Add tests for access token expiry

auth0 · Jul 7, 2020 · 0c6814b · 0c6814b
1 parent ff51260
commit 0c6814b
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 3 deletions.
diff --git a/test/callback.tests.js b/test/callback.tests.js
@@ -1,4 +1,5 @@
 const assert = require('chai').assert;
+const sinon = require('sinon');
 const jose = require('jose');
 const request = require('request-promise-native').defaults({
   simple: false,
@@ -8,12 +9,15 @@ const request = require('request-promise-native').defaults({
 const TransientCookieHandler = require('../lib/transientHandler');
 const { encodeState } = require('../lib/hooks/getLoginState');
 const expressOpenid = require('..');
-const server = require('./fixture/server');
+const { create: createServer } = require('./fixture/server');
 const cert = require('./fixture/cert');
 const clientID = '__test_client_id__';
 const expectedDefaultState = encodeState({ returnTo: 'https://example.org' });
 const nock = require('nock');
 
+const baseUrl = 'http://localhost:3000';
+let server;
+
 const setup = async (params) => {
   const authOpts = Object.assign({}, {
     secret: '__test_session_secret__',
@@ -26,7 +30,7 @@ const setup = async (params) => {
   const transient = new TransientCookieHandler(authOpts);
 
   const jar = request.jar();
-  const baseUrl = await server.create(router);
+  server = await createServer(router);
   let tokenReqHeader;
   let tokenReqBody;
 
@@ -49,7 +53,6 @@ const setup = async (params) => {
   const { interceptors: [ interceptor ] } = nock('https://op.example.com', { allowUnmocked: true })
     .post('/oauth/token')
     .reply(200, function(uri, requestBody) {
-      console.log('params.body.id_token', params.body);
       tokenReqHeader = this.req.headers;
       tokenReqBody = requestBody;
       return {
@@ -90,6 +93,12 @@ function makeIdToken (payload) {
 
 describe('callback response_mode: form_post', () => {
 
+  afterEach(() => {
+    if (server) {
+      server.close();
+    }
+  });
+
   it('should error when the body is empty', async () => {
     const { response: { statusCode, body: { err } } } = await setup({
       cookies: {
@@ -295,6 +304,42 @@ describe('callback response_mode: form_post', () => {
     });
   });
 
+  it('should handle access token expiry', async () => {
+    const clock = sinon.useFakeTimers({ toFake: ['Date']});
+    const idToken = makeIdToken({
+      c_hash: '77QmUPtjPfzWtF2AnpK9RQ',
+    });
+    const hrSecs = 60 * 60;
+    const hrMs = hrSecs * 1000;
+
+    const { tokens, jar } = await setup({
+      authOpts: {
+        clientSecret: '__test_client_secret__',
+        authorizationParams: {
+          response_type: 'code',
+        }
+      },
+      cookies: {
+        _state: expectedDefaultState,
+        _nonce: '__test_nonce__'
+      },
+      body: {
+        state: expectedDefaultState,
+        id_token: idToken,
+        code: 'jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y',
+      }
+    });
+    assert.equal(tokens.accessToken.expires_in, 24 * hrSecs);
+    clock.tick(4 * hrMs);
+    const tokens2 = await request.get('/tokens', { baseUrl, jar, json: true }).then(r => r.body);
+    assert.equal(tokens2.accessToken.expires_in, 20 * hrSecs);
+    assert.isFalse(tokens2.accessTokenExpired);
+    clock.tick(21 * hrMs);
+    const tokens3 = await request.get('/tokens', { baseUrl, jar, json: true }).then(r => r.body);
+    assert.isTrue(tokens3.accessTokenExpired);
+    clock.restore();
+  });
+
   it('should use basic auth on token endpoint when using code flow', async () => {
     const idToken = makeIdToken({
       c_hash: '77QmUPtjPfzWtF2AnpK9RQ'

diff --git a/test/fixture/server.js b/test/fixture/server.js
@@ -33,6 +33,7 @@ module.exports.create = function (router, protect, path) {
       idToken: req.oidc.idToken,
       refreshToken: req.oidc.refreshToken,
       accessToken: req.oidc.accessToken,
+      accessTokenExpired: req.oidc.accessToken ? req.oidc.accessToken.isExpired() : undefined,
       idTokenClaims: req.oidc.idTokenClaims,
     });
   });