prosody
31a2bd84191d
spec/util_jwt_spec.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

spec/util_jwt_spec.lua @ 12704:31a2bd84191d

util.jwt: All the algorithms (+ all the tests!) Except 'none'. Not implementing that one.
author Matthew Wild <mwild1@gmail.com>
date Sat, 02 Jul 2022 15:29:04 +0100
parent 12701:8e402a2ae1b8
child 12736:ad4ab01f9b11
comparison
equal deleted inserted replaced
12703:5bda8598a2af 12704:31a2bd84191d
1 local jwt = require "util.jwt"; 1 local jwt = require "util.jwt";
2 local test_keys = require "spec.inputs.test_keys"; 2 local test_keys = require "spec.inputs.test_keys";
3
4 local array = require "util.array";
5 local iter = require "util.iterators";
6 local set = require "util.set";
7
8 -- Ignore long lines. We have some long tokens embedded here.
9 --luacheck: ignore 631
3 10
4 describe("util.jwt", function () 11 describe("util.jwt", function ()
5 it("validates", function () 12 it("validates", function ()
6 local key = "secret"; 13 local key = "secret";
7 local token = jwt.sign(key, { payload = "this" }); 14 local token = jwt.sign(key, { payload = "this" });
19 assert.string(token); 26 assert.string(token);
20 local ok = jwt.verify(key, token); 27 local ok = jwt.verify(key, token);
21 assert.falsy(ok) 28 assert.falsy(ok)
22 end); 29 end);
23 30
31 local function jwt_reference_token(token)
32 return {
33 name = "jwt.io reference";
34 token;
35 { -- payload
36 sub = "1234567890";
37 name = "John Doe";
38 admin = true;
39 iat = 1516239022;
40 };
41 };
42 end
43
44 local untested_algorithms = set.new(array.collect(iter.keys(jwt._algorithms)));
45
24 local test_cases = { 46 local test_cases = {
25 { 47 {
26 algorithm = "HS256"; 48 algorithm = "HS256";
27 keys = { 49 keys = {
28 { "your-256-bit-secret", "your-256-bit-secret" }; 50 { "your-256-bit-secret", "your-256-bit-secret" };
29 { "another-secret", "another-secret" }; 51 { "another-secret", "another-secret" };
30 }; 52 };
31 { 53
32 name = "jwt.io reference"; 54 jwt_reference_token [[eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJhZG1pbiI6dHJ1ZX0.F-cvL2RcfQhUtCavIM7q7zYE8drmj2LJk0JRkrS6He4]];
33 [[eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c]]; 55 };
34 { -- payload 56 {
35 sub = "1234567890"; 57 algorithm = "HS384";
36 name = "John Doe"; 58 keys = {
37 iat = 1516239022; 59 { "your-384-bit-secret", "your-384-bit-secret" };
38 }; 60 { "another-secret", "another-secret" };
39 }; 61 };
62
63 jwt_reference_token [[eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.bQTnz6AuMJvmXXQsVPrxeQNvzDkimo7VNXxHeSBfClLufmCVZRUuyTwJF311JHuh]];
64 };
65 {
66 algorithm = "HS512";
67 keys = {
68 { "your-512-bit-secret", "your-512-bit-secret" };
69 { "another-secret", "another-secret" };
70 };
71
72 jwt_reference_token [[eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.VFb0qJ1LRg_4ujbZoRMXnVkUgiuKq5KxWqNdbKq_G9Vvz-S1zZa9LPxtHWKa64zDl2ofkT8F6jBt_K4riU-fPg]];
40 }; 73 };
41 { 74 {
42 algorithm = "ES256"; 75 algorithm = "ES256";
43 keys = { 76 keys = {
44 { test_keys.ecdsa_private_pem, test_keys.ecdsa_public_pem }; 77 { test_keys.ecdsa_private_pem, test_keys.ecdsa_public_pem };
71 iat = 1516239022; 104 iat = 1516239022;
72 }; 105 };
73 }; 106 };
74 }; 107 };
75 { 108 {
109 algorithm = "RS384";
110 keys = {
111 { test_keys.rsa_private_pem, test_keys.rsa_public_pem };
112 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem };
113 };
114
115 jwt_reference_token [[eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.o1hC1xYbJolSyh0-bOY230w22zEQSk5TiBfc-OCvtpI2JtYlW-23-8B48NpATozzMHn0j3rE0xVUldxShzy0xeJ7vYAccVXu2Gs9rnTVqouc-UZu_wJHkZiKBL67j8_61L6SXswzPAQu4kVDwAefGf5hyYBUM-80vYZwWPEpLI8K4yCBsF6I9N1yQaZAJmkMp_Iw371Menae4Mp4JusvBJS-s6LrmG2QbiZaFaxVJiW8KlUkWyUCns8-qFl5OMeYlgGFsyvvSHvXCzQrsEXqyCdS4tQJd73ayYA4SPtCb9clz76N1zE5WsV4Z0BYrxeb77oA7jJhh994RAPzCG0hmQ]];
116 };
117 {
118 algorithm = "RS512";
119 keys = {
120 { test_keys.rsa_private_pem, test_keys.rsa_public_pem };
121 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem };
122 };
123
124 jwt_reference_token [[eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ]];
125 };
126 {
76 algorithm = "PS256"; 127 algorithm = "PS256";
77 keys = { 128 keys = {
78 { test_keys.rsa_private_pem, test_keys.rsa_public_pem }; 129 { test_keys.rsa_private_pem, test_keys.rsa_public_pem };
79 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem }; 130 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem };
80 }; 131 };
81 { 132
82 name = "jwt.io reference"; 133 jwt_reference_token [[eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.iOeNU4dAFFeBwNj6qdhdvm-IvDQrTa6R22lQVJVuWJxorJfeQww5Nwsra0PjaOYhAMj9jNMO5YLmud8U7iQ5gJK2zYyepeSuXhfSi8yjFZfRiSkelqSkU19I-Ja8aQBDbqXf2SAWA8mHF8VS3F08rgEaLCyv98fLLH4vSvsJGf6ueZSLKDVXz24rZRXGWtYYk_OYYTVgR1cg0BLCsuCvqZvHleImJKiWmtS0-CymMO4MMjCy_FIl6I56NqLE9C87tUVpo1mT-kbg5cHDD8I7MjCW5Iii5dethB4Vid3mZ6emKjVYgXrtkOQ-JyGMh6fnQxEFN1ft33GX2eRHluK9eg]];
83 [[eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.iOeNU4dAFFeBwNj6qdhdvm-IvDQrTa6R22lQVJVuWJxorJfeQww5Nwsra0PjaOYhAMj9jNMO5YLmud8U7iQ5gJK2zYyepeSuXhfSi8yjFZfRiSkelqSkU19I-Ja8aQBDbqXf2SAWA8mHF8VS3F08rgEaLCyv98fLLH4vSvsJGf6ueZSLKDVXz24rZRXGWtYYk_OYYTVgR1cg0BLCsuCvqZvHleImJKiWmtS0-CymMO4MMjCy_FIl6I56NqLE9C87tUVpo1mT-kbg5cHDD8I7MjCW5Iii5dethB4Vid3mZ6emKjVYgXrtkOQ-JyGMh6fnQxEFN1ft33GX2eRHluK9eg]]; 134 };
84 { -- payload 135 {
85 sub = "1234567890"; 136 algorithm = "PS384";
86 name = "John Doe"; 137 keys = {
87 admin = true; 138 { test_keys.rsa_private_pem, test_keys.rsa_public_pem };
88 iat = 1516239022; 139 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem };
89 }; 140 };
90 }; 141
142 jwt_reference_token [[eyJhbGciOiJQUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.Lfe_aCQme_gQpUk9-6l9qesu0QYZtfdzfy08w8uqqPH_gnw-IVyQwyGLBHPFBJHMbifdSMxPjJjkCD0laIclhnBhowILu6k66_5Y2z78GHg8YjKocAvB-wSUiBhuV6hXVxE5emSjhfVz2OwiCk2bfk2hziRpkdMvfcITkCx9dmxHU6qcEIsTTHuH020UcGayB1-IoimnjTdCsV1y4CMr_ECDjBrqMdnontkqKRIM1dtmgYFsJM6xm7ewi_ksG_qZHhaoBkxQ9wq9OVQRGiSZYowCp73d2BF3jYMhdmv2JiaUz5jRvv6lVU7Quq6ylVAlSPxeov9voYHO1mgZFCY1kQ]];
143 };
144 {
145 algorithm = "PS512";
146 keys = {
147 { test_keys.rsa_private_pem, test_keys.rsa_public_pem };
148 { test_keys.alt_rsa_private_pem, test_keys.alt_rsa_public_pem };
149 };
150
151 jwt_reference_token [[eyJhbGciOiJQUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.J5W09-rNx0pt5_HBiydR-vOluS6oD-RpYNa8PVWwMcBDQSXiw6-EPW8iSsalXPspGj3ouQjAnOP_4-zrlUUlvUIt2T79XyNeiKuooyIFvka3Y5NnGiOUBHWvWcWp4RcQFMBrZkHtJM23sB5D7Wxjx0-HFeNk-Y3UJgeJVhg5NaWXypLkC4y0ADrUBfGAxhvGdRdULZivfvzuVtv6AzW6NRuEE6DM9xpoWX_4here-yvLS2YPiBTZ8xbB3axdM99LhES-n52lVkiX5AWg2JJkEROZzLMpaacA_xlbUz_zbIaOaoqk8gB5oO7kI6sZej3QAdGigQy-hXiRnW_L98d4GQ]];
91 }; 152 };
92 }; 153 };
93 154
94 local function do_verify_test(algorithm, verifying_key, token, expect_payload) 155 local function do_verify_test(algorithm, verifying_key, token, expect_payload)
95 local verify = jwt.new_verifier(algorithm, verifying_key); 156 local verify = jwt.new_verifier(algorithm, verifying_key);
125 assert.equal(expect_token, token); 186 assert.equal(expect_token, token);
126 end 187 end
127 188
128 do_verify_test(algorithm, verifying_key, token, expect_success and test_payload or false); 189 do_verify_test(algorithm, verifying_key, token, expect_success and test_payload or false);
129 end 190 end
130
131 191
132 192
133 for _, algorithm_tests in ipairs(test_cases) do 193 for _, algorithm_tests in ipairs(test_cases) do
134 local algorithm = algorithm_tests.algorithm; 194 local algorithm = algorithm_tests.algorithm;
135 local keypairs = algorithm_tests.keys; 195 local keypairs = algorithm_tests.keys;
196
197 untested_algorithms:remove(algorithm);
198
136 describe(algorithm, function () 199 describe(algorithm, function ()
137 it("can do basic sign and verify", function () 200 it("can do basic sign and verify", function ()
138 for _, keypair in ipairs(keypairs) do 201 for _, keypair in ipairs(keypairs) do
139 local signing_key, verifying_key = keypair[1], keypair[2]; 202 local signing_key, verifying_key = keypair[1], keypair[2];
140 do_sign_verify_test(algorithm, keypair[1], keypair[2], true); 203 do_sign_verify_test(algorithm, signing_key, verifying_key, true);
141 end 204 end
142 end); 205 end);
143 206
144 if #keypairs >= 2 then 207 if #keypairs >= 2 then
145 it("rejects invalid tokens", function () 208 it("rejects invalid tokens", function ()
167 error("No test tokens provided"); 230 error("No test tokens provided");
168 end); 231 end);
169 end 232 end
170 end); 233 end);
171 end 234 end
235
236 for algorithm in untested_algorithms do
237 pending(algorithm.." tests", function () end);
238 end
172 end); 239 end);
173 240