prosody
0a56b84ec4ad
spec/util_sasl_spec.lua
Software / code / prosody
File
spec/util_sasl_spec.lua @ 12997:0a56b84ec4ad
mod_tokenauth: Support for creating sub-tokens
Properties of sub-tokens:
- They share the same id as their parent token
- Sub-tokens may not have their own sub-tokens (but may have sibling tokens)
- They always have the same or shorter lifetime compared to their parent token
- Revoking a parent token revokes all sub-tokens
- Sub-tokens always have the same JID as the parent token
- They do not have their own 'accessed' property - accessing a sub-token
updates the parent token's accessed time
Although this is a generic API, it is designed to at least fill the needs of
OAuth2 refresh + access tokens (where the parent token is the refresh token
and the sub-tokens are access tokens).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 26 Mar 2023 16:46:48 +0100 |
| parent | 10502:f1c0aa521dd5 |
| child | 13113:191fe4866e3e |
line wrap: on
line source
local sasl = require "util.sasl"; -- profile * mechanism -- callbacks could use spies instead describe("util.sasl", function () describe("plain_test profile", function () local profile = { plain_test = function (_, username, password, realm) assert.equals("user", username) assert.equals("pencil", password) assert.equals("sasl.test", realm) return true, true; end; }; it("works with PLAIN", function () local plain = sasl.new("sasl.test", profile); assert.truthy(plain:select("PLAIN")); assert.truthy(plain:process("\000user\000pencil")); assert.equals("user", plain.username); end); end); describe("plain profile", function () local profile = { plain = function (_, username, realm) assert.equals("user", username) assert.equals("sasl.test", realm) return "pencil", true; end; }; it("works with PLAIN", function () local plain = sasl.new("sasl.test", profile); assert.truthy(plain:select("PLAIN")); assert.truthy(plain:process("\000user\000pencil")); assert.equals("user", plain.username); end); -- TODO SCRAM end); end);
