Skip to content

Commit

Permalink
fix: use paseto configuration from getResourceServerInfo (#1150)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dev-Fabi @panva
dev-Fabi authored and panva committed Nov 28, 2021
1 parent 8d7116b commit 02c821d
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 38 deletions.
1 change: 1 addition & 0 deletions lib/helpers/resource_server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ module.exports = class ResourceServer {
this.accessTokenTTL = data.accessTokenTTL;
this.accessTokenFormat = data.accessTokenFormat;
this.jwt = data.jwt;
this.paseto = data.paseto;
}

get scopes() {
Expand Down
77 changes: 39 additions & 38 deletions test/formats/paseto.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ if (above16) {
paseto = require('paseto2');
}

const ResourceServer = require('../../lib/helpers/resource_server');
const epochTime = require('../../lib/helpers/epoch_time');
const bootstrap = require('../test_helper');

Expand Down Expand Up @@ -54,14 +55,14 @@ describe('paseto format', () => {
const iiat = epochTime();
const rotations = 1;
const extra = { foo: 'bar' };
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'public',
},
};
});

/* eslint-disable object-property-newline */
const fullPayload = {
Expand All @@ -76,29 +77,29 @@ describe('paseto format', () => {

describe('Resource Server Configuration', () => {
it('v1.public', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
expect(await token.save()).to.match(/^v1\.public\./);
});

it('v2.public', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 2,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -107,14 +108,14 @@ describe('paseto format', () => {

if (above16) {
it('v3.public', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 3,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -124,14 +125,14 @@ describe('paseto format', () => {

if (above16) {
it('v4.public', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 4,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -140,31 +141,31 @@ describe('paseto format', () => {
}

it('v1.local', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
key: crypto.randomBytes(32),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
expect(await token.save()).to.match(/^v1\.local\./);
});

it('v1.local (keyObject)', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
key: crypto.createSecretKey(crypto.randomBytes(32)),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -173,31 +174,31 @@ describe('paseto format', () => {

if (above16) {
it('v3.local', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 3,
purpose: 'local',
key: crypto.randomBytes(32),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
expect(await token.save()).to.match(/^v3\.local\./);
});

it('v3.local (keyObject)', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 3,
purpose: 'local',
key: crypto.createSecretKey(crypto.randomBytes(32)),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -206,15 +207,15 @@ describe('paseto format', () => {
}

it('public kid selection failing', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
kid: 'foobar',
version: 1,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -226,7 +227,7 @@ describe('paseto format', () => {
});

it('kid must be a string', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
Expand All @@ -235,7 +236,7 @@ describe('paseto format', () => {
purpose: 'local',
key: crypto.randomBytes(32),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -247,14 +248,14 @@ describe('paseto format', () => {
});

it('unsupported PASETO version and purpose', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 2,
purpose: 'local',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -266,14 +267,14 @@ describe('paseto format', () => {
});

it('local paseto requires a key', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -285,15 +286,15 @@ describe('paseto format', () => {
});

it('local paseto requires a key 32 bytes', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
key: crypto.randomBytes(16),
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -305,15 +306,15 @@ describe('paseto format', () => {
});

it('local paseto requires a secret key (private provided)', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
key: await (await generateKeyPair('ed25519')).privateKey,
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -325,15 +326,15 @@ describe('paseto format', () => {
});

it('local paseto requires a secret key (public provided)', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 1,
purpose: 'local',
key: await (await generateKeyPair('ed25519')).publicKey,
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -345,10 +346,10 @@ describe('paseto format', () => {
});

it('missing paseto configuration', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -361,14 +362,14 @@ describe('paseto format', () => {

if (!above16) {
it('only >= 16.0.0 node supports v3 and v4', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: {
version: 3,
purpose: 'public',
},
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand All @@ -381,11 +382,11 @@ describe('paseto format', () => {
}

it('invalid paseto configuration type', async function () {
const resourceServer = {
const resourceServer = new ResourceServer(resource, {
accessTokenFormat: 'paseto',
audience: 'foo',
paseto: null,
};
});

const client = await this.provider.Client.find(clientId);
const token = new this.provider.AccessToken({ client, ...fullPayload, resourceServer });
Expand Down

0 comments on commit 02c821d

Please sign in to comment.