More test cases.

jaredhanson · Jan 26, 2016 · b044e8b · b044e8b
1 parent b064fb5
commit b044e8b
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 7 deletions.
diff --git a/lib/encode/sat.js b/lib/encode/sat.js
@@ -26,6 +26,7 @@ module.exports = function(options) {
   return function sat(claims, cb) {
     var payload = {}
       , header, token, val;
+
     payload.jti = claims.id;
     payload.iss = issuer;
     payload.sub = claims.subject;
@@ -34,19 +35,15 @@ module.exports = function(options) {
     payload.iat = Math.floor(Date.now() / 1000);
 
     // see note in ../decode/sat.js about use of scope
-    if(Array.isArray(claims.scope)) { claims.scope = claims.scope.join(' '); }
-    if(typeof claims.scope == 'string') { payload.scope = claims.scope; }
+    payload.scope = Array.isArray(claims.scope) ? claims.scope.join(' ') : claims.scope;
 
     val = claims.expiresAt;
     if (val instanceof Date) {
       payload.exp = Math.floor(val.getTime() / 1000);
-    } else {
-      return cb(new NotValidError('Structured access token requires an expiration time claim'));
     }
     val = claims.notBefore;
     if (val instanceof Date) {
-      // FIXME: This should be nbf
-      payload.exp = Math.floor(val.getTime() / 1000);
+      payload.nbf = Math.floor(val.getTime() / 1000);
     }
 
     if (typeof key == 'function') {
@@ -70,7 +67,7 @@ module.exports = function(options) {
       } catch (ex) {
         return cb(ex);
       }
-      if (!token) { return cb(new Error('jws.sign failed')); }
+      if (!token) { return cb(new Error('Failed to sign JWT')); }
       cb(null, token);
     }
   }

diff --git a/test/encode/sat.test.js b/test/encode/sat.test.js
@@ -56,6 +56,92 @@ describe('encode.sat', function() {
         expect(ok).to.be.true;
       });
     });
+
+    describe('encoding standard claims, with multiple scopes', function() {
+      var claims = { id: '11-22-33',
+                     subject: '1234',
+                     audience: 'http://www.example.net/',
+                     authorizedPresenter: 'abcd',
+                     scope: ['foo', 'bar'],
+                     expiresAt: new Date(1390309288) };
+
+      var token;
+      before(function(done){
+        encode(claims, function(err, t){
+          token = t;
+          done(err);
+        });
+      });
+
+      it('should encode claims', function() {
+        expect(token.length).to.equal(420);
+        var d = jws.decode(token);
+
+        expect(d.header).to.be.an('object');
+        expect(Object.keys(d.header)).to.have.length(2);
+        expect(d.header.typ).to.equal('JWT');
+        expect(d.header.alg).to.equal('RS256');
+
+        expect(d.payload).to.be.an('object');
+        expect(Object.keys(d.payload)).to.have.length(8);
+        expect(d.payload.jti).to.equal('11-22-33');
+        expect(d.payload.iss).to.equal('https://www.example.com/');
+        expect(d.payload.sub).to.equal('1234');
+        expect(d.payload.azp).to.equal('abcd');
+        expect(d.payload.scope).to.equal('foo bar');
+        expect(d.payload.aud).to.equal('http://www.example.net/');
+        expect(d.payload.iat).to.be.within(Math.floor((Date.now() - 2) / 1000), Math.floor(Date.now() / 1000));
+        expect(d.payload.exp).to.equal(1390309);
+      });
+
+      it('should have verifiable signature', function() {
+        var ok = jws.verify(token, 'RS256', fs.readFileSync(__dirname + '/../keys/rsa/cert.pem') );
+        expect(ok).to.be.true;
+      });
+    });
+
+    describe('encoding standard claims, without scope', function() {
+      var claims = { id: '11-22-33',
+                     subject: '1234',
+                     audience: 'http://www.example.net/',
+                     authorizedPresenter: 'abcd',
+                     expiresAt: new Date(1390309288) };
+
+      var token;
+      before(function(done){
+        encode(claims, function(err, t){
+          token = t;
+          done(err);
+        });
+      });
+
+      it('should encode claims', function() {
+        expect(token.length).to.equal(396);
+        var d = jws.decode(token);
+
+        expect(d.header).to.be.an('object');
+        expect(Object.keys(d.header)).to.have.length(2);
+        expect(d.header.typ).to.equal('JWT');
+        expect(d.header.alg).to.equal('RS256');
+
+        expect(d.payload).to.be.an('object');
+        expect(Object.keys(d.payload)).to.have.length(7);
+        expect(d.payload.jti).to.equal('11-22-33');
+        expect(d.payload.iss).to.equal('https://www.example.com/');
+        expect(d.payload.sub).to.equal('1234');
+        expect(d.payload.azp).to.equal('abcd');
+        expect(d.payload.aud).to.equal('http://www.example.net/');
+        expect(d.payload.iat).to.be.within(Math.floor((Date.now() - 2) / 1000), Math.floor(Date.now() / 1000));
+        expect(d.payload.exp).to.equal(1390309);
+      });
+
+      it('should have verifiable signature', function() {
+        var ok = jws.verify(token, 'RS256', fs.readFileSync(__dirname + '/../keys/rsa/cert.pem') );
+        expect(ok).to.be.true;
+      });
+    });
   });
 
+
+
 });