diff --git a/packages/auth/src/accessToken/routes.test.ts b/packages/auth/src/accessToken/routes.test.ts index 1d31dabf7c..10ba6d1878 100644 --- a/packages/auth/src/accessToken/routes.test.ts +++ b/packages/auth/src/accessToken/routes.test.ts @@ -16,11 +16,7 @@ import { AccessToken } from './model' import { Access } from '../access/model' import { AccessTokenRoutes } from './routes' import { createContext } from '../tests/context' -import { - TEST_KID_PATH, - KEY_REGISTRY_ORIGIN, - TEST_CLIENT_KEY -} from '../grant/routes.test' +import { KID_PATH, KID_ORIGIN, TEST_CLIENT_KEY } from '../grant/routes.test' describe('Access Token Routes', (): void => { let deps: IocContract @@ -55,7 +51,7 @@ describe('Access Token Routes', (): void => { finishMethod: FinishMethod.Redirect, finishUri: 'https://example.com/finish', clientNonce: crypto.randomBytes(8).toString('hex').toUpperCase(), - clientKeyId: KEY_REGISTRY_ORIGIN + TEST_KID_PATH, + clientKeyId: KID_ORIGIN + KID_PATH, interactId: v4(), interactRef: crypto.randomBytes(8).toString('hex').toUpperCase(), interactNonce: crypto.randomBytes(8).toString('hex').toUpperCase() @@ -125,8 +121,8 @@ describe('Access Token Routes', (): void => { }) test('Successfully introspects valid token', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] }) @@ -176,8 +172,8 @@ describe('Access Token Routes', (): void => { }) test('Successfully introspects expired token', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] }) @@ -252,8 +248,8 @@ describe('Access Token Routes', (): void => { }) test('Returns status 204 if token has not expired', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] }) @@ -281,8 +277,8 @@ describe('Access Token Routes', (): void => { }) test('Returns status 204 if token has expired', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] }) diff --git a/packages/auth/src/client/service.test.ts b/packages/auth/src/client/service.test.ts index 63c77f7f28..fd7107a901 100644 --- a/packages/auth/src/client/service.test.ts +++ b/packages/auth/src/client/service.test.ts @@ -16,9 +16,8 @@ import { Grant, GrantState, StartMethod, FinishMethod } from '../grant/model' import { Access } from '../access/model' import { AccessToken } from '../accessToken/model' import { AccessType, Action } from '../access/types' -import { TEST_CLIENT_KEY } from '../grant/routes.test' +import { KID_ORIGIN, TEST_CLIENT_KEY } from '../grant/routes.test' -const KEY_REGISTRY_ORIGIN = 'https://openpayments.network' const TEST_CLIENT_DISPLAY = { name: 'Test Client', url: 'https://example.com' @@ -26,7 +25,7 @@ const TEST_CLIENT_DISPLAY = { const TEST_KID_PATH = '/keys/test-key' const TEST_PUBLIC_KEY = { - kid: KEY_REGISTRY_ORIGIN + TEST_KID_PATH, + kid: KID_ORIGIN + TEST_KID_PATH, x: 'hin88zzQxp79OOqIFNCME26wMiz0yqjzgkcBe0MW8pE', kty: 'OKP', alg: 'EdDSA', @@ -153,7 +152,7 @@ describe('Client Service', (): void => { finishMethod: FinishMethod.Redirect, finishUri: 'https://example.com/finish', clientNonce: crypto.randomBytes(8).toString('hex').toUpperCase(), - clientKeyId: KEY_REGISTRY_ORIGIN + TEST_KID_PATH, + clientKeyId: KID_ORIGIN + TEST_KID_PATH, interactId: v4(), interactRef: crypto.randomBytes(8).toString('hex').toUpperCase(), interactNonce: crypto.randomBytes(8).toString('hex').toUpperCase() @@ -209,7 +208,7 @@ describe('Client Service', (): void => { }) test('Validate POST / request with middleware', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk], @@ -242,7 +241,7 @@ describe('Client Service', (): void => { }) test('Validate /introspect request with middleware', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] @@ -273,7 +272,7 @@ describe('Client Service', (): void => { }) test('Validate DEL /token request with middleware', async () => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] @@ -347,7 +346,7 @@ describe('Client Service', (): void => { }) test('httpsig middleware fails if headers are invalid', async () => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { keys: [TEST_CLIENT_KEY.jwk] @@ -387,14 +386,14 @@ describe('Client Service', (): void => { nbfDate.setTime(nbfDate.getTime() - 1000 * 60 * 60) describe('Client Properties', (): void => { test('Can validate client properties with registry', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get('/keys/correct') .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ { ...TEST_PUBLIC_KEY, - kid: KEY_REGISTRY_ORIGIN + '/keys/correct', + kid: KID_ORIGIN + '/keys/correct', exp: Math.round(expDate.getTime() / 1000), nbf: Math.round(nbfDate.getTime() / 1000), revoked: false @@ -408,7 +407,7 @@ describe('Client Service', (): void => { proof: 'httpsig', jwk: { ...TEST_PUBLIC_KEY, - kid: KEY_REGISTRY_ORIGIN + '/keys/correct' + kid: KID_ORIGIN + '/keys/correct' } } }) @@ -418,7 +417,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with incorrect display name', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { display: { @@ -448,7 +447,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with incorrect uri', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { ...TEST_PUBLIC_KEY, @@ -477,7 +476,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with kid that doesnt resolve', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN).get('/wrong').reply(200) + const scope = nock(KID_ORIGIN).get('/wrong').reply(200) const validClientKid = await clientService.validateClientWithRegistry({ display: TEST_CLIENT_DISPLAY, @@ -495,7 +494,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with jwk that doesnt have a public key', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get(TEST_KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, @@ -585,7 +584,7 @@ describe('Client Service', (): void => { test('Cannot validate client with key that is not ready', async (): Promise => { const futureDate = new Date() futureDate.setTime(futureDate.getTime() + 1000 * 60 * 60) - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get('/keys/notready') .reply(200, { ...TEST_CLIENT_DISPLAY, @@ -605,7 +604,7 @@ describe('Client Service', (): void => { proof: 'httpsig', jwk: { ...TEST_PUBLIC_KEY, - kid: KEY_REGISTRY_ORIGIN + '/keys/notready' + kid: KID_ORIGIN + '/keys/notready' } } }) @@ -615,7 +614,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with expired key', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get('/keys/invalidclient') .reply(200, { ...TEST_CLIENT_DISPLAY, @@ -635,7 +634,7 @@ describe('Client Service', (): void => { proof: 'httpsig', jwk: { ...TEST_PUBLIC_KEY, - kid: KEY_REGISTRY_ORIGIN + '/keys/invalidclient' + kid: KID_ORIGIN + '/keys/invalidclient' } } }) @@ -645,7 +644,7 @@ describe('Client Service', (): void => { }) test('Cannot validate client with revoked key', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) + const scope = nock(KID_ORIGIN) .get('/keys/revoked') .reply(200, { ...TEST_CLIENT_DISPLAY, @@ -665,7 +664,7 @@ describe('Client Service', (): void => { proof: 'httpsig', jwk: { ...TEST_PUBLIC_KEY, - kid: KEY_REGISTRY_ORIGIN + '/keys/revoked' + kid: KID_ORIGIN + '/keys/revoked' } } }) diff --git a/packages/auth/src/grant/routes.test.ts b/packages/auth/src/grant/routes.test.ts index 77e9b251af..a8f8ae9bb7 100644 --- a/packages/auth/src/grant/routes.test.ts +++ b/packages/auth/src/grant/routes.test.ts @@ -19,8 +19,8 @@ import { Grant, StartMethod, FinishMethod, GrantState } from '../grant/model' import { GrantRequest } from '../grant/service' import { AccessToken } from '../accessToken/model' -export const KEY_REGISTRY_ORIGIN = 'https://openpayments.network' -export const TEST_KID_PATH = '/keys/base-test-key' +export const KID_ORIGIN = 'https://openpayments.network' +export const KID_PATH = '/keys/base-test-key' export const TEST_CLIENT_DISPLAY = { name: 'Test Client', url: 'https://example.com' @@ -30,7 +30,7 @@ export const TEST_CLIENT_DISPLAY = { export const TEST_CLIENT_KEY = { proof: 'httpsig', jwk: { - kid: KEY_REGISTRY_ORIGIN + TEST_KID_PATH, + kid: KID_ORIGIN + KID_PATH, x: 'hin88zzQxp79OOqIFNCME26wMiz0yqjzgkcBe0MW8pE', kty: 'OKP', alg: 'EdDSA', @@ -119,7 +119,7 @@ const generateBaseGrant = () => ({ finishMethod: FinishMethod.Redirect, finishUri: 'https://example.com', clientNonce: crypto.randomBytes(8).toString('hex').toUpperCase(), - clientKeyId: KEY_REGISTRY_ORIGIN + TEST_KID_PATH, + clientKeyId: KID_ORIGIN + KID_PATH, interactId: v4(), interactRef: v4(), interactNonce: crypto.randomBytes(8).toString('hex').toUpperCase() @@ -182,8 +182,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -231,8 +231,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -279,8 +279,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -327,8 +327,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -376,8 +376,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -424,8 +424,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -472,8 +472,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -520,8 +520,8 @@ describe('Grant Routes', (): void => { } } - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -606,8 +606,8 @@ describe('Grant Routes', (): void => { const nbfDate = new Date() nbfDate.setTime(nbfDate.getTime() - 1000 * 60 * 60) - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -660,8 +660,8 @@ describe('Grant Routes', (): void => { const nbfDate = new Date() nbfDate.setTime(nbfDate.getTime() - 1000 * 60 * 60) - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -712,8 +712,8 @@ describe('Grant Routes', (): void => { describe('interaction', (): void => { describe('interaction start', (): void => { test('Interaction start fails if grant is invalid', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [ @@ -751,7 +751,7 @@ describe('Grant Routes', (): void => { finishMethod: FinishMethod.Redirect, finishUri: 'https://example.com', clientNonce: crypto.randomBytes(8).toString('hex').toUpperCase(), - clientKeyId: KEY_REGISTRY_ORIGIN + '/wrong-key', + clientKeyId: KID_ORIGIN + '/wrong-key', interactId: v4(), interactRef: v4(), interactNonce: crypto.randomBytes(8).toString('hex').toUpperCase() @@ -779,8 +779,8 @@ describe('Grant Routes', (): void => { }) test('Can start an interaction', async (): Promise => { - const scope = nock(KEY_REGISTRY_ORIGIN) - .get(TEST_KID_PATH) + const scope = nock(KID_ORIGIN) + .get(KID_PATH) .reply(200, { ...TEST_CLIENT_DISPLAY, keys: [