authorizer/server/test/validate_jwt_token_test.go

package test

import (
	"testing"
	"time"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/resolvers"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/google/uuid"
	"github.com/stretchr/testify/assert"
)

func validateJwtTokenTest(t *testing.T, s TestSetup) {
	t.Helper()
	_, ctx := createContext(s)
	t.Run(`validate params`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     "",
		})
		assert.Error(t, err)
		assert.Nil(t, res)
		res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     "invalid",
		})
		assert.Error(t, err)
		assert.Nil(t, res)
		_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token_invalid",
			Token:     "invalid@invalid",
		})
		assert.Error(t, err, "invalid token")
	})

	scope := []string{"openid", "email", "profile", "offline_access"}
	user := models.User{
		ID:        uuid.New().String(),
		Email:     "jwt_test_" + s.TestInfo.Email,
		Roles:     "user",
		UpdatedAt: time.Now().Unix(),
		CreatedAt: time.Now().Unix(),
	}

	roles := []string{"user"}
	gc, err := utils.GinContextFromContext(ctx)
	assert.NoError(t, err)
	sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
	nonce := uuid.New().String()
	authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, "")
	assert.NoError(t, err)
	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
	memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)

	if authToken.RefreshToken != nil {
		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
	}

	t.Run(`should validate the access token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     authToken.AccessToken.Token,
			Roles:     []string{"user"},
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)

		res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "access_token",
			Token:     authToken.AccessToken.Token,
			Roles:     []string{"invalid_role"},
		})
		assert.Nil(t, res)
		assert.Error(t, err)
	})

	t.Run(`should validate the refresh token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "refresh_token",
			Token:     authToken.RefreshToken.Token,
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)
	})

	t.Run(`should validate the id token`, func(t *testing.T) {
		res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
			TokenType: "id_token",
			Token:     authToken.IDToken.Token,
		})
		assert.NoError(t, err)
		assert.True(t, res.IsValid)
		assert.Equal(t, user.Email, res.Claims["email"])
	})
}
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`package test`

			`import (`
			`"testing"`
			`"time"`

fix: user session access 2022-06-11 18:57:21 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`"github.com/authorizerdev/authorizer/server/db/models"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
fix: move sessionstore -> memstore 2022-05-27 17:50:38 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`"github.com/authorizerdev/authorizer/server/resolvers"`
			`"github.com/authorizerdev/authorizer/server/token"`
			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/google/uuid"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func validateJwtTokenTest(t *testing.T, s TestSetup) {`
			`t.Helper()`
			`_, ctx := createContext(s)`
			t.Run(`validate params`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: "",`
			`})`
fix: session invalidation 2022-06-11 13:40:39 +00:00			`assert.Error(t, err)`
			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: "invalid",`
			`})`
fix: session invalidation 2022-06-11 13:40:39 +00:00			`assert.Error(t, err)`
			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token_invalid",`
			`Token: "invalid@invalid",`
			`})`
			`assert.Error(t, err, "invalid token")`
			`})`

			`scope := []string{"openid", "email", "profile", "offline_access"}`
			`user := models.User{`
			`ID: uuid.New().String(),`
			`Email: "jwt_test_" + s.TestInfo.Email,`
			`Roles: "user",`
			`UpdatedAt: time.Now().Unix(),`
			`CreatedAt: time.Now().Unix(),`
			`}`

			`roles := []string{"user"}`
			`gc, err := utils.GinContextFromContext(ctx)`
			`assert.NoError(t, err)`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID`
feat: add nonce variable to create auth token 2022-10-23 15:38:08 +00:00			`nonce := uuid.New().String()`
fix(server): creepy @@ string split logic for auth_token 2022-11-12 19:52:21 +00:00			`authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, "")`
fix: tests + version - Update code as per go 1.19.3 - Fix tests for unused vars 2022-11-27 15:10:45 +00:00			`assert.NoError(t, err)`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)`
			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)`
fix: user session access 2022-06-11 18:57:21 +00:00
			`if authToken.RefreshToken != nil {`
fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)`
fix: user session access 2022-06-11 18:57:21 +00:00			`}`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00
			t.Run(`should validate the access token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: authToken.AccessToken.Token,`
			`Roles: []string{"user"},`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`

			`res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "access_token",`
			`Token: authToken.AccessToken.Token,`
			`Roles: []string{"invalid_role"},`
			`})`
fix: tests + version - Update code as per go 1.19.3 - Fix tests for unused vars 2022-11-27 15:10:45 +00:00			`assert.Nil(t, res)`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`assert.Error(t, err)`
			`})`

			t.Run(`should validate the refresh token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "refresh_token",`
			`Token: authToken.RefreshToken.Token,`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`
			`})`

			t.Run(`should validate the id token`, func(t *testing.T) {
			`res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{`
			`TokenType: "id_token",`
			`Token: authToken.IDToken.Token,`
			`})`
			`assert.NoError(t, err)`
			`assert.True(t, res.IsValid)`
add jwt claims as part of validation endpoint 2022-11-01 04:42:01 +00:00			`assert.Equal(t, user.Email, res.Claims["email"])`
feat: add validate_jwt_token query Resolves #149 2022-03-24 08:01:56 +00:00			`})`
			`}`