-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: signing validate jwks instead a single jwk
- Loading branch information
1 parent
2bdd8b7
commit e756c37
Showing
10 changed files
with
154 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 0 additions & 2 deletions
2
src/NetDevPack.Security.Jwt.AspNetCore/JwtPostConfigureOptions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
using Microsoft.AspNetCore.Mvc.Testing; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using Microsoft.IdentityModel.JsonWebTokens; | ||
using Microsoft.IdentityModel.Tokens; | ||
using NetDevPack.Security.Jwt.Core.Interfaces; | ||
using System.Security.Claims; | ||
using AspNet.Default; | ||
using FluentAssertions; | ||
using System.Net.Http.Headers; | ||
|
||
namespace NetDevPack.Security.Jwt.AspNetCoreTests; | ||
|
||
public class JwtTests : IClassFixture<WebApplicationFactory<Program>> | ||
{ | ||
private readonly WebApplicationFactory<Program> _factory; | ||
|
||
// Top level statement Program.cs problem. | ||
class FakeApplication : WebApplicationFactory<Program> | ||
{ | ||
} | ||
public JwtTests() | ||
{ | ||
_factory = new FakeApplication(); | ||
} | ||
|
||
[Fact] | ||
public async Task Should_Validate_Jws() | ||
{ | ||
// Arrange | ||
using var scope = _factory.Services.CreateScope(); | ||
var scopedServices = scope.ServiceProvider; | ||
var jwtService = scopedServices.GetRequiredService<IJwtService>(); | ||
var customClaims = FakeClaims.GenerateClaim().Generate(5); | ||
var currentKey = await jwtService.GetCurrentSigningCredentials(); | ||
var jws = CreateJws(currentKey, customClaims); | ||
|
||
var client = _factory.CreateClient(); | ||
var response = await client.GetAsync($"validate-jws/{jws}"); | ||
|
||
response.IsSuccessStatusCode.Should().BeTrue(); | ||
|
||
var claims = await System.Text.Json.JsonSerializer.DeserializeAsync<Dictionary<string, object>>(await response.Content.ReadAsStreamAsync()); | ||
claims.Should().Contain(a => a.Key == customClaims.First().Type); | ||
} | ||
|
||
[Fact] | ||
public async Task Should_Validate_Jws_With_A_Revoked_Key() | ||
{ | ||
// Arrange | ||
using var scope = _factory.Services.CreateScope(); | ||
var scopedServices = scope.ServiceProvider; | ||
var jwtService = scopedServices.GetRequiredService<IJwtService>(); | ||
var customClaims = FakeClaims.GenerateClaim().Generate(5); | ||
var currentKey = await jwtService.GetCurrentSigningCredentials(); | ||
var jws = CreateJws(currentKey, customClaims); | ||
|
||
await jwtService.RevokeKey(currentKey.Key.KeyId); | ||
|
||
|
||
var client = _factory.CreateClient(); | ||
var request = new HttpRequestMessage(HttpMethod.Get, "https://localhost/protected-endpoint"); | ||
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", jws); | ||
var response = await client.SendAsync(request); | ||
|
||
response.IsSuccessStatusCode.Should().BeTrue(); | ||
} | ||
|
||
|
||
private static string CreateJws(SigningCredentials key, List<Claim> claims) | ||
{ | ||
var handler = new JsonWebTokenHandler(); | ||
var now = DateTime.Now; | ||
var descriptor = new SecurityTokenDescriptor | ||
{ | ||
Issuer = "https://www.devstore.academy", // <- Your website | ||
Audience = "NetDevPack.Security.Jwt.AspNet", | ||
IssuedAt = now, | ||
NotBefore = now, | ||
Expires = now.AddMinutes(60), | ||
Subject = new ClaimsIdentity(claims), | ||
SigningCredentials = key | ||
}; | ||
|
||
return handler.CreateToken(descriptor); | ||
} | ||
|
||
} |
31 changes: 31 additions & 0 deletions
31
tests/NetDevPack.Security.Jwt.AspNetCoreTests/NetDevPack.Security.Jwt.AspNetCoreTests.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<TargetFramework>net7.0</TargetFramework> | ||
<ImplicitUsings>enable</ImplicitUsings> | ||
<Nullable>enable</Nullable> | ||
|
||
<IsPackable>false</IsPackable> | ||
<IsTestProject>true</IsTestProject> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<PackageReference Include="FluentAssertions" Version="6.11.0" /> | ||
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="7.0.5" /> | ||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.2" /> | ||
<PackageReference Include="xunit" Version="2.4.2" /> | ||
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.5"> | ||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
<PrivateAssets>all</PrivateAssets> | ||
</PackageReference> | ||
<PackageReference Include="coverlet.collector" Version="6.0.0"> | ||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
<PrivateAssets>all</PrivateAssets> | ||
</PackageReference> | ||
</ItemGroup> | ||
|
||
<ItemGroup> | ||
<ProjectReference Include="..\..\samples\1_AspNet.Default\AspNet.Default.csproj" /> | ||
</ItemGroup> | ||
|
||
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
global using Xunit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters