keyfetch.js/keyfetch-test.js

170 lines
6.1 KiB
JavaScript
Raw Normal View History

2020-04-08 20:01:06 +00:00
"use strict";
2019-02-25 22:54:08 +00:00
2020-04-08 20:01:06 +00:00
var keyfetch = require("./keyfetch.js");
var testIss = "https://example.auth0.com";
2019-02-25 22:54:08 +00:00
keyfetch.init({});
2020-04-08 20:01:06 +00:00
keyfetch
.oidcJwks(testIss)
.then(function (hits) {
keyfetch._clear();
//console.log(hits);
return keyfetch.oidcJwk(hits[0].thumbprint, testIss).then(function () {
return keyfetch.oidcJwk(hits[0].thumbprint, testIss).then(function (/*jwk*/) {
//console.log(jwk);
});
});
})
.then(function () {
console.log("Fetching PASSES");
})
.catch(function (err) {
console.error("NONE SHALL PASS!");
console.error(err);
process.exit(1);
2019-02-25 23:17:26 +00:00
});
2019-02-25 22:54:08 +00:00
/*global Promise*/
var keypairs = require("keypairs");
keypairs.generate().then(function (pair) {
var iss = "https://example.com/";
2020-04-08 20:01:06 +00:00
return Promise.all([
keypairs
.signJwt({
jwk: pair.private,
iss: iss,
2020-04-08 20:01:06 +00:00
sub: "mikey",
exp: "1h"
})
.then(function (jwt) {
return Promise.all([
keyfetch.jwt.verify(jwt, { jwk: pair.public, iss: "*" }).then(function (verified) {
2020-04-08 20:01:06 +00:00
if (!(verified.claims && verified.claims.exp)) {
throw new Error("malformed decoded token");
}
}),
keyfetch.jwt
.verify(keyfetch.jwt.decode(jwt), { jwk: pair.public, iss: iss })
.then(function (verified) {
if (!(verified.claims && verified.claims.exp)) {
throw new Error("malformed decoded token");
}
}),
keyfetch.jwt.verify(jwt, { jwks: [pair.public], issuers: [iss] }),
2020-04-08 20:01:06 +00:00
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
issuers: ["https://example.com/"]
}),
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
issuers: ["https://example.com"]
}),
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
issuers: ["example.com"]
}),
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
issuers: ["example.com/"]
}),
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
issuers: ["*"]
}),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
issuers: ["http://example.com"]
})
.then(e("bad scheme"))
.catch(throwIfNotExpected),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
issuers: ["https://www.example.com"]
})
.then(e("bad prefix"))
.catch(throwIfNotExpected),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
issuers: ["https://wexample.com"]
})
.then(e("bad sld"))
.catch(throwIfNotExpected),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
issuers: ["https://example.comm"]
})
.then(e("bad tld"))
.catch(throwIfNotExpected),
keyfetch.jwt.verify(jwt, {
jwk: pair.public,
claims: { iss: "https://example.com/" }
}),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
claims: { iss: "https://example.com" }
})
.then(e("inexact claim"))
.catch(throwIfNotExpected)
]);
}),
keypairs
.signJwt({
jwk: pair.private,
iss: false,
sub: "mikey",
exp: "1h"
})
.then(function (jwt) {
var warned = false;
console.warn = function () {
warned = true;
};
2020-04-08 20:01:06 +00:00
return Promise.all([
// test that the old behavior of defaulting to '*' still works
keyfetch.jwt.verify(jwt, { jwk: pair.public }).then(function () {
if (!warned) {
throw e("should have issued security warning about allow all by default");
}
}),
keyfetch.jwt.verify(jwt, { jwk: pair.public, issuers: ["*"] }),
2020-04-08 20:01:06 +00:00
keyfetch.jwt.verify(jwt).then(e("should have an issuer")).catch(throwIfNotExpected),
keyfetch.jwt
.verify(jwt, {
jwk: pair.public,
issuers: ["https://example.com/"]
})
.then(e("fail when issuer specified and doesn't exist"))
.catch(throwIfNotExpected)
]);
})
])
.then(function () {
console.log("JWT PASSES");
2019-03-15 19:53:49 +00:00
})
2020-04-08 20:01:06 +00:00
.catch(function (err) {
console.error("NONE SHALL PASS!");
console.error(err);
process.exit(1);
});
});
2019-02-25 22:54:08 +00:00
/*
var jwt = '...';
keyfetch.verify({ jwt: jwt }).catch(function (err) {
console.log(err);
});
*/
function e(msg) {
2020-04-08 20:01:06 +00:00
return new Error("ETEST: " + msg);
}
function throwIfNotExpected(err) {
2020-04-08 20:01:06 +00:00
if ("ETEST" === err.message.slice(0, 5)) {
throw err;
}
}