Refactor tests and how key staleness is calculated

fireauth.go

@@ -20,14 +20,13 @@ type claimTimeOverride struct {
 
 // FireAuth module to verify and extract information from Firebase JWT tokens
 type FireAuth struct {
-	ProjectID          string
-	publicKeys         map[string]*rsa.PublicKey
-	cacheControlMaxAge int64
-	keysLastUpdatesd   int64
-	KeyURL             string
-	IssPrefix          string
-	Clock              clock.Clock
-	claimTimeOverride  *claimTimeOverride
+	ProjectID         string
+	publicKeys        map[string]*rsa.PublicKey
+	keyExpire         int64
+	KeyURL            string
+	IssPrefix         string
+	Clock             clock.Clock
+	claimTimeOverride *claimTimeOverride
 	sync.RWMutex
 }
 
@@ -128,7 +127,7 @@ func (fb *FireAuth) Verify(accessToken string) (string, jwt.Claims, error) {
 
 // checks if the current FireAuth keys are stale and therefore need updating
 func (fb *FireAuth) keysStale() bool {
-	return (fb.Clock.Now().UnixNano() - fb.keysLastUpdatesd) > fb.cacheControlMaxAge
+	return fb.Clock.Now().Unix() > fb.keyExpire
 }
 
 // UpdatePublicKeys retrieves the latest Firebase keys
@@ -147,7 +146,7 @@ func (fb *FireAuth) UpdatePublicKeys() error {
 	if err != nil {
 		return err
 	}
-	fb.cacheControlMaxAge = maxAge
+	expire := fb.Clock.Now().Unix() + maxAge
 
 	fb.publicKeys = make(map[string]*rsa.PublicKey)
 	for kid, token := range serverTokens {
@@ -158,7 +157,7 @@ func (fb *FireAuth) UpdatePublicKeys() error {
 		fb.publicKeys[kid] = publicKey
 	}
 
-	fb.keysLastUpdatesd = fb.Clock.Now().Unix()
+	fb.keyExpire = expire
 
 	return nil
 }

fireauth_integration_test.go

@@ -3,8 +3,6 @@
 package fireauth
 
 import (
-	"time"
-
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
@@ -18,14 +16,11 @@ var _ = Describe("fireauth integration test", func() {
 
 	BeforeEach(func() {
 		firebase, err = New("example project")
-	})
-
-	It("should not thow an error", func() {
 		Expect(err).NotTo(HaveOccurred())
+		_, _, err = firebase.Verify(token)
 	})
 
-	It("should have updated keys in the last second", func() {
-		timeKeysLastUpdated := time.Unix(firebase.keysLastUpdatesd, 0)
-		Expect(timeKeysLastUpdated).Should(BeTemporally("~", firebase.Clock.Now(), time.Second))
+	It("should return token is expired error", func() {
+		Expect(err).To(Equal(ErrTokenExpired))
 	})
 })

fireauth_suite_test.go

@@ -12,6 +12,8 @@ import (
 var (
 	jsonKeys  string
 	jsonKeys2 string
+	token     string
+	token2    string
 )
 
 func TestAuth(t *testing.T) {
@@ -27,4 +29,12 @@ var _ = BeforeSuite(func() {
 	content, err = ioutil.ReadFile("testdata/keys2.json")
 	Expect(err).NotTo(HaveOccurred())
 	jsonKeys2 = string(content)
+
+	content, err = ioutil.ReadFile("testdata/token.txt")
+	Expect(err).NotTo(HaveOccurred())
+	token = string(content)
+
+	content, err = ioutil.ReadFile("testdata/token2.txt")
+	Expect(err).NotTo(HaveOccurred())
+	token2 = string(content)
 })

fireauth_test.go

@@ -2,7 +2,6 @@ package fireauth
 
 import (
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"time"
@@ -18,20 +17,12 @@ var _ = Describe("fireauth", func() {
 
 	var (
 		firebase  *FireAuth
-		token     string
 		mockClock *clock.Mock
 		err       error
 	)
 
 	BeforeEach(func() {
 
-		if token == "" {
-			var content []byte
-			content, err = ioutil.ReadFile("testdata/token.txt")
-			Expect(err).NotTo(HaveOccurred())
-			token = string(content)
-		}
-
 		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set(HeaderCacheControl, "..., max-age=19008, ...")
 			fmt.Fprintln(w, jsonKeys)
@@ -92,11 +83,6 @@ var _ = Describe("fireauth", func() {
 
 			BeforeEach(func() {
 
-				var content []byte
-				content, err = ioutil.ReadFile("testdata/token2.txt")
-				Expect(err).NotTo(HaveOccurred())
-				token2 := string(content)
-
 				claimTimeOverride := &claimTimeOverride{
 					exp: time.Now().Unix() + 1000,
 					iat: mockClock.Now().Unix() - 1000,
@@ -183,16 +169,39 @@ var _ = Describe("fireauth", func() {
 		})
 
 		Specify("max-age should now be 1337", func() {
-			Expect(firebase.cacheControlMaxAge).To(Equal(int64(1337)))
+			maxAge := firebase.keyExpire - mockClock.Now().Unix()
+			Expect(maxAge).To(Equal(int64(1337)))
 		})
 
 		Specify("Firebase should now have 2 keys", func() {
 			Expect(len(firebase.publicKeys)).To(Equal(2))
 		})
 
-		It("should have updated keys in the last second", func() {
-			timeKeysLastUpdated := time.Unix(firebase.keysLastUpdatesd, 0)
-			Expect(timeKeysLastUpdated).Should(BeTemporally("~", firebase.Clock.Now(), time.Second))
+	})
+
+	Describe("non stale keys don't need updated", func() {
+
+		BeforeEach(func() {
+
+			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Set(HeaderCacheControl, "..., max-age=1337, ...")
+				fmt.Fprintln(w, jsonKeys2)
+			}))
+			defer ts.Close()
+			firebase.KeyURL = ts.URL
+
+			mockClock.Set(time.Date(2016, time.February, 02, 8, 0, 0, 0, time.UTC))
+
+			firebase.Verify(token)
+		})
+
+		Specify("max-age should still be 19008", func() {
+			maxAge := firebase.keyExpire - mockClock.Now().Unix()
+			Expect(maxAge).To(Equal(int64(19008)))
+		})
+
+		Specify("Firebase should still have 4 keys", func() {
+			Expect(len(firebase.publicKeys)).To(Equal(4))
 		})
 
 	})