Software /
code /
prosody
File
spec/util_jwt_spec.lua @ 12658:7ca5645f46cd
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 12 Aug 2022 16:21:57 +0100 |
parent | 10661:4eee1aaa9405 |
child | 12696:27a72982e331 |
line wrap: on
line source
local jwt = require "util.jwt"; describe("util.jwt", function () it("validates", function () local key = "secret"; local token = jwt.sign(key, { payload = "this" }); assert.string(token); local ok, parsed = jwt.verify(key, token); assert.truthy(ok) assert.same({ payload = "this" }, parsed); end); it("rejects invalid", function () local key = "secret"; local token = jwt.sign("wrong", { payload = "this" }); assert.string(token); local ok = jwt.verify(key, token); assert.falsy(ok) end); end);