authorizer/server/test/validate_jwt_token_test.go

package test

import (
	"testing"
	"time"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/refs"
	"github.com/authorizerdev/authorizer/server/resolvers"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/google/uuid"
	"github.com/stretchr/testify/assert"
)

func validateJwtTokenTest(t *testing.T, s TestSetup) {
	t.Helper()
	_, ctx := createContext(s)
	t.Run(`validate params`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     "",
		})
		assert.Error(t, err)
		assert.Nil(t, res)
		res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     "invalid",
		})
		assert.Error(t, err)
		assert.Nil(t, res)
		_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token_invalid",
			Token:     "invalid@invalid",
		})
		assert.Error(t, err, "invalid token")
	})

	scope := []string{"openid", "email", "profile", "offline_access"}
	user := &models.User{
		ID:        uuid.New().String(),
		Email:     refs.NewStringRef("jwt_test_" + s.TestInfo.Email),
		Roles:     "user",
		UpdatedAt: time.Now().Unix(),
		CreatedAt: time.Now().Unix(),
	}

	roles := []string{"user"}
	gc, err := utils.GinContextFromContext(ctx)
	assert.NoError(t, err)
	sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
	nonce := uuid.New().String()
	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, "")
	assert.NoError(t, err)
	assert.NotNil(t, authToken)
	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)

	if authToken.RefreshToken != nil {
		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
	}

	t.Run(`should validate the access token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     authToken.AccessToken.Token,
			Roles:     []string{"user"},
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)

		res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     authToken.AccessToken.Token,
			Roles:     []string{"invalid_role"},
		})
		assert.Error(t, err)
		assert.Nil(t, res)
	})

	t.Run(`should validate the refresh token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "refresh_token",
			Token:     authToken.RefreshToken.Token,
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)
	})

	t.Run(`should validate the id token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "id_token",
			Token:     authToken.IDToken.Token,
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)
		assert.Equal(t, refs.StringValue(user.Email), res.Claims["email"])
	})
}
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`package test`

			`import (`
			`"testing"`
			`"time"`

fix: user session access 2022-06-11 18:57:21 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`"github.com/authorizerdev/authorizer/server/db/models"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: move sessionstore -> memstore 2022-05-27 17:50:38 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
Allow empty email 2023-10-25 19:25:10 +00:00			`"github.com/authorizerdev/authorizer/server/refs"`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`"github.com/authorizerdev/authorizer/server/resolvers"`
			`"github.com/authorizerdev/authorizer/server/token"`
			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/google/uuid"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func validateJwtTokenTest(t *testing.T, s TestSetup) {`
			`t.Helper()`
			`_, ctx := createContext(s)`
			t.Run(`validate params`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: "",`
			`})`
fix: session invalidation 2022-06-11 13:40:39 +00:00			`assert.Error(t, err)`
			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: "invalid",`
			`})`
fix: session invalidation 2022-06-11 13:40:39 +00:00			`assert.Error(t, err)`
			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token_invalid",`
			`Token: "invalid@invalid",`
			`})`
			`assert.Error(t, err, "invalid token")`
			`})`

			`scope := []string{"openid", "email", "profile", "offline_access"}`
fix: refs for db provider and few utils 2023-07-31 11:12:11 +00:00			`user := &models.User{`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`ID: uuid.New().String(),`
Allow empty email 2023-10-25 19:25:10 +00:00			`Email: refs.NewStringRef("jwt_test_" + s.TestInfo.Email),`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`Roles: "user",`
			`UpdatedAt: time.Now().Unix(),`
			`CreatedAt: time.Now().Unix(),`
			`}`

			`roles := []string{"user"}`
			`gc, err := utils.GinContextFromContext(ctx)`
			`assert.NoError(t, err)`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID`
feat: add nonce variable to create auth token 2022-10-23 15:38:08 +00:00			`nonce := uuid.New().String()`
fix(server): creepy @@ string split logic for auth_token 2022-11-12 19:52:21 +00:00			`authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, "")`
fix: queries for webhooks + improve tests 2023-03-29 01:36:33 +00:00			`assert.NoError(t, err)`
			`assert.NotNil(t, authToken)`
fix: session storage 2023-04-08 07:36:15 +00:00			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)`
			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)`
fix: user session access 2022-06-11 18:57:21 +00:00
			`if authToken.RefreshToken != nil {`
fix: session storage 2023-04-08 07:36:15 +00:00			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)`
fix: user session access 2022-06-11 18:57:21 +00:00			`}`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00
			t.Run(`should validate the access token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: authToken.AccessToken.Token,`
			`Roles: []string{"user"},`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`

			`res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: authToken.AccessToken.Token,`
			`Roles: []string{"invalid_role"},`
			`})`
			`assert.Error(t, err)`
fix: queries for webhooks + improve tests 2023-03-29 01:36:33 +00:00			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`})`

			t.Run(`should validate the refresh token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "refresh_token",`
			`Token: authToken.RefreshToken.Token,`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`
			`})`

			t.Run(`should validate the id token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "id_token",`
			`Token: authToken.IDToken.Token,`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`
Allow empty email 2023-10-25 19:25:10 +00:00			`assert.Equal(t, refs.StringValue(user.Email), res.Claims["email"])`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`})`
			`}`