forked from windingtree/glider-aggregator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjwt.test.js
132 lines (118 loc) · 3.53 KB
/
jwt.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
const { JWK, JWT } = require('jose');
require('dotenv').config();
const { assertFailure } = require('../test/helpers/assertions');
const { privPem, pubPem } = require('../test/helpers/constants');
const { createToken } = require('../test/helpers/create');
const { verifyJWT } = require('./jwt');
require('chai').should();
describe('JWT', () => {
const aud = 'did:orgid:0x94bf5a57b850a35b4d1d7b59f663ce3a8a76fd9928ef2067cc772fc97fb0ad75';
const iss = 'did:orgid:0xd28ed661a8619301ed6cb7048142c1a356c662bb96ba9d1c0b4c88f135363d26';
const exp = '24 hours';
let priv = privPem;
let pub = pubPem;
describe('#createJWT', () => {
it('should create a valid JWT token signed with secp256k1', async () => {
const options = {
priv,
alg: 'ES256K',
aud,
iss,
fragment: 'test',
exp,
};
const jwt = await createToken(options);
const pubKey = JWK.asKey(
pub,
{
alg: options.alg,
use: 'sig',
},
);
const token = JWT.verify(
jwt,
pubKey,
{
typ: 'JWT',
audience: options.aud,
clockTolerance: '1 min',
},
);
(token).should.be.an('object');
(token).should.has.property('iss').to.equal(`${options.iss}#${options.fragment}`);
(token).should.has.property('aud').to.equal(options.aud);
(token).should.has.property('exp').to.be.a('number');
});
});
describe('#verifyJWT', () => {
const secp256k1Options = {
priv,
alg: 'ES256K',
aud,
iss,
fragment: 'test',
exp,
};
let secp256k1Jwt;
beforeEach(async () => {
secp256k1Jwt = await createToken(secp256k1Options);
});
it('should fail if wrong authorization method provided', async () => {
await assertFailure(
verifyJWT('Unknown', secp256k1Jwt),
'Unknown authorization method',
403,
);
});
it('should fail if wrong JWT token provided', async () => {
await assertFailure(
verifyJWT('Bearer', 'wrong' + secp256k1Jwt),
'JWT is malformed',
403,
);
});
it('should fail if expired token provided', async () => {
const token = await createToken(
Object.assign({}, secp256k1Options, { exp: '0 s' }),
);
await assertFailure(
verifyJWT('Bearer', token),
'JWT is expired',
403,
);
});
it('should fail if token not meant for Glider', async () => {
const token = await createToken(
Object.assign({}, secp256k1Options, { aud: 'not:glider' }),
);
await assertFailure(
verifyJWT('Bearer', token),
'JWT recipient is not Glider',
403,
);
});
it('should fail if issuer not provided', async () => {
const token = await createToken(
Object.assign({}, secp256k1Options, { iss: '', fragment: '' }),
);
await assertFailure(
verifyJWT('Bearer', token),
'JWT is missing issuing ORG.ID',
403,
);
});
it('should fail if signature not valid', async () => {
await assertFailure(
verifyJWT('Bearer', secp256k1Jwt + 'wrong=='),
'JWT signature verification failed',
403,
);
});
it('should verify token secp256k1', async () => {
const { aud, iss, exp } = await verifyJWT('Bearer', secp256k1Jwt);
(iss).should.equal(`${secp256k1Options.iss}#${secp256k1Options.fragment}`);
(aud).should.equal(secp256k1Options.aud);
(exp).should.be.a('number');
});
});
});