From e8ada4476e0e04c9db2a9ddc9011cd9320ec1bcb Mon Sep 17 00:00:00 2001 From: Lewis Watson Date: Tue, 21 Feb 2017 21:16:25 +0000 Subject: [PATCH] Refactor tests and how key staleness is calculated --- fireauth.go | 21 ++++++++--------- fireauth_integration_test.go | 11 +++------ fireauth_suite_test.go | 10 ++++++++ fireauth_test.go | 45 +++++++++++++++++++++--------------- 4 files changed, 50 insertions(+), 37 deletions(-) diff --git a/fireauth.go b/fireauth.go index 147c020..b3400ec 100644 --- a/fireauth.go +++ b/fireauth.go @@ -20,14 +20,13 @@ type claimTimeOverride struct { // FireAuth module to verify and extract information from Firebase JWT tokens type FireAuth struct { - ProjectID string - publicKeys map[string]*rsa.PublicKey - cacheControlMaxAge int64 - keysLastUpdatesd int64 - KeyURL string - IssPrefix string - Clock clock.Clock - claimTimeOverride *claimTimeOverride + ProjectID string + publicKeys map[string]*rsa.PublicKey + keyExpire int64 + KeyURL string + IssPrefix string + Clock clock.Clock + claimTimeOverride *claimTimeOverride sync.RWMutex } @@ -128,7 +127,7 @@ func (fb *FireAuth) Verify(accessToken string) (string, jwt.Claims, error) { // checks if the current FireAuth keys are stale and therefore need updating func (fb *FireAuth) keysStale() bool { - return (fb.Clock.Now().UnixNano() - fb.keysLastUpdatesd) > fb.cacheControlMaxAge + return fb.Clock.Now().Unix() > fb.keyExpire } // UpdatePublicKeys retrieves the latest Firebase keys @@ -147,7 +146,7 @@ func (fb *FireAuth) UpdatePublicKeys() error { if err != nil { return err } - fb.cacheControlMaxAge = maxAge + expire := fb.Clock.Now().Unix() + maxAge fb.publicKeys = make(map[string]*rsa.PublicKey) for kid, token := range serverTokens { @@ -158,7 +157,7 @@ func (fb *FireAuth) UpdatePublicKeys() error { fb.publicKeys[kid] = publicKey } - fb.keysLastUpdatesd = fb.Clock.Now().Unix() + fb.keyExpire = expire return nil } diff --git a/fireauth_integration_test.go b/fireauth_integration_test.go index 7b8d285..8880484 100644 --- a/fireauth_integration_test.go +++ b/fireauth_integration_test.go @@ -3,8 +3,6 @@ package fireauth import ( - "time" - . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) @@ -18,14 +16,11 @@ var _ = Describe("fireauth integration test", func() { BeforeEach(func() { firebase, err = New("example project") - }) - - It("should not thow an error", func() { Expect(err).NotTo(HaveOccurred()) + _, _, err = firebase.Verify(token) }) - It("should have updated keys in the last second", func() { - timeKeysLastUpdated := time.Unix(firebase.keysLastUpdatesd, 0) - Expect(timeKeysLastUpdated).Should(BeTemporally("~", firebase.Clock.Now(), time.Second)) + It("should return token is expired error", func() { + Expect(err).To(Equal(ErrTokenExpired)) }) }) diff --git a/fireauth_suite_test.go b/fireauth_suite_test.go index e41818b..f8e1744 100644 --- a/fireauth_suite_test.go +++ b/fireauth_suite_test.go @@ -12,6 +12,8 @@ import ( var ( jsonKeys string jsonKeys2 string + token string + token2 string ) func TestAuth(t *testing.T) { @@ -27,4 +29,12 @@ var _ = BeforeSuite(func() { content, err = ioutil.ReadFile("testdata/keys2.json") Expect(err).NotTo(HaveOccurred()) jsonKeys2 = string(content) + + content, err = ioutil.ReadFile("testdata/token.txt") + Expect(err).NotTo(HaveOccurred()) + token = string(content) + + content, err = ioutil.ReadFile("testdata/token2.txt") + Expect(err).NotTo(HaveOccurred()) + token2 = string(content) }) diff --git a/fireauth_test.go b/fireauth_test.go index 162b6ce..a0881db 100644 --- a/fireauth_test.go +++ b/fireauth_test.go @@ -2,7 +2,6 @@ package fireauth import ( "fmt" - "io/ioutil" "net/http" "net/http/httptest" "time" @@ -18,20 +17,12 @@ var _ = Describe("fireauth", func() { var ( firebase *FireAuth - token string mockClock *clock.Mock err error ) BeforeEach(func() { - if token == "" { - var content []byte - content, err = ioutil.ReadFile("testdata/token.txt") - Expect(err).NotTo(HaveOccurred()) - token = string(content) - } - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set(HeaderCacheControl, "..., max-age=19008, ...") fmt.Fprintln(w, jsonKeys) @@ -92,11 +83,6 @@ var _ = Describe("fireauth", func() { BeforeEach(func() { - var content []byte - content, err = ioutil.ReadFile("testdata/token2.txt") - Expect(err).NotTo(HaveOccurred()) - token2 := string(content) - claimTimeOverride := &claimTimeOverride{ exp: time.Now().Unix() + 1000, iat: mockClock.Now().Unix() - 1000, @@ -183,16 +169,39 @@ var _ = Describe("fireauth", func() { }) Specify("max-age should now be 1337", func() { - Expect(firebase.cacheControlMaxAge).To(Equal(int64(1337))) + maxAge := firebase.keyExpire - mockClock.Now().Unix() + Expect(maxAge).To(Equal(int64(1337))) }) Specify("Firebase should now have 2 keys", func() { Expect(len(firebase.publicKeys)).To(Equal(2)) }) - It("should have updated keys in the last second", func() { - timeKeysLastUpdated := time.Unix(firebase.keysLastUpdatesd, 0) - Expect(timeKeysLastUpdated).Should(BeTemporally("~", firebase.Clock.Now(), time.Second)) + }) + + Describe("non stale keys don't need updated", func() { + + BeforeEach(func() { + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set(HeaderCacheControl, "..., max-age=1337, ...") + fmt.Fprintln(w, jsonKeys2) + })) + defer ts.Close() + firebase.KeyURL = ts.URL + + mockClock.Set(time.Date(2016, time.February, 02, 8, 0, 0, 0, time.UTC)) + + firebase.Verify(token) + }) + + Specify("max-age should still be 19008", func() { + maxAge := firebase.keyExpire - mockClock.Now().Unix() + Expect(maxAge).To(Equal(int64(19008))) + }) + + Specify("Firebase should still have 4 keys", func() { + Expect(len(firebase.publicKeys)).To(Equal(4)) }) })