-
Notifications
You must be signed in to change notification settings - Fork 440
Expand file tree
/
Copy pathrequest_azp.test.ts
More file actions
132 lines (110 loc) · 3.52 KB
/
request_azp.test.ts
File metadata and controls
132 lines (110 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
import { describe, expect, test, vi } from 'vitest';
import { TokenVerificationErrorReason } from '../../errors';
import { decodeJwt } from '../../jwt/verifyJwt';
import { authenticateRequest } from '../request';
import { verifyToken } from '../verify';
vi.mock('../verify', () => ({
verifyToken: vi.fn(),
verifyMachineAuthToken: vi.fn(),
}));
vi.mock('../../jwt/verifyJwt', () => ({
decodeJwt: vi.fn(),
}));
describe('authenticateRequest with cookie token', () => {
test('throws TokenMissingAzp when azp claim is missing', async () => {
const payload = {
sub: 'user_123',
sid: 'sess_123',
iat: 1234567891,
exp: 1234567991,
// azp is missing
};
// Mock verifyToken to return a payload without azp
vi.mocked(verifyToken).mockResolvedValue({
data: payload as any,
errors: undefined,
});
// Mock decodeJwt to return the same payload
vi.mocked(decodeJwt).mockReturnValue({
data: { payload } as any,
errors: undefined,
});
const request = new Request('http://localhost:3000', {
headers: {
cookie: '__session=mock_token; __client_uat=1234567890',
},
});
const options = {
publishableKey: 'pk_live_Y2xlcmsuaW5zcGlyZWQucHVtYS03NC5sY2wuZGV2JA',
secretKey: 'sk_live_deadbeef',
};
const result = await authenticateRequest(request, options);
expect(result.status).toBe('signed-out');
expect(result.reason).toBe(TokenVerificationErrorReason.TokenMissingAzp);
expect(result.message).toBe(
'Session tokens from cookies must have an azp claim. (reason=token-missing-azp, token-carrier=cookie)',
);
});
test('succeeds when azp claim is present', async () => {
const payload = {
sub: 'user_123',
sid: 'sess_123',
iat: 1234567891,
exp: 1234567991,
azp: 'http://localhost:3000',
};
// Mock verifyToken to return a payload with azp
vi.mocked(verifyToken).mockResolvedValue({
data: payload as any,
errors: undefined,
});
// Mock decodeJwt to return the same payload
vi.mocked(decodeJwt).mockReturnValue({
data: { payload } as any,
errors: undefined,
});
const request = new Request('http://localhost:3000', {
headers: {
cookie: '__session=mock_token; __client_uat=1234567890',
},
});
const options = {
publishableKey: 'pk_live_Y2xlcmsuaW5zcGlyZWQucHVtYS03NC5sY2wuZGV2JA',
secretKey: 'sk_live_deadbeef',
};
const result = await authenticateRequest(request, options);
expect(result.isSignedIn).toBe(true);
});
});
describe('authenticateRequest with header token', () => {
test('succeeds when azp claim is missing', async () => {
const payload = {
sub: 'user_123',
sid: 'sess_123',
iat: 1234567891,
exp: 1234567991,
// azp is missing
};
// Mock verifyToken to return a payload without azp
vi.mocked(verifyToken).mockResolvedValue({
data: payload as any,
errors: undefined,
});
// Mock decodeJwt to return the same payload
vi.mocked(decodeJwt).mockReturnValue({
data: { payload } as any,
errors: undefined,
});
const request = new Request('http://localhost:3000', {
headers: {
authorization: 'Bearer mock_token',
},
});
const options = {
publishableKey: 'pk_live_Y2xlcmsuaW5zcGlyZWQucHVtYS03NC5sY2wuZGV2JA',
secretKey: 'sk_live_deadbeef',
};
const result = await authenticateRequest(request, options);
expect(result.isSignedIn).toBe(true);
});
});