fix: session invalidation
This commit is contained in:
Lakhan Samani
@@ -52,7 +52,7 @@ func TestJwt(t *testing.T) {
|
||||
}
|
||||
jwtToken, err := token.SignJWTToken(expiredClaims)
|
||||
assert.NoError(t, err)
|
||||
_, err = token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
_, err = token.ParseJWTToken(jwtToken)
|
||||
assert.Error(t, err, err.Error(), "Token is expired")
|
||||
})
|
||||
t.Run("HMAC algorithms", func(t *testing.T) {
|
||||
@@ -62,27 +62,36 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("HS384", func(t *testing.T) {
|
||||
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyJwtType, "HS384")
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("HS512", func(t *testing.T) {
|
||||
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyJwtType, "HS512")
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
})
|
||||
|
||||
@@ -96,9 +105,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("RS384", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewRSAKey("RS384", clientID)
|
||||
@@ -109,9 +121,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("RS512", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewRSAKey("RS512", clientID)
|
||||
@@ -122,9 +137,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
})
|
||||
|
||||
@@ -138,9 +156,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("ES384", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewECDSAKey("ES384", clientID)
|
||||
@@ -151,9 +172,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
t.Run("ES512", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewECDSAKey("ES512", clientID)
|
||||
@@ -164,9 +188,12 @@ func TestJwt(t *testing.T) {
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
c, err := token.ParseJWTToken(jwtToken, hostname, nonce, subject)
|
||||
c, err := token.ParseJWTToken(jwtToken)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
valid, err := token.ValidateJWTClaims(c, hostname, nonce, subject)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, valid)
|
||||
})
|
||||
})
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
@@ -28,14 +29,11 @@ func logoutTests(t *testing.T, s TestSetup) {
|
||||
})
|
||||
|
||||
token := *verifyRes.AccessToken
|
||||
sessions := memorystore.Provider.GetUserSessions(verifyRes.User.ID)
|
||||
cookie := ""
|
||||
// set all they keys in cookie one of them should be session cookie
|
||||
for key := range sessions {
|
||||
if key != token {
|
||||
cookie += fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", key)
|
||||
}
|
||||
}
|
||||
session, err := memorystore.Provider.GetUserSession(verifyRes.User.ID, token)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, session)
|
||||
cookie := fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", session)
|
||||
cookie = strings.TrimSuffix(cookie, ";")
|
||||
|
||||
req.Header.Set("Cookie", cookie)
|
||||
_, err = resolvers.LogoutResolver(ctx)
|
||||
|
||||
@@ -33,15 +33,11 @@ func sessionTests(t *testing.T, s TestSetup) {
|
||||
Token: verificationRequest.Token,
|
||||
})
|
||||
|
||||
sessions := memorystore.Provider.GetUserSessions(verifyRes.User.ID)
|
||||
cookie := ""
|
||||
token := *verifyRes.AccessToken
|
||||
// set all they keys in cookie one of them should be session cookie
|
||||
for key := range sessions {
|
||||
if key != token {
|
||||
cookie += fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", key)
|
||||
}
|
||||
}
|
||||
session, err := memorystore.Provider.GetUserSession(verifyRes.User.ID, token)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, session)
|
||||
cookie := fmt.Sprintf("%s=%s;", constants.AppCookieName+"_session", session)
|
||||
cookie = strings.TrimSuffix(cookie, ";")
|
||||
|
||||
req.Header.Set("Cookie", cookie)
|
||||
|
||||
@@ -22,12 +22,14 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
||||
TokenType: "access_token",
|
||||
Token: "",
|
||||
})
|
||||
assert.False(t, res.IsValid)
|
||||
assert.Error(t, err)
|
||||
assert.Nil(t, res)
|
||||
res, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token",
|
||||
Token: "invalid",
|
||||
})
|
||||
assert.False(t, res.IsValid)
|
||||
assert.Error(t, err)
|
||||
assert.Nil(t, res)
|
||||
_, err = resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
TokenType: "access_token_invalid",
|
||||
Token: "invalid@invalid",
|
||||
@@ -48,8 +50,9 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
assert.NoError(t, err)
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
||||
memorystore.Provider.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
|
||||
memorystore.Provider.SetState(authToken.RefreshToken.Token, authToken.FingerPrint+"@"+user.ID)
|
||||
memorystore.Provider.SetUserSession(user.ID, authToken.FingerPrintHash, authToken.FingerPrint)
|
||||
memorystore.Provider.SetUserSession(user.ID, authToken.AccessToken.Token, authToken.FingerPrint)
|
||||
memorystore.Provider.SetUserSession(user.ID, authToken.RefreshToken.Token, authToken.FingerPrint)
|
||||
|
||||
t.Run(`should validate the access token`, func(t *testing.T) {
|
||||
res, err := resolvers.ValidateJwtTokenResolver(ctx, model.ValidateJWTTokenInput{
|
||||
@@ -57,7 +60,6 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
||||
Token: authToken.AccessToken.Token,
|
||||
Roles: []string{"user"},
|
||||
})
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, res.IsValid)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user