All files / test AccessTokenSpec.js

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
 
 
 
 
1x
1x
1x
1x
 
 
 
 
1x
1x
1x
1x
 
 
 
 
1x
1x
1x
1x
 
 
 
 
1x
1x
 
 
1x
1x
 
1x
 
1x
 
1x
 
1x
 
 
 
 
 
1x
1x
1x
 
 
 
1x
1x
1x
 
1x
1x
 
 
 
1x
1x
 
1x
1x
 
1x
 
1x
1x
1x
 
 
1x
1x
 
1x
1x
 
1x
 
 
1x
1x
1x
1x
 
 
 
 
 
1x
 
 
1x
3x
 
 
 
 
 
 
1x
1x
 
1x
1x
1x
1x
 
 
1x
1x
 
1x
1x
 
1x
1x
 
1x
 
1x
 
1x
1x
1x
 
1x
 
 
1x
1x
 
1x
1x
 
1x
1x
1x
 
1x
 
 
1x
 
 
 
 
'use strict'
 
/**
 * Test dependencies
 */
const chai = require('chai')
const fs = require('fs')
const path = require('path')
const { JWT } = require('@trust/jose')
 
/**
 * Assertions
 */
chai.use(require('dirty-chai'))
chai.use(require('chai-as-promised'))
chai.should()
let expect = chai.expect
 
/**
 * Code under test
 */
const Provider = require('../src/Provider')
const AccessToken = require('../src/AccessToken')
const AccessTokenSchema = require('../src/schemas/AccessTokenSchema')
const MemoryStore = require('../src/backends/MemoryStore')
 
/**
 * Tests
 */
describe('AccessToken', () => {
  const providerUri = 'https://example.com'
  var provider
 
  before(() => {
    let configPath = path.join(__dirname, 'config', 'provider.json')
 
    let storedConfig = JSON.parse(fs.readFileSync(configPath, 'utf8'))
 
    provider = new Provider(storedConfig)
 
    provider.inject({ backend: new MemoryStore() })
 
    return provider.initializeKeyChain(provider.keys)
  })
 
  /**
   * Schema
   */
  describe('schema', () => {
    it('should reference the AccessToken Schema', () => {
      AccessToken.schema.should.equal(AccessTokenSchema)
    })
  })
 
  describe('random', () => {
    it('should return a random string', () => {
      let result = AccessToken.random(8)  // 8 bytes / 16 chars
 
      expect(typeof result).to.equal('string')
      expect(result.length).to.equal(16)
    })
  })
 
  describe('issueForRequest()', () => {
    describe('authentication requests', () => {
      let code
      let subject = { _id: 'user123' }
      let client = { 'client_id': 'client123' }
      let request, response
      let params = {}
 
      beforeEach(() => {
        request = { params, code, provider, client, subject }
        response = {}
      })
 
      it('should issue an access token', () => {
        return AccessToken.issueForRequest(request, response)
          .then(res => {
            expect(res['token_type']).to.equal('Bearer')
            expect(res['expires_in']).to.equal(3600)
 
            return JWT.decode(res['access_token'])
          })
          .then(token => {
            expect(token.type).to.equal('JWS')
            expect(token.header.alg).to.equal('RS256')
            expect(token.payload.iss).to.equal(providerUri)
            expect(token.payload.sub).to.equal('user123')
          })
      })
    })
  })
 
  describe('issue()', () => {
    let options
 
    beforeEach(() => {
      options = {
        aud: 'client123',
        sub: 'user123',
        scope: 'openid profile'
      }
    })
 
    it('should issue an access token', () => {
      let token = AccessToken.issue(provider, options)
 
      expect(token.payload.iss).to.equal(provider.issuer)
      expect(token.payload.aud).to.equal('client123')
      expect(token.payload.sub).to.equal('user123')
      expect(token.payload.scope).to.equal('openid profile')
    })
 
    it('should issue an access token with passed in values', () => {
      options.alg = 'RS512'
 
      let randomId = AccessToken.random(8)
      options.jti = randomId
 
      let now = Math.floor(Date.now() / 1000)
      options.iat = now
 
      options.max = 3000
 
      let token = AccessToken.issue(provider, options)
 
      expect(token.payload.jti).to.equal(randomId)
      expect(token.payload.iat).to.equal(now)
      expect(token.payload.exp - token.payload.iat).to.equal(3000)
 
      expect(token.header.alg).to.equal('RS512')
    })
 
    it('should init with defaults', () => {
      let token = AccessToken.issue(provider, options)
 
      expect(token.header.alg).to.equal(AccessToken.DEFAULT_SIG_ALGORITHM)
      expect(token.header.kid).to.exist()
 
      expect(token.payload.jti).to.exist()
      expect(token.payload.exp).to.exist()
      expect(token.payload.iat).to.exist()
 
      expect(token.payload.exp - token.payload.iat)
        .to.equal(AccessToken.DEFAULT_MAX_AGE)
 
      expect(token.key).to.exist()
    })
  })
})