technofab/jwt-authorizer
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jwt-authorizer.git synced 2025-12-11 23:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: tests

Browse source
This commit is contained in:
cduvray 2023-02-06 23:02:21 +01:00
parent 3a6a31b418
commit a58b367c90
1 changed files with 51 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

88
jwt-authorizer/src/tests.rs → jwt-authorizer/tests/tests.rs
View file

@ -1,12 +1,14 @@
#[cfg(test)]
mod tests {
use crate::{JwtClaims, JwtAuthorizer};
use axum::{
body::Body,
http::{Request, StatusCode},
routing::get, Router, response::Response,
response::Response,
routing::get,
Router,
};
use http::{header, HeaderValue};
use jwt_authorizer::{JwtAuthorizer, JwtClaims};
use serde::Deserialize;
use tower::ServiceExt;
@ -17,49 +19,51 @@ mod tests {
sub: String,
}
fn app(jwt_auth: JwtAuthorizer<User>) -> Router {
Router::new()
.route("/public", get(|| async { "hello" }))
.route(
async fn app(jwt_auth: JwtAuthorizer<User>) -> Router {
Router::new().route("/public", get(|| async { "hello" })).route(
"/protected",
get(|JwtClaims(user): JwtClaims<User>| async move {
format!("hello: {}", user.sub)
})
.layer(jwt_auth.layer().unwrap()),
get(|JwtClaims(user): JwtClaims<User>| async move { format!("hello: {}", user.sub) })
.layer(jwt_auth.layer().await.unwrap()),
)
}
async fn make_proteced_request(jwt_auth: JwtAuthorizer<User>, bearer: &str) -> Response {
app(jwt_auth)
.oneshot(Request::builder().uri("/protected").header("Authorization", bearer).body(Body::empty()).unwrap())
.await
.oneshot(
Request::builder()
.uri("/protected")
.header("Authorization", bearer)
.body(Body::empty())
.unwrap(),
)
.await
.unwrap()
}
#[tokio::test]
async fn protected_without_jwt() {
let jwt_auth: JwtAuthorizer<User> = JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub");
let response = app(jwt_auth)
.await
.oneshot(Request::builder().uri("/protected").body(Body::empty()).unwrap())
.await
.unwrap();
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
assert!(response.headers().get(header::WWW_AUTHENTICATE).is_some(), "Must have a WWW-Authenticate header!");
assert_eq!(response.headers().get(header::WWW_AUTHENTICATE).unwrap(), &"Bearer"); // TODO: realm="example"
assert!(
response.headers().get(header::WWW_AUTHENTICATE).is_some(),
"Must have a WWW-Authenticate header!"
);
assert_eq!(response.headers().get(header::WWW_AUTHENTICATE).unwrap(), &"Bearer");
// TODO: realm="example"
}
#[tokio::test]
async fn protected_with_jwt() {
let response = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"),
JWT_RSA_OK
).await;
let response = make_proteced_request(JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), JWT_RSA_OK).await;
assert_eq!(response.status(), StatusCode::OK);
@ -69,11 +73,7 @@ mod tests {
#[tokio::test]
async fn protected_with_bad_jwt() {
let response = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"),
"xxx.xxx.xxx"
).await;
let response = make_proteced_request(JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub"), "xxx.xxx.xxx").await;
assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
// TODO: check error code (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
@ -81,46 +81,48 @@ mod tests {
#[tokio::test]
async fn protected_with_claims_check() {
let rsp_ok = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|true),
JWT_RSA_OK
).await;
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").check(|_| true),
JWT_RSA_OK,
)
.await;
assert_eq!(rsp_ok.status(), StatusCode::OK);
let rsp_ko = make_proteced_request(
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").with_check(|_|false),
JWT_RSA_OK
).await;
JwtAuthorizer::from_rsa_pem("../config/jwtRS256.key.pub").check(|_| false),
JWT_RSA_OK,
)
.await;
assert_eq!(rsp_ko.status(), StatusCode::FORBIDDEN);
let h = rsp_ko.headers().get(http::header::WWW_AUTHENTICATE);
assert!(h.is_some(), "WWW-AUTHENTICATE header missing!");
assert_eq!(h.unwrap(), HeaderValue::from_static("Bearer error=\"insufficient_scope\""), "Bad WWW-AUTHENTICATE header!");
assert_eq!(
h.unwrap(),
HeaderValue::from_static("Bearer error=\"insufficient_scope\""),
"Bad WWW-AUTHENTICATE header!"
);
}
// Unreachable jwks endpoint, should build (endpoint can comme on line later ),
// but should be 500 when checking.
#[tokio::test]
async fn protected_with_bad_jwks_url() {
let response = make_proteced_request(
JwtAuthorizer::from_jwks_url("http://bad-url/xxx/yyy"),
JWT_RSA_OK
).await;
let response = make_proteced_request(JwtAuthorizer::from_jwks_url("http://bad-url/xxx/yyy"), JWT_RSA_OK).await;
assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
}
#[tokio::test]
async fn extract_from_public_500() {
let app = Router::new().route("/public",
get(|JwtClaims(user): JwtClaims<User>| async move {
format!("hello: {}", user.sub)
}));
let response = app.oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap())
let app = Router::new().route(
"/public",
get(|JwtClaims(user): JwtClaims<User>| async move { format!("hello: {}", user.sub) }),
);
let response = app
.oneshot(Request::builder().uri("/public").body(Body::empty()).unwrap())
.await
.unwrap();