From bfbd46231d23884004654f8540aaef01b259e6e8 Mon Sep 17 00:00:00 2001 From: Tim Oram Date: Tue, 23 Oct 2018 00:07:20 -0230 Subject: [PATCH] Refactor tests related to iss and issuer This change extracts all tests related to the iss claim and the issuer option into a single test file. Additional tests were added that were missing. --- test/claim-iss.test.js | 205 +++++++++++++++++++++++++++ test/issue_196.tests.js | 15 -- test/jwt.asymmetric_signing.tests.js | 44 ------ test/schema.tests.js | 7 - 4 files changed, 205 insertions(+), 66 deletions(-) create mode 100644 test/claim-iss.test.js delete mode 100644 test/issue_196.tests.js diff --git a/test/claim-iss.test.js b/test/claim-iss.test.js new file mode 100644 index 0000000..ec82102 --- /dev/null +++ b/test/claim-iss.test.js @@ -0,0 +1,205 @@ +'use strict'; + +const jwt = require('../'); +const expect = require('chai').expect; +const util = require('util'); +const testUtils = require('./test-utils'); + +function signWithIssuer(issuer, payload, callback) { + const options = {algorithm: 'none'}; + if (issuer !== undefined) { + options.issuer = issuer; + } + testUtils.signJWTHelper(payload, 'secret', options, callback); +} + +describe('issuer', function() { + describe('`jwt.sign` "issuer" option validation', function () { + [ + true, + false, + null, + -1, + 0, + 1, + -1.1, + 1.1, + -Infinity, + Infinity, + NaN, + [], + ['foo'], + {}, + {foo: 'bar'}, + ].forEach((issuer) => { + it(`should error with with value ${util.inspect(issuer)}`, function (done) { + signWithIssuer(issuer, {}, (err) => { + testUtils.asyncCheck(done, () => { + expect(err).to.be.instanceOf(Error); + expect(err).to.have.property('message', '"issuer" must be a string'); + }); + }); + }); + }); + + // undefined needs special treatment because {} is not the same as {issuer: undefined} + it('should error with with value undefined', function (done) { + testUtils.signJWTHelper({}, undefined, {issuer: undefined, algorithm: 'none'}, (err) => { + testUtils.asyncCheck(done, () => { + expect(err).to.be.instanceOf(Error); + expect(err).to.have.property('message', '"issuer" must be a string'); + }); + }); + }); + + it('should error when "iss" is in payload', function (done) { + signWithIssuer('foo', {iss: 'bar'}, (err) => { + testUtils.asyncCheck(done, () => { + expect(err).to.be.instanceOf(Error); + expect(err).to.have.property( + 'message', + 'Bad "options.issuer" option. The payload already has an "iss" property.' + ); + }); + }); + }); + + it('should error with a string payload', function (done) { + signWithIssuer('foo', 'a string payload', (err) => { + testUtils.asyncCheck(done, () => { + expect(err).to.be.instanceOf(Error); + expect(err).to.have.property( + 'message', + 'invalid issuer option for string payload' + ); + }); + }); + }); + + it('should error with a Buffer payload', function (done) { + signWithIssuer('foo', new Buffer('a Buffer payload'), (err) => { + testUtils.asyncCheck(done, () => { + expect(err).to.be.instanceOf(Error); + expect(err).to.have.property( + 'message', + 'invalid issuer option for object payload' + ); + }); + }); + }); + }); + + describe('when signing and verifying a token', function () { + it('should not verify "iss" if verify "issuer" option not provided', function(done) { + signWithIssuer(undefined, {iss: 'foo'}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.null; + expect(decoded).to.have.property('iss', 'foo'); + }); + }) + }); + }); + + describe('with string "issuer" option', function () { + it('should verify with a string "issuer"', function (done) { + signWithIssuer('foo', {}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: 'foo'}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.null; + expect(decoded).to.have.property('iss', 'foo'); + }); + }) + }); + }); + + it('should verify with a string "iss"', function (done) { + signWithIssuer(undefined, {iss: 'foo'}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: 'foo'}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.null; + expect(decoded).to.have.property('iss', 'foo'); + }); + }) + }); + }); + + it('should error if "iss" does not match verify "issuer" option', function(done) { + signWithIssuer(undefined, {iss: 'foobar'}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: 'foo'}, (e2) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.instanceOf(jwt.JsonWebTokenError); + expect(e2).to.have.property('message', 'jwt issuer invalid. expected: foo'); + }); + }) + }); + }); + + it('should error without "iss" and with verify "issuer" option', function(done) { + signWithIssuer(undefined, {}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: 'foo'}, (e2) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.instanceOf(jwt.JsonWebTokenError); + expect(e2).to.have.property('message', 'jwt issuer invalid. expected: foo'); + }); + }) + }); + }); + }); + + describe('with array "issuer" option', function () { + it('should verify with a string "issuer"', function (done) { + signWithIssuer('bar', {}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: ['foo', 'bar']}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.null; + expect(decoded).to.have.property('iss', 'bar'); + }); + }) + }); + }); + + it('should verify with a string "iss"', function (done) { + signWithIssuer(undefined, {iss: 'foo'}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: ['foo', 'bar']}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.null; + expect(decoded).to.have.property('iss', 'foo'); + }); + }) + }); + }); + + it('should error if "iss" does not match verify "issuer" option', function(done) { + signWithIssuer(undefined, {iss: 'foobar'}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: ['foo', 'bar']}, (e2) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.instanceOf(jwt.JsonWebTokenError); + expect(e2).to.have.property('message', 'jwt issuer invalid. expected: foo,bar'); + }); + }) + }); + }); + + it('should error without "iss" and with verify "issuer" option', function(done) { + signWithIssuer(undefined, {}, (e1, token) => { + testUtils.verifyJWTHelper(token, undefined, {issuer: ['foo', 'bar']}, (e2) => { + testUtils.asyncCheck(done, () => { + expect(e1).to.be.null; + expect(e2).to.be.instanceOf(jwt.JsonWebTokenError); + expect(e2).to.have.property('message', 'jwt issuer invalid. expected: foo,bar'); + }); + }) + }); + }); + }); + }); +}); diff --git a/test/issue_196.tests.js b/test/issue_196.tests.js deleted file mode 100644 index 7bd9a94..0000000 --- a/test/issue_196.tests.js +++ /dev/null @@ -1,15 +0,0 @@ -var expect = require('chai').expect; -var jwt = require('./..'); -var atob = require('atob'); - -describe('issue 196', function () { - function b64_to_utf8 (str) { - return decodeURIComponent(escape(atob( str ))); - } - - it('should use issuer provided in payload.iss', function () { - var token = jwt.sign({ iss: 'foo' }, 'shhhhh'); - var decoded_issuer = JSON.parse(b64_to_utf8(token.split('.')[1])).iss; - expect(decoded_issuer).to.equal('foo'); - }); -}); diff --git a/test/jwt.asymmetric_signing.tests.js b/test/jwt.asymmetric_signing.tests.js index 6951b95..dd6f27e 100644 --- a/test/jwt.asymmetric_signing.tests.js +++ b/test/jwt.asymmetric_signing.tests.js @@ -113,50 +113,6 @@ describe('Asymmetric Algorithms', function(){ }); }); - describe('when signing a token with issuer', function () { - var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm, issuer: 'urn:foo' }); - - it('should check issuer', function (done) { - jwt.verify(token, pub, { issuer: 'urn:foo' }, function (err, decoded) { - assert.isNotNull(decoded); - assert.isNull(err); - done(); - }); - }); - - it('should check the issuer when providing a list of valid issuers', function (done) { - jwt.verify(token, pub, { issuer: ['urn:foo', 'urn:bar'] }, function (err, decoded) { - assert.isNotNull(decoded); - assert.isNull(err); - done(); - }); - }); - - it('should throw when invalid issuer', function (done) { - jwt.verify(token, pub, { issuer: 'urn:wrong' }, function (err, decoded) { - assert.isUndefined(decoded); - assert.isNotNull(err); - assert.equal(err.name, 'JsonWebTokenError'); - assert.instanceOf(err, jwt.JsonWebTokenError); - done(); - }); - }); - }); - - describe('when signing a token without issuer', function () { - var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm }); - - it('should check issuer', function (done) { - jwt.verify(token, pub, { issuer: 'urn:foo' }, function (err, decoded) { - assert.isUndefined(decoded); - assert.isNotNull(err); - assert.equal(err.name, 'JsonWebTokenError'); - assert.instanceOf(err, jwt.JsonWebTokenError); - done(); - }); - }); - }); - describe('when signing a token with jwt id', function () { var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: algorithm, jwtid: 'jwtid' }); diff --git a/test/schema.tests.js b/test/schema.tests.js index 924bf70..26f085e 100644 --- a/test/schema.tests.js +++ b/test/schema.tests.js @@ -44,13 +44,6 @@ describe('schema', function() { sign({encoding: 'utf8'}); }); - it('should validate issuer', function () { - expect(function () { - sign({ issuer: 10 }); - }).to.throw(/"issuer" must be a string/); - sign({issuer: 'foo'}); - }); - it('should validate noTimestamp', function () { expect(function () { sign({ noTimestamp: 10 });