144 lines
3.8 KiB
TypeScript
144 lines
3.8 KiB
TypeScript
/*
|
|
* Copyright (C) Sapphirecode - All Rights Reserved
|
|
* This file is part of Auth-Server-Helper which is released under MIT.
|
|
* See file 'LICENSE' for full license details.
|
|
* Created by Timo Hocker <timo@scode.ovh>, December 2020
|
|
*/
|
|
|
|
import { hash_sha512 } from '@sapphirecode/crypto-helper';
|
|
import auth from '../../lib/Authority';
|
|
import bl from '../../lib/Blacklist';
|
|
|
|
function modify_signature (signature: string): string {
|
|
const dec = decodeURIComponent (signature)
|
|
.split ('.');
|
|
dec[1] = hash_sha512 ('', '');
|
|
return encodeURIComponent (dec.join ('.'));
|
|
}
|
|
|
|
// eslint-disable-next-line max-lines-per-function
|
|
describe ('authority', () => {
|
|
beforeEach (() => {
|
|
jasmine.clock ()
|
|
.install ();
|
|
jasmine.clock ()
|
|
.mockDate (new Date);
|
|
});
|
|
|
|
afterEach (() => {
|
|
jasmine.clock ()
|
|
.tick (24 * 60 * 60 * 1000);
|
|
jasmine.clock ()
|
|
.uninstall ();
|
|
});
|
|
|
|
it ('should create an access token', () => {
|
|
const token = auth.sign ('access_token', 60);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeTrue ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('access_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should create a refresh token', () => {
|
|
const token = auth.sign ('refresh_token', 600);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('refresh_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should create a part token', () => {
|
|
const token = auth.sign ('part_token', 60, '2fa');
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('part_token');
|
|
expect (res.next_module)
|
|
.toEqual ('2fa');
|
|
});
|
|
|
|
it ('should reject an invalid access token', () => {
|
|
const token = auth.sign ('access_token', 60);
|
|
token.signature = modify_signature (token.signature);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('none');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should reject blacklisted access token', () => {
|
|
const token = auth.sign ('access_token', 60);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
bl.add_signature (token.id);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('access_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should reject an invalid refresh token', () => {
|
|
const token = auth.sign ('refresh_token', 600);
|
|
token.signature = modify_signature (token.signature);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('none');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should reject a blacklisted refresh token', () => {
|
|
const token = auth.sign ('refresh_token', 600);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
bl.add_signature (token.id);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('refresh_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
});
|
|
});
|