137 lines
4.5 KiB
TypeScript
137 lines
4.5 KiB
TypeScript
import {beforeAll, describe, expect, setSystemTime, test} from 'bun:test'
|
|
import {JWTcontext, type JWTalgorithm, type Key} from '../src/jwt'
|
|
|
|
|
|
let k!: Key;
|
|
let c!: JWTcontext;
|
|
const algs: JWTalgorithm[] = ["HS256", "HS512", "ES256", "ES512", "EdDSA"]
|
|
const contexts: Map<JWTalgorithm, JWTcontext> = new Map()
|
|
|
|
beforeAll(async () => {
|
|
k = (await JWTcontext.gen_key("HS256")) as Key
|
|
c = new JWTcontext(k, "HS256")
|
|
|
|
for (const alg of algs) {
|
|
const key = await JWTcontext.gen_key(alg as JWTalgorithm)
|
|
expect(key).not.toBeUndefined()
|
|
|
|
const context = new JWTcontext(key, alg as JWTalgorithm)
|
|
contexts.set(alg as JWTalgorithm, context)
|
|
}
|
|
})
|
|
|
|
test('Base case', async () => {
|
|
let payload = {
|
|
yeet: "yaat",
|
|
lol: "yes"
|
|
}
|
|
|
|
for (const context of contexts.values()) {
|
|
const jwt = await context.sign(payload, true, "2 days", "pascal", "server")
|
|
|
|
const verified = (await context.verify(jwt, "pascal", "server")).expect("Should verify the JWT")
|
|
expect(verified).toEqual(payload)
|
|
}
|
|
})
|
|
|
|
describe("Audience verification", () => {
|
|
const cases : [string|string[]|undefined, string|string[]|undefined, boolean][] = [
|
|
// undefined at verify means we don't enforce that field
|
|
[undefined, undefined, true],
|
|
["value", undefined, true],
|
|
[["value", "other"], undefined, true],
|
|
|
|
[undefined, "value", false],
|
|
[undefined, ["value", "other"], false],
|
|
|
|
["value", "value", true],
|
|
["value", ["value", "other"], true],
|
|
["value", "yeet", false],
|
|
["value", ["yeet", "other"], false],
|
|
|
|
[["value", "other"], "value", true],
|
|
[["value", "other"], ["value", "yeet"], true],
|
|
[["value", "other"], ["value", "other"], true],
|
|
[["yeet", "other"], "value", false],
|
|
[["value", "other"], ["yeet", "yaat"], false],
|
|
]
|
|
|
|
for (const [at_sign, at_verify, result] of cases) {
|
|
test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
|
|
const message = "Yeet"
|
|
const context = [...contexts.values()][0]
|
|
|
|
const jwt = await context.sign(message, false, undefined, at_sign)
|
|
const res = await context.verify<string>(jwt, at_verify)
|
|
if (result) {
|
|
res.expect("The JWT should be valid")
|
|
} else {
|
|
res.expect_err("The JWT shouldn't be valid")
|
|
}
|
|
})
|
|
}
|
|
})
|
|
describe("Issuer verification", () => {
|
|
const cases: [string|undefined, string|string[]|undefined, boolean][] = [
|
|
// undefined at verify means don't enforce the field
|
|
[undefined, undefined, true],
|
|
["value", undefined, true],
|
|
|
|
[undefined, "value", false],
|
|
[undefined, ["value", "other"], false],
|
|
|
|
["value", "value", true],
|
|
["value", ["value", "other"], true],
|
|
["value", "yeet", false],
|
|
["value", ["yeet", "other"], false],
|
|
]
|
|
|
|
for (const [at_sign, at_verify, result] of cases) {
|
|
test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
|
|
const message = "Yaat"
|
|
const context = [...contexts.values()][0]
|
|
|
|
const jwt = await context.sign(message, false, undefined, undefined, at_sign)
|
|
const res = await context.verify<string>(jwt, undefined, at_verify)
|
|
if (result) {
|
|
res.expect("The JWT should be valid")
|
|
} else {
|
|
res.expect_err("The JWT shouldn't be valid")
|
|
}
|
|
})
|
|
}
|
|
})
|
|
test("Expired JWT is rejected", async () => {
|
|
const message = "yeet"
|
|
|
|
const jwt = await c.sign(message, false, "5min")
|
|
|
|
const today = new Date()
|
|
today.setDate(today.getDate() + 1)
|
|
setSystemTime(today)
|
|
|
|
const res = await c.verify<string>(jwt)
|
|
res.expect_err("Shouldn't verify expired JWT")
|
|
})
|
|
test("Wrong key won't decrypt", async () => {
|
|
const alg = "HS256"
|
|
const k2 = await JWTcontext.gen_key(alg, false)
|
|
const c2 = new JWTcontext(k2, alg)
|
|
|
|
const message = "yeet"
|
|
const jwt = await c.sign(message)
|
|
const res = await c2.verify<string>(jwt)
|
|
|
|
res.expect_err("Shouldn't verify with a different key")
|
|
})
|
|
test("tampered JWT are rejected", async () => {
|
|
const message = "yeet"
|
|
let jwt = await c.sign(message)
|
|
|
|
if (jwt[0] === "a") jwt = "b" + jwt.substring(1)
|
|
else jwt = "a" + jwt.substring(1)
|
|
|
|
const res = await c.verify<string>(jwt)
|
|
res.expect_err("Shouldn't verify a tampered JWT")
|
|
})
|