168 lines
4.4 KiB
TypeScript
168 lines
4.4 KiB
TypeScript
/*
|
|
* Copyright (C) Sapphirecode - All Rights Reserved
|
|
* This file is part of Auth-Server-Helper which is released under MIT.
|
|
* See file 'LICENSE' for full license details.
|
|
* Created by Timo Hocker <timo@scode.ovh>, December 2020
|
|
*/
|
|
|
|
import auth from '../../lib/Authority';
|
|
import bl from '../../lib/Blacklist';
|
|
import {
|
|
assert_keystore_state,
|
|
flush_routine, modify_signature
|
|
} from '../Helper';
|
|
|
|
// eslint-disable-next-line max-lines-per-function
|
|
describe ('authority', () => {
|
|
beforeEach (() => {
|
|
jasmine.clock ()
|
|
.install ();
|
|
jasmine.clock ()
|
|
.mockDate (new Date);
|
|
});
|
|
|
|
afterEach (() => {
|
|
flush_routine (false);
|
|
assert_keystore_state ();
|
|
jasmine.clock ()
|
|
.uninstall ();
|
|
});
|
|
|
|
it ('should create an access token', async () => {
|
|
const token = await auth.sign ('access_token', 60);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeTrue ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('access_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual (token.id);
|
|
expect (res.error)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should create a refresh token', async () => {
|
|
const token = await auth.sign ('refresh_token', 600);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('refresh_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual (token.id);
|
|
expect (res.error)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should create a part token', async () => {
|
|
const token = await auth.sign ('part_token', 60, { next_module: '2fa' });
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeTrue ();
|
|
expect (res.type)
|
|
.toEqual ('part_token');
|
|
expect (res.next_module)
|
|
.toEqual ('2fa');
|
|
expect (res.id)
|
|
.toEqual (token.id);
|
|
expect (res.error)
|
|
.toBeUndefined ();
|
|
});
|
|
|
|
it ('should reject an invalid access token', async () => {
|
|
const token = await auth.sign ('access_token', 60);
|
|
token.signature = modify_signature (token.signature);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('none');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual ('');
|
|
expect (res.error)
|
|
.toEqual ('invalid signature');
|
|
});
|
|
|
|
it ('should reject blacklisted access token', async () => {
|
|
const token = await auth.sign ('access_token', 60);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
bl.add_signature (token.id);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('access_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual (token.id);
|
|
expect (res.error)
|
|
.toEqual ('blacklisted');
|
|
});
|
|
|
|
it ('should reject an invalid refresh token', async () => {
|
|
const token = await auth.sign ('refresh_token', 600);
|
|
token.signature = modify_signature (token.signature);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('none');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual ('');
|
|
expect (res.error)
|
|
.toEqual ('invalid signature');
|
|
});
|
|
|
|
it ('should reject a blacklisted refresh token', async () => {
|
|
const token = await auth.sign ('refresh_token', 600);
|
|
jasmine.clock ()
|
|
.tick (30000);
|
|
bl.add_signature (token.id);
|
|
const res = auth.verify (token.signature);
|
|
expect (res.authorized)
|
|
.toBeFalse ();
|
|
expect (res.valid)
|
|
.toBeFalse ();
|
|
expect (res.type)
|
|
.toEqual ('refresh_token');
|
|
expect (res.next_module)
|
|
.toBeUndefined ();
|
|
expect (res.id)
|
|
.toEqual (token.id);
|
|
expect (res.error)
|
|
.toEqual ('blacklisted');
|
|
});
|
|
});
|