technofab/jwt-authorizer
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jwt-authorizer.git synced 2025-12-12 16:10:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: tests

Browse source
This commit is contained in:
cduvray 2023-02-06 23:02:21 +01:00
parent 3a6a31b418
commit a58b367c90
1 changed files with 51 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

96
jwt-authorizer/src/tests.rs → jwt-authorizer/tests/tests.rs
View file

@ -1,12 +1,14 @@
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::{JwtClaims, JwtAuthorizer};
use axum::{ use axum::{
body::Body, body::Body,
http::{Request, StatusCode}, http::{Request, StatusCode},
routing::get, Router, response::Response, response::Response,
routing::get,
Router,
}; };
use http::{header, HeaderValue}; use http::{header, HeaderValue};
use jwt_authorizer::{JwtAuthorizer, JwtClaims};
use serde::Deserialize; use serde::Deserialize;
use tower::ServiceExt; use tower::ServiceExt;
@ -17,49 +19,51 @@ mod tests {
sub: String, sub: String,
} }
fn app(jwt_auth: JwtAuthorizer<User>) -> Router { async fn app(jwt_auth: JwtAuthorizer<User>) -> Router {
Router::new().route("/public", get(|| async { "hello" })).route(
Router::new() "/protected",
.route("/public", get(|| async { "hello" })) get(|JwtClaims(user): JwtClaims<User>| async move { format!("hello: {}", user.sub) })
.route( .layer(jwt_auth.layer().await.unwrap()),
"/protected", )
get(|JwtClaims(user): JwtClaims<User>| async move {
format!("hello: {}", user.sub)
})
.layer(jwt_auth.layer().unwrap()),
)
} }
async fn make_proteced_request(jwt_auth: JwtAuthorizer<User>, bearer: &str) -> Response { async fn make_proteced_request(jwt_auth: JwtAuthorizer<User>, bearer: &str) -> Response {
app(jwt_auth) app(jwt_auth)
.oneshot(Request::builder().uri("/protected").header("Authorization", bearer).body(Body::empty()).unwrap()) .await
.oneshot(
Request::builder()
.uri("/protected")
.header("Authorization", bearer)
.body(Body::empty())
.unwrap(),
)
.await .await
.unwrap() .unwrap()
} }
#[tokio::test] #[tokio::test]
async fn protected_without_jwt() { async fn protected_without_jwt() {
let jwt_auth: JwtAuthorizer<User> = JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"); let jwt_auth: JwtAuthorizer<User> = JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub");
let response = app(jwt_auth) let response = app(jwt_auth)
.await
.oneshot(Request::builder().uri("/protected").body(Body::empty()).unwrap()) .oneshot(Request::builder().uri("/protected").body(Body::empty()).unwrap())
.await .await
.unwrap(); .unwrap();
assert_eq!(response.status(), StatusCode::UNAUTHORIZED); assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
assert!(response.headers().get(header::WWW_AUTHENTICATE).is_some(), "Must have a WWW-Authenticate header!"); assert!(
assert_eq!(response.headers().get(header::WWW_AUTHENTICATE).unwrap(), &"Bearer"); // TODO: realm="example" response.headers().get(header::WWW_AUTHENTICATE).is_some(),
"Must have a WWW-Authenticate header!"
);
assert_eq!(response.headers().get(header::WWW_AUTHENTICATE).unwrap(), &"Bearer");
// TODO: realm="example"
} }
#[tokio::test] #[tokio::test]
async fn protected_with_jwt() { async fn protected_with_jwt() {
let response = make_proteced_request(JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), JWT_RSA_OK).await;
let response = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"),
JWT_RSA_OK
).await;
assert_eq!(response.status(), StatusCode::OK); assert_eq!(response.status(), StatusCode::OK);
@ -69,11 +73,7 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn protected_with_bad_jwt() { async fn protected_with_bad_jwt() {
let response = make_proteced_request(JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), "xxx.xxx.xxx").await;
let response = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"),
"xxx.xxx.xxx"
).await;
assert_eq!(response.status(), StatusCode::UNAUTHORIZED); assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
// TODO: check error code (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1) // TODO: check error code (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
@ -81,48 +81,50 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn protected_with_claims_check() { async fn protected_with_claims_check() {
let rsp_ok = make_proteced_request( let rsp_ok = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|true), JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").check(|_| true),
JWT_RSA_OK JWT_RSA_OK,
).await; )
.await;
assert_eq!(rsp_ok.status(), StatusCode::OK); assert_eq!(rsp_ok.status(), StatusCode::OK);
let rsp_ko = make_proteced_request( let rsp_ko = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|false), JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").check(|_| false),
JWT_RSA_OK JWT_RSA_OK,
).await; )
.await;
assert_eq!(rsp_ko.status(), StatusCode::FORBIDDEN); assert_eq!(rsp_ko.status(), StatusCode::FORBIDDEN);
let h = rsp_ko.headers().get(http::header::WWW_AUTHENTICATE); let h = rsp_ko.headers().get(http::header::WWW_AUTHENTICATE);
assert!(h.is_some(), "WWW-AUTHENTICATE header missing!"); assert!(h.is_some(), "WWW-AUTHENTICATE header missing!");
assert_eq!(h.unwrap(), HeaderValue::from_static("Bearer error=\"insufficient_scope\""), "Bad WWW-AUTHENTICATE header!"); assert_eq!(
h.unwrap(),
HeaderValue::from_static("Bearer error=\"insufficient_scope\""),
"Bad WWW-AUTHENTICATE header!"
);
} }
// Unreachable jwks endpoint, should build (endpoint can comme on line later ), // Unreachable jwks endpoint, should build (endpoint can comme on line later ),
// but should be 500 when checking. // but should be 500 when checking.
#[tokio::test] #[tokio::test]
async fn protected_with_bad_jwks_url() { async fn protected_with_bad_jwks_url() {
let response = make_proteced_request(JwtAuthorizer::from_jwks_url("http://bad-url/xxx/yyy"), JWT_RSA_OK).await;
let response = make_proteced_request(
JwtAuthorizer::from_jwks_url("http://bad-url/xxx/yyy"),
JWT_RSA_OK
).await;
assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR); assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
} }
#[tokio::test] #[tokio::test]
async fn extract_from_public_500() { async fn extract_from_public_500() {
let app = Router::new().route("/public", let app = Router::new().route(
get(|JwtClaims(user): JwtClaims<User>| async move { "/public",
format!("hello: {}", user.sub) get(|JwtClaims(user): JwtClaims<User>| async move { format!("hello: {}", user.sub) }),
})); );
let response = app.oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap()) let response = app
.await .oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap())
.unwrap(); .await
.unwrap();
assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR); assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
} }