1
1
import { expect } from 'chai' ;
2
2
import * as request from 'request' ;
3
+ import { base64url } from 'rfc4648' ;
4
+ import { TextEncoder } from 'util' ;
3
5
4
6
import { User } from './config_types' ;
5
7
import { OpenIDConnectAuth } from './oidc_auth' ;
6
8
9
+ function encode ( value : string ) : string {
10
+ return base64url . stringify ( new TextEncoder ( ) . encode ( value ) ) ;
11
+ }
12
+
13
+ function makeJWT ( header : string , payload : object , signature : string ) : string {
14
+ return encode ( header ) + '.' + encode ( JSON . stringify ( payload ) ) + '.' + encode ( signature ) ;
15
+ }
16
+
7
17
describe ( 'OIDCAuth' , ( ) => {
8
- const auth = new OpenIDConnectAuth ( ) ;
18
+ var auth : OpenIDConnectAuth ;
19
+ beforeEach ( ( ) => {
20
+ auth = new OpenIDConnectAuth ( ) ;
21
+ } ) ;
22
+
23
+ it ( 'should correctly parse a JWT' , ( ) => {
24
+ const jwt = OpenIDConnectAuth . decodeJWT (
25
+ 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.5mhBHqs5_DTLdINd9p5m7ZJ6XD0Xc55kIaCRY5r6HRA' ,
26
+ ) ;
27
+ expect ( jwt ) . to . not . be . null ;
28
+ } ) ;
29
+
30
+ it ( 'should correctly parse time from token' , ( ) => {
31
+ const time = Math . floor ( Date . now ( ) / 1000 ) ;
32
+ const token = makeJWT ( '{}' , { exp : time } , 'fake' ) ;
33
+ const timeOut = OpenIDConnectAuth . expirationFromToken ( token ) ;
34
+
35
+ expect ( timeOut ) . to . equal ( time ) ;
36
+ } ) ;
37
+
9
38
it ( 'should be true for oidc user' , ( ) => {
10
39
const user = {
11
40
authProvider : {
@@ -52,11 +81,13 @@ describe('OIDCAuth', () => {
52
81
} ) ;
53
82
54
83
it ( 'authorization should be undefined if client-id missing' , async ( ) => {
84
+ const past = 100 ;
85
+ const token = makeJWT ( '{}' , { exp : past } , 'fake' ) ;
55
86
const user = {
56
87
authProvider : {
57
88
name : 'oidc' ,
58
89
config : {
59
- 'id-token' : 'fakeToken' ,
90
+ 'id-token' : token ,
60
91
'client-secret' : 'clientsecret' ,
61
92
'refresh-token' : 'refreshtoken' ,
62
93
'idp-issuer-url' : 'https://www.google.com/' ,
@@ -91,11 +122,13 @@ describe('OIDCAuth', () => {
91
122
} ) ;
92
123
93
124
it ( 'authorization should be undefined if refresh-token missing' , async ( ) => {
125
+ const past = 100 ;
126
+ const token = makeJWT ( '{}' , { exp : past } , 'fake' ) ;
94
127
const user = {
95
128
authProvider : {
96
129
name : 'oidc' ,
97
130
config : {
98
- 'id-token' : 'fakeToken' ,
131
+ 'id-token' : token ,
99
132
'client-id' : 'id' ,
100
133
'client-secret' : 'clientsecret' ,
101
134
'idp-issuer-url' : 'https://www.google.com/' ,
@@ -109,12 +142,35 @@ describe('OIDCAuth', () => {
109
142
expect ( opts . headers . Authorization ) . to . be . undefined ;
110
143
} ) ;
111
144
145
+ it ( 'authorization should work if refresh-token missing but token is unexpired' , async ( ) => {
146
+ const future = Date . now ( ) / 1000 + 1000000 ;
147
+ const token = makeJWT ( '{}' , { exp : future } , 'fake' ) ;
148
+ const user = {
149
+ authProvider : {
150
+ name : 'oidc' ,
151
+ config : {
152
+ 'id-token' : token ,
153
+ 'client-id' : 'id' ,
154
+ 'client-secret' : 'clientsecret' ,
155
+ 'idp-issuer-url' : 'https://www.google.com/' ,
156
+ } ,
157
+ } ,
158
+ } as User ;
159
+
160
+ const opts = { } as request . Options ;
161
+ opts . headers = [ ] ;
162
+ await auth . applyAuthentication ( user , opts ) ;
163
+ expect ( opts . headers . Authorization ) . to . equal ( `Bearer ${ token } ` ) ;
164
+ } ) ;
165
+
112
166
it ( 'authorization should be undefined if idp-issuer-url missing' , async ( ) => {
167
+ const past = 100 ;
168
+ const token = makeJWT ( '{}' , { exp : past } , 'fake' ) ;
113
169
const user = {
114
170
authProvider : {
115
171
name : 'oidc' ,
116
172
config : {
117
- 'id-token' : 'fakeToken' ,
173
+ 'id-token' : token ,
118
174
'client-id' : 'id' ,
119
175
'client-secret' : 'clientsecret' ,
120
176
'refresh-token' : 'refreshtoken' ,
0 commit comments