11 @@ describe ('auth handler', () => {
expect (resp1.headers['set-cookie'])
.toContain (build_cookie ({ name: 'mint_cookies' }, res1.rt as string));
check_token (res1.at as string, 'access_token');
await check_token (res1.at as string, 'access_token');
expect (res1.data.expires_in)
.toEqual (expires_seconds);
check_token (res1.rt as string, 'refresh_token');
await check_token (res1.rt as string, 'refresh_token');
expect (res1.data.refresh_expires_in)
.toEqual (refresh_expires_seconds);
});
@ -299,7 +299,7 @@ describe ('auth handler', () => {
.toEqual ('bearer');
expect (res1.data.expires_in)
.toEqual (part_expires_seconds);
check_token (res1.data.part_token as string, 'part_token');
await check_token (res1.data.part_token as string, 'part_token');
const resp2 = await get (
{ authorization: `Bearer ${res1.data.part_token}` },
@ -315,12 +315,12 @@ describe ('auth handler', () => {
expect (resp2.headers['set-cookie'])
.toContain (build_cookie ({ name: 'mint_cookies' }, res2.rt as string));
check_token (res2.at as string, 'access_token');
await check_token (res2.at as string, 'access_token');
expect (res2.data.expires_in)
.toEqual (expires_seconds);
expect (res2.at).not.toEqual (res1.at);
check_token (res2.rt as string, 'refresh_token');
await check_token (res2.rt as string, 'refresh_token');
expect (res2.data.refresh_expires_in)
.toEqual (refresh_expires_seconds);
expect (res2.rt).not.toEqual (res1.rt);
@ -336,7 +336,7 @@ describe ('auth handler', () => {
'cookie_jar',
(resp1.headers['set-cookie'] || []).join ('\n')
);
check_token (signature, 'access_token');
await check_token (signature, 'access_token');
});
it ('should handle any authorization type', async () => {
@ -363,7 +363,7 @@ describe ('auth handler', () => {
(resp1.headers['set-cookie'] || []).join ('\n')
);
expect (signature).not.toEqual ('');
check_token (signature, 'access_token');
await check_token (signature, 'access_token');
});
it ('should disallow access and refresh cookies with the same name', () => {

14
test/spec/Authority.ts
View File

@ -27,7 +27,7 @@ describe ('authority', () => {
const token = await auth.sign ('access_token', 60);
jasmine.clock ()
.tick (30000);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeTrue ();
expect (res.valid)
@ -46,7 +46,7 @@ describe ('authority', () => {
const token = await auth.sign ('refresh_token', 600);
jasmine.clock ()
.tick (30000);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)
@ -65,7 +65,7 @@ describe ('authority', () => {
const token = await auth.sign ('part_token', 60, { next_module: '2fa' });
jasmine.clock ()
.tick (30000);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)
@ -85,7 +85,7 @@ describe ('authority', () => {
token.signature = modify_signature (token.signature);
jasmine.clock ()
.tick (30000);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)
@ -105,7 +105,7 @@ describe ('authority', () => {
jasmine.clock ()
.tick (30000);
bl.add_signature (token.id);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)
@ -125,7 +125,7 @@ describe ('authority', () => {
token.signature = modify_signature (token.signature);
jasmine.clock ()
.tick (30000);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)
@ -145,7 +145,7 @@ describe ('authority', () => {
jasmine.clock ()
.tick (30000);
bl.add_signature (token.id);
const res = auth.verify (token.signature);
const res = await auth.verify (token.signature);
expect (res.authorized)
.toBeFalse ();
expect (res.valid)

36
test/spec/KeyStore.ts
View File

@ -27,7 +27,7 @@ describe ('key store', () => {
.getTime () / 1000;
const duration = 10 * frame;
const key = await ks.get_sign_key (iat, duration);
const sign = ks.get_key (iat);
const sign = await ks.get_key (iat);
expect (typeof key)
.toEqual ('string');
expect (typeof sign)
@ -39,7 +39,7 @@ describe ('key store', () => {
const key = await ks.get_sign_key (keys[0].iat, 1);
expect (key)
.toEqual (keys[0].key);
const sign = ks.get_key (keys[0].iat);
const sign = await ks.get_key (keys[0].iat);
expect (sign)
.toEqual (keys[0].sign);
});
@ -48,7 +48,7 @@ describe ('key store', () => {
const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1);
expect (key)
.toEqual (keys[0].key);
const sign = ks.get_key (keys[0].iat + (frame / 2));
const sign = await ks.get_key (keys[0].iat + (frame / 2));
expect (sign)
.toEqual (keys[0].sign);
});
@ -60,7 +60,7 @@ describe ('key store', () => {
.getTime () / 1000;
const duration = 10 * frame;
const key = await ks.get_sign_key (iat, duration);
const sign = ks.get_key (iat);
const sign = await ks.get_key (iat);
expect (typeof key)
.toEqual ('string');
expect (key).not.toEqual (keys[0].key);
@ -69,32 +69,32 @@ describe ('key store', () => {
});
it ('should return both keys, but not the first sign key', async () => {
const sign = ks.get_key (keys[0].iat);
const sign = await ks.get_key (keys[0].iat);
expect (sign)
.toEqual (keys[0].sign);
await expectAsync (ks.get_sign_key (keys[0].iat, 1))
.toBeRejectedWithError ('cannot access already expired keys');
const k2 = await ks.get_sign_key (keys[1].iat, 1);
const s2 = ks.get_key (keys[1].iat);
const s2 = await ks.get_key (keys[1].iat);
expect (k2)
.toEqual (keys[1].key);
expect (s2)
.toEqual (keys[1].sign);
});
it ('should throw on non existing key', () => {
expect (() => ks.get_key (keys[1].iat + frame))
.toThrowError ('key could not be found');
it ('should throw on non existing key', async () => {
await expectAsync (ks.get_key (keys[1].iat + frame))
.toBeRejectedWithError ('key could not be found');
});
it ('should delete a key after it expires', () => {
it ('should delete a key after it expires', async () => {
// go to 10 frames + 1ms after key creation
jasmine.clock ()
.tick ((frame * 9e3) + 1);
// eslint-disable-next-line dot-notation
ks['garbage_collect'] ();
expect (() => ks.get_key (keys[0].iat))
.toThrowError ('key could not be found');
await expectAsync (ks.get_key (keys[0].iat))
.toBeRejectedWithError ('key could not be found');
});
it (
@ -102,7 +102,7 @@ describe ('key store', () => {
async () => {
await expectAsync (ks.get_sign_key (keys[1].iat, 1))
.toBeRejectedWithError ('cannot access already expired keys');
const sign = ks.get_key (keys[1].iat);
const sign = await ks.get_key (keys[1].iat);
expect (sign)
.toEqual (keys[1].sign);
}
@ -129,12 +129,12 @@ describe ('key store', () => {
jasmine.clock ()
.tick (step * 1000);
const key2 = await ks.get_sign_key (iat + step, duration2);
const sign = ks.get_key (iat);
const sign = await ks.get_key (iat);
expect (key1)
.toEqual (key2);
jasmine.clock ()
.tick (5000 * frame);
const signv = ks.get_key (iat + step);
const signv = await ks.get_key (iat + step);
expect (signv)
.toEqual (sign);
});
@ -151,7 +151,7 @@ describe ('key store', () => {
.getTime () / 1000;
const sign = await ks.get_sign_key (iat, frame);
const ver = ks.get_key (iat);
const ver = await ks.get_key (iat);
const exp = ks.export_verification_data ();
// eslint-disable-next-line dot-notation
expect (Object.keys (ks['_keys']))
@ -165,12 +165,12 @@ describe ('key store', () => {
.toEqual (exp.map ((v) => v.index));
const sign2 = await ks2.get_sign_key (iat, frame);
const ver2 = ks2.get_key (iat);
const ver2 = await ks2.get_key (iat);
expect (sign).not.toEqual (sign2);
expect (ver).not.toEqual (ver2);
await expectAsync (ks2.get_sign_key (iat, 60, ks.instance_id))
.toBeRejectedWithError ('cannot access already expired keys');
expect (ks2.get_key (iat, ks.instance_id))
expect (await ks2.get_key (iat, ks.instance_id))
.toEqual (ver);
});

62
test/spec/Redis.ts Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright (C) Sapphirecode - All Rights Reserved
* This file is part of Auth-Server-Helper which is released under MIT.
* See file 'LICENSE' for full license details.
* Created by Timo Hocker <timo@scode.ovh>, August 2022
*/
import ks from '../../lib/KeyStore';
import { redis } from '../../lib/Redis';
import { clock_finalize, clock_setup } from '../Helper';
const frame = 3600;
const redis_url = process.env.TEST_REDIS_URL || 'redis://localhost';
describe ('redis', () => {
beforeAll (() => {
ks.reset_instance ();
ks.sync_redis (redis_url);
clock_setup ();
});
afterAll (() => clock_finalize ());
it ('should write and read all keys', async () => {
const iat1 = (new Date)
.getTime () / 1000;
await ks.get_sign_key (iat1, frame);
const k1 = await ks.get_key (iat1);
jasmine.clock ()
.tick (frame * 1000);
const iat2 = (new Date)
.getTime () / 1000;
await ks.get_sign_key (iat2, frame);
const k2 = await ks.get_key (iat2);
// eslint-disable-next-line dot-notation
const index1 = ks['get_index'] (iat1);
// eslint-disable-next-line dot-notation
const index2 = ks['get_index'] (iat2);
// eslint-disable-next-line dot-notation
expect (JSON.parse (await redis['_redis']?.get (index1) as string).key)
.toEqual (k1);
// eslint-disable-next-line dot-notation
expect (JSON.parse (await redis['_redis']?.get (index2) as string).key)
.toEqual (k2);
const old_instance = ks.instance_id;
ks.reset_instance ();
expectAsync (ks.get_key (iat1, old_instance))
.toBeRejectedWithError ('key could not be found');
expectAsync (ks.get_key (iat1, old_instance))
.toBeRejectedWithError ('key could not be found');
ks.sync_redis (redis_url);
expect (await ks.get_key (iat1, old_instance))
.toEqual (k1);
expect (await ks.get_key (iat2, old_instance))
.toEqual (k2);
});
});