-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix fetch signing key from jwks uri tests
- Loading branch information
Showing
1 changed file
with
226 additions
and
132 deletions.
There are no files selected for viewing
358 changes: 226 additions & 132 deletions
358
spec/app/domain/authentication/authn-jwt/signing_key/fetch_jwks_signing_key_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,132 +1,226 @@ | ||
# # frozen_string_literal: true | ||
# | ||
# require 'spec_helper' | ||
# require 'json' | ||
# | ||
# RSpec.describe('Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey') do | ||
# | ||
# let(:authenticator_name) { "authn-jwt" } | ||
# let(:service_id) { "my-service" } | ||
# let(:account) { "my-account" } | ||
# let(:mocked_authenticator_input) { | ||
# Authentication::AuthenticatorInput.new( | ||
# authenticator_name: authenticator_name, | ||
# service_id: service_id, | ||
# account: account, | ||
# username: "dummy_identity", | ||
# credentials: "dummy", | ||
# client_ip: "dummy", | ||
# request: "dummy" | ||
# ) | ||
# } | ||
# | ||
# let(:required_jwks_uri_configuration_error) { "required jwks_uri configuration missing error" } | ||
# let(:bad_response_error) { "bad response error" } | ||
# let(:required_secret_missing_error) { "required secret missing error" } | ||
# let(:mocked_logger) { double("Mocked Logger") } | ||
# let(:mocked_fetch_authenticator_secrets_exist_values) { double("MockedFetchAuthenticatorSecrets") } | ||
# let(:mocked_fetch_authenticator_secrets_empty_values) { double("MockedFetchAuthenticatorSecrets") } | ||
# let(:mocked_bad_http_response) { double("Mocked bad http response") } | ||
# let(:mocked_good_http_response) { double("Mocked good http response") } | ||
# let(:mocked_bad_response) { double("Mocked bad http body") } | ||
# let(:mocked_good_response) { double("Mocked good http body") } | ||
# let(:mocked_create_jwks_from_http_response) { double("Mocked good jwks") } | ||
# | ||
# let(:good_response) { "good-response"} | ||
# let(:bad_response) { "bad-response"} | ||
# let(:valid_jwks) { "valid-jwls" } | ||
# | ||
# before(:each) do | ||
# allow(mocked_logger).to( | ||
# receive(:call).and_return(true) | ||
# ) | ||
# | ||
# allow(mocked_logger).to( | ||
# receive(:debug).and_return(true) | ||
# ) | ||
# | ||
# allow(mocked_logger).to( | ||
# receive(:info).and_return(true) | ||
# ) | ||
# | ||
# allow(mocked_fetch_authenticator_secrets_exist_values).to( | ||
# receive(:call).and_return('jwks-uri' => 'https://jwks-uri.com/jwks') | ||
# ) | ||
# | ||
# allow(mocked_fetch_authenticator_secrets_empty_values).to( | ||
# receive(:call).and_raise(required_secret_missing_error) | ||
# ) | ||
# | ||
# allow(mocked_bad_http_response).to( | ||
# receive(:get_response).and_return(bad_response) | ||
# ) | ||
# | ||
# allow(mocked_good_http_response).to( | ||
# receive(:get_response).and_return(good_response) | ||
# ) | ||
# | ||
# allow(mocked_create_jwks_from_http_response).to( | ||
# receive(:call).with(http_response: good_response).and_return(valid_jwks) | ||
# ) | ||
# | ||
# allow(mocked_create_jwks_from_http_response).to( | ||
# receive(:call).with(http_response: bad_response).and_raise(bad_response_error) | ||
# ) | ||
# end | ||
# | ||
# # ____ _ _ ____ ____ ____ ___ ____ ___ | ||
# # (_ _)( )_( )( ___) (_ _)( ___)/ __)(_ _)/ __) | ||
# # )( ) _ ( )__) )( )__) \__ \ )( \__ \ | ||
# # (__) (_) (_)(____) (__) (____)(___/ (__) (___/ | ||
# | ||
# | ||
# | ||
# context "FetchJwksUriSigningKey fetch_signing_key " do | ||
# context "'jwks-uri' secret is not valid" do | ||
# subject do | ||
# ::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
# logger: mocked_logger, | ||
# fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
# http_lib: mocked_bad_http_response, | ||
# create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
# ).fetch_signing_key | ||
# end | ||
# | ||
# it "raises an error" do | ||
# expect { subject }.to raise_error(bad_response_error) | ||
# end | ||
# end | ||
# | ||
# context "'jwks-uri' secret is valid" do | ||
# context "provider return valid http response" do | ||
# subject do | ||
# ::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
# logger: mocked_logger, | ||
# fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
# http_lib: mocked_good_http_response, | ||
# create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
# ).fetch_signing_key | ||
# end | ||
# | ||
# it "returns jwks value" do | ||
# expect(subject).to eql(valid_jwks) | ||
# end | ||
# end | ||
# | ||
# context "provider return bad http response" do | ||
# subject do | ||
# ::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
# logger: mocked_logger, | ||
# fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
# http_lib: mocked_bad_http_response, | ||
# create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
# ).fetch_signing_key | ||
# end | ||
# | ||
# it "raises an error" do | ||
# expect { subject }.to raise_error(bad_response_error) | ||
# end | ||
# end | ||
# end | ||
# end | ||
# end | ||
# frozen_string_literal: true | ||
|
||
require 'spec_helper' | ||
require 'json' | ||
|
||
RSpec.describe('Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey') do | ||
|
||
let(:authenticator_name) { "authn-jwt" } | ||
let(:service_id) { "my-service" } | ||
let(:account) { "my-account" } | ||
let(:mocked_authenticator_input) { | ||
Authentication::AuthenticatorInput.new( | ||
authenticator_name: authenticator_name, | ||
service_id: service_id, | ||
account: account, | ||
username: "dummy_identity", | ||
credentials: "dummy", | ||
client_ip: "dummy", | ||
request: "dummy" | ||
) | ||
} | ||
|
||
let(:required_jwks_uri_configuration_error) { "required jwks_uri configuration missing error" } | ||
let(:bad_response_error) { "bad response error" } | ||
let(:required_secret_missing_error) { "required secret missing error" } | ||
let(:mocked_logger) { double("Mocked Logger") } | ||
let(:mocked_fetch_signing_key) { double("MockedFetchSigningKey") } | ||
let(:mocked_fetch_signing_key_refresh_true) { double("MockedFetchSigningKeyRefreshTrue") } | ||
let(:mocked_fetch_signing_key_refresh_false) { double("MockedFetchSigningKeyRefreshFalse") } | ||
let(:mocked_fetch_authenticator_secrets_exist_values) { double("MockedFetchAuthenticatorSecrets") } | ||
let(:mocked_fetch_authenticator_secrets_empty_values) { double("MockedFetchAuthenticatorSecrets") } | ||
let(:mocked_bad_http_response) { double("Mocked bad http response") } | ||
let(:mocked_good_http_response) { double("Mocked good http response") } | ||
let(:mocked_bad_response) { double("Mocked bad http body") } | ||
let(:mocked_good_response) { double("Mocked good http body") } | ||
let(:mocked_create_jwks_from_http_response) { double("Mocked good jwks") } | ||
|
||
let(:good_response) { "good-response"} | ||
let(:bad_response) { "bad-response"} | ||
let(:valid_jwks) { "valid-jwls" } | ||
|
||
before(:each) do | ||
allow(mocked_logger).to( | ||
receive(:call).and_return(true) | ||
) | ||
|
||
allow(mocked_logger).to( | ||
receive(:debug).and_return(true) | ||
) | ||
|
||
allow(mocked_logger).to( | ||
receive(:info).and_return(true) | ||
) | ||
|
||
allow(mocked_fetch_signing_key).to receive(:call) { |params| params[:signing_key_provider].fetch_signing_key } | ||
allow(mocked_fetch_signing_key_refresh_false).to receive(:call) { |params| params[:refresh] } | ||
allow(mocked_fetch_signing_key_refresh_true).to receive(:call) { |params| params[:refresh] } | ||
|
||
allow(mocked_fetch_authenticator_secrets_exist_values).to( | ||
receive(:call).and_return('jwks-uri' => 'https://jwks-uri.com/jwks') | ||
) | ||
|
||
allow(mocked_fetch_authenticator_secrets_empty_values).to( | ||
receive(:call).and_raise(required_secret_missing_error) | ||
) | ||
|
||
allow(mocked_bad_http_response).to( | ||
receive(:get_response).and_return(bad_response) | ||
) | ||
|
||
allow(mocked_good_http_response).to( | ||
receive(:get_response).and_return(good_response) | ||
) | ||
|
||
allow(mocked_create_jwks_from_http_response).to( | ||
receive(:call).with(http_response: good_response).and_return(valid_jwks) | ||
) | ||
|
||
allow(mocked_create_jwks_from_http_response).to( | ||
receive(:call).with(http_response: bad_response).and_raise(bad_response_error) | ||
) | ||
end | ||
|
||
# ____ _ _ ____ ____ ____ ___ ____ ___ | ||
# (_ _)( )_( )( ___) (_ _)( ___)/ __)(_ _)/ __) | ||
# )( ) _ ( )__) )( )__) \__ \ )( \__ \ | ||
# (__) (_) (_)(____) (__) (____)(___/ (__) (___/ | ||
|
||
|
||
|
||
context "FetchJwksUriSigningKey fetch_signing_key " do | ||
context "'jwks-uri' secret is not valid" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: nil, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).fetch_signing_key | ||
end | ||
|
||
it "raises an error" do | ||
expect { subject }.to raise_error(bad_response_error) | ||
end | ||
end | ||
|
||
context "'jwks-uri' secret is valid" do | ||
context "provider return valid http response" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: nil, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_good_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).fetch_signing_key | ||
end | ||
|
||
it "returns jwks value" do | ||
expect(subject).to eql(valid_jwks) | ||
end | ||
end | ||
|
||
context "provider return bad http response" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: nil, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).fetch_signing_key | ||
end | ||
|
||
it "raises an error" do | ||
expect { subject }.to raise_error(bad_response_error) | ||
end | ||
end | ||
end | ||
end | ||
|
||
context "FetchJwksUriSigningKey call " do | ||
context "propagates false refresh value" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: mocked_fetch_signing_key_refresh_false, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).call(force_read: false) | ||
end | ||
|
||
it "returns false" do | ||
expect(subject).to eql(false) | ||
end | ||
end | ||
|
||
context "propagates false refresh value" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: mocked_fetch_signing_key_refresh_true, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).call(force_read: true) | ||
end | ||
|
||
it "returns true" do | ||
expect(subject).to eql(true) | ||
end | ||
end | ||
|
||
context "'jwks-uri' secret is not valid" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: mocked_fetch_signing_key, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).call(force_read: false) | ||
end | ||
|
||
it "raises an error" do | ||
expect { subject }.to raise_error(bad_response_error) | ||
end | ||
end | ||
|
||
context "'jwks-uri' secret is valid" do | ||
context "provider return valid http response" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: mocked_fetch_signing_key, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_good_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).call(force_read: false) | ||
end | ||
|
||
it "returns jwks value" do | ||
expect(subject).to eql(valid_jwks) | ||
end | ||
end | ||
|
||
context "provider return bad http response" do | ||
subject do | ||
::Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey.new(authenticator_input: mocked_authenticator_input, | ||
fetch_signing_key: mocked_fetch_signing_key, | ||
logger: mocked_logger, | ||
fetch_authenticator_secrets: mocked_fetch_authenticator_secrets_exist_values, | ||
http_lib: mocked_bad_http_response, | ||
create_jwks_from_http_response: mocked_create_jwks_from_http_response | ||
).call(force_read: false) | ||
end | ||
|
||
it "raises an error" do | ||
expect { subject }.to raise_error(bad_response_error) | ||
end | ||
end | ||
end | ||
end | ||
end |