debian-mirror-gitlab/spec/lib/omni_auth/strategies/jwt_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

133 lines
3.6 KiB
Ruby
Raw Normal View History

2019-12-04 20:38:33 +05:30
# frozen_string_literal: true
2018-05-09 12:01:36 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe OmniAuth::Strategies::Jwt do
2018-05-09 12:01:36 +05:30
include Rack::Test::Methods
include DeviseHelpers
2020-03-13 15:44:24 +05:30
describe '#decoded' do
2019-02-15 15:39:39 +05:30
subject { described_class.new({}) }
2019-12-21 20:55:43 +05:30
2018-05-09 12:01:36 +05:30
let(:timestamp) { Time.now.to_i }
let(:jwt_config) { Devise.omniauth_configs[:jwt] }
let(:claims) do
{
id: 123,
name: "user_example",
email: "user@example.com",
iat: timestamp
}
end
2020-10-24 23:57:45 +05:30
2019-02-15 15:39:39 +05:30
let(:algorithm) { 'HS256' }
let(:secret) { jwt_config.strategy.secret }
let(:private_key) { secret }
let(:payload) { JWT.encode(claims, private_key, algorithm) }
2018-05-09 12:01:36 +05:30
before do
2019-02-15 15:39:39 +05:30
subject.options[:secret] = secret
subject.options[:algorithm] = algorithm
2019-03-02 22:35:43 +05:30
# We use Rack::Request instead of ActionDispatch::Request because
# Rack::Test::Methods enables testing of this module.
2019-02-15 15:39:39 +05:30
expect_next_instance_of(Rack::Request) do |rack_request|
expect(rack_request).to receive(:params).and_return('jwt' => payload)
end
2018-05-09 12:01:36 +05:30
end
2020-05-24 23:13:21 +05:30
ecdsa_named_curves = {
2019-02-15 15:39:39 +05:30
'ES256' => 'prime256v1',
'ES384' => 'secp384r1',
'ES512' => 'secp521r1'
}.freeze
2018-05-09 12:01:36 +05:30
2019-02-15 15:39:39 +05:30
{
OpenSSL::PKey::RSA => %w[RS256 RS384 RS512],
OpenSSL::PKey::EC => %w[ES256 ES384 ES512],
String => %w[HS256 HS384 HS512]
}.each do |private_key_class, algorithms|
algorithms.each do |algorithm|
context "when the #{algorithm} algorithm is used" do
let(:algorithm) { algorithm }
let(:secret) do
2023-01-13 00:05:48 +05:30
# rubocop:disable Style/CaseLikeIf
2019-02-15 15:39:39 +05:30
if private_key_class == OpenSSL::PKey::RSA
private_key_class.generate(2048)
.to_pem
elsif private_key_class == OpenSSL::PKey::EC
2020-05-24 23:13:21 +05:30
private_key_class.new(ecdsa_named_curves[algorithm])
2019-02-15 15:39:39 +05:30
.tap { |key| key.generate_key! }
.to_pem
else
private_key_class.new(jwt_config.strategy.secret)
end
2023-01-13 00:05:48 +05:30
# rubocop:enable Style/CaseLikeIf
2019-02-15 15:39:39 +05:30
end
2020-10-24 23:57:45 +05:30
2019-02-15 15:39:39 +05:30
let(:private_key) { private_key_class ? private_key_class.new(secret) : secret }
it 'decodes the user information' do
result = subject.decoded
expect(result).to eq(claims.stringify_keys)
end
end
end
2018-05-09 12:01:36 +05:30
end
context 'required claims is missing' do
let(:claims) do
{
id: 123,
email: "user@example.com",
iat: timestamp
}
end
it 'raises error' do
2019-02-15 15:39:39 +05:30
expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
2018-05-09 12:01:36 +05:30
end
end
context 'when valid_within is specified but iat attribute is missing in response' do
let(:claims) do
{
id: 123,
name: "user_example",
email: "user@example.com"
}
end
before do
2019-02-15 15:39:39 +05:30
# Omniauth config values are always strings!
subject.options[:valid_within] = 2.days.to_s
2018-05-09 12:01:36 +05:30
end
it 'raises error' do
2019-02-15 15:39:39 +05:30
expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
2018-05-09 12:01:36 +05:30
end
end
context 'when timestamp claim is too skewed from present' do
let(:claims) do
{
id: 123,
name: "user_example",
email: "user@example.com",
iat: timestamp - 10.minutes.to_i
}
end
before do
2019-02-15 15:39:39 +05:30
# Omniauth config values are always strings!
subject.options[:valid_within] = 2.seconds.to_s
2018-05-09 12:01:36 +05:30
end
it 'raises error' do
2019-02-15 15:39:39 +05:30
expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
2018-05-09 12:01:36 +05:30
end
end
end
end