Skip to content

Commit

Permalink
feat: fix issues from rebase
Browse files Browse the repository at this point in the history
  • Loading branch information
@njlie
njlie committed Aug 24, 2022
1 parent 6516c7c commit 1e3d0a8
Show file tree
Hide file tree
Showing 8 changed files with 83 additions and 233 deletions.
66 changes: 24 additions & 42 deletions packages/auth/src/accessToken/routes.test.ts
View file
Expand Up @@ -16,33 +16,12 @@ import { AccessToken } from './model'
import { Access } from '../access/model'
import { AccessTokenRoutes } from './routes'
import { createContext } from '../tests/context'
import {
generateSigHeaders
} from '../tests/signature'
import {
KID_PATH,
KID_ORIGIN
KEY_REGISTRY_ORIGIN,
TEST_CLIENT_KEY
} from '../grant/routes.test'

const TEST_JWK = {
kid: KID_ORIGIN + KID_PATH,
x: 'test-public-key',
kty: 'OKP',
alg: 'EdDSA',
crv: 'Ed25519',
use: 'sig'
}
const TEST_CLIENT_KEY = {
client: {
id: v4(),
name: 'Bob',
email: 'bob@bob.com',
image: 'a link to an image',
uri: 'https://bob.com'
},
...TEST_JWK
}

describe('Access Token Routes', (): void => {
let deps: IocContract<AppServices>
let appContainer: TestContainer
Expand Down Expand Up @@ -76,7 +55,7 @@ describe('Access Token Routes', (): void => {
finishMethod: FinishMethod.Redirect,
finishUri: 'https://example.com/finish',
clientNonce: crypto.randomBytes(8).toString('hex').toUpperCase(),
clientKeyId: KID_ORIGIN + KID_PATH,
clientKeyId: KEY_REGISTRY_ORIGIN + KID_PATH,
interactId: v4(),
interactRef: crypto.randomBytes(8).toString('hex').toUpperCase(),
interactNonce: crypto.randomBytes(8).toString('hex').toUpperCase()
Expand Down Expand Up @@ -148,13 +127,11 @@ describe('Access Token Routes', (): void => {
test('Successfully introspects valid token', async (): Promise<void> => {
const clientId = crypto
.createHash('sha256')
.update(TEST_CLIENT_KEY.client.id)
.update(TEST_CLIENT_KEY.jwk.client.id)
.digest('hex')
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(KID_PATH)
.reply(200, {
keys: [TEST_CLIENT_KEY]
})
.reply(200, TEST_CLIENT_KEY.jwk)

const ctx = createContext(
{
Expand All @@ -177,6 +154,9 @@ describe('Access Token Routes', (): void => {
expect(ctx.response.get('Content-Type')).toBe(
'application/json; charset=utf-8'
)

const testKeyWithoutClient = TEST_CLIENT_KEY.jwk
delete testKeyWithoutClient.client
expect(ctx.body).toEqual({
active: true,
grant: grant.id,
Expand All @@ -187,18 +167,24 @@ describe('Access Token Routes', (): void => {
limits: access.limits
}
],
key: { proof: 'httpsig', jwk: TEST_JWK },
key: {
proof: 'httpsig',
jwk: {
...testKeyWithoutClient,
exp: expect.any(Number),
nbf: expect.any(Number),
revoked: false
}
},
client_id: clientId
})
scope.isDone()
})

test('Successfully introspects expired token', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(KID_PATH)
.reply(200, {
keys: [TEST_CLIENT_KEY.jwk]
})
.reply(200, TEST_CLIENT_KEY.jwk)
const now = new Date(new Date().getTime() + 4000)
jest.useFakeTimers()
jest.setSystemTime(now)
Expand Down Expand Up @@ -270,11 +256,9 @@ describe('Access Token Routes', (): void => {
})

test('Returns status 204 if token has not expired', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(KID_PATH)
.reply(200, {
keys: [TEST_CLIENT_KEY.jwk]
})
.reply(200, TEST_CLIENT_KEY.jwk)

const ctx = createContext(
{
Expand All @@ -299,11 +283,9 @@ describe('Access Token Routes', (): void => {
})

test('Returns status 204 if token has expired', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(KID_PATH)
.reply(200, {
keys: [TEST_CLIENT_KEY.jwk]
})
.reply(200, TEST_CLIENT_KEY.jwk)

const ctx = createContext(
{
Expand Down
32 changes: 13 additions & 19 deletions packages/auth/src/client/service.test.ts
View file
Expand Up @@ -5,10 +5,9 @@ import { Config } from '../config/app'
import { IocContract } from '@adonisjs/fold'
import { initIocContainer } from '../'
import { AppServices } from '../app'
import { v4 } from 'uuid'
import { ClientService, JWKWithRequired } from './service'
import { generateTestKeys } from '../tests/signature'
import { KID_ORIGIN } from '../grant/routes.test'
import { KEY_REGISTRY_ORIGIN } from '../grant/routes.test'

const TEST_CLIENT_DISPLAY = {
name: 'Test Client',
Expand All @@ -32,11 +31,6 @@ describe('Client Service', (): void => {
const keys = await generateTestKeys()
keyPath = '/' + keys.keyId
publicKey = keys.publicKey
privateKey = keys.privateKey
testClientKey = {
proof: 'httpsig',
jwk: publicKey
}
})

afterAll(async (): Promise<void> => {
Expand All @@ -52,7 +46,7 @@ describe('Client Service', (): void => {
nbfDate.setTime(nbfDate.getTime() - 1000 * 60 * 60)
describe('Client Properties', (): void => {
test('Can validate client properties with registry', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(keyPath)
.reply(200, {
...publicKey,
Expand All @@ -68,7 +62,7 @@ describe('Client Service', (): void => {
proof: 'httpsig',
jwk: {
...publicKey,
kid: KID_ORIGIN + keyPath
kid: KEY_REGISTRY_ORIGIN + keyPath
}
}
})
Expand All @@ -78,7 +72,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with incorrect display name', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(TEST_KID_PATH)
.reply(200, {
...publicKey,
Expand All @@ -100,7 +94,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with incorrect uri', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(TEST_KID_PATH)
.reply(200, {
...publicKey,
Expand All @@ -123,7 +117,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with kid that doesnt resolve', async (): Promise<void> => {
const scope = nock(KID_ORIGIN).get('/wrong').reply(200)
const scope = nock(KEY_REGISTRY_ORIGIN).get('/wrong').reply(200)

const validClientKid = await clientService.validateClient({
display: TEST_CLIENT_DISPLAY,
Expand All @@ -141,7 +135,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with jwk that doesnt have a public key', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get(TEST_KID_PATH)
.reply(200, {
...publicKey,
Expand Down Expand Up @@ -226,7 +220,7 @@ describe('Client Service', (): void => {
test('Cannot validate client with key that is not ready', async (): Promise<void> => {
const futureDate = new Date()
futureDate.setTime(futureDate.getTime() + 1000 * 60 * 60)
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get('/keys/notready')
.reply(200, {
...publicKey,
Expand All @@ -241,7 +235,7 @@ describe('Client Service', (): void => {
proof: 'httpsig',
jwk: {
...publicKey,
kid: KID_ORIGIN + '/keys/notready'
kid: KEY_REGISTRY_ORIGIN + '/keys/notready'
}
}
})
Expand All @@ -251,7 +245,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with expired key', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get('/keys/invalidclient')
.reply(200, {
...publicKey,
Expand All @@ -266,7 +260,7 @@ describe('Client Service', (): void => {
proof: 'httpsig',
jwk: {
...publicKey,
kid: KID_ORIGIN + '/keys/invalidclient'
kid: KEY_REGISTRY_ORIGIN + '/keys/invalidclient'
}
}
})
Expand All @@ -276,7 +270,7 @@ describe('Client Service', (): void => {
})

test('Cannot validate client with revoked key', async (): Promise<void> => {
const scope = nock(KID_ORIGIN)
const scope = nock(KEY_REGISTRY_ORIGIN)
.get('/keys/revoked')
.reply(200, {
...publicKey,
Expand All @@ -291,7 +285,7 @@ describe('Client Service', (): void => {
proof: 'httpsig',
jwk: {
...publicKey,
kid: KID_ORIGIN + '/keys/revoked'
kid: KEY_REGISTRY_ORIGIN + '/keys/revoked'
}
}
})
Expand Down

0 comments on commit 1e3d0a8

Please sign in to comment.