-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into feat/proactive-token-refresh
- Loading branch information
Showing
10 changed files
with
204 additions
and
170 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
151 changes: 87 additions & 64 deletions
151
packages/adapter-nextjs/__tests__/utils/createTokenValidator.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,85 +1,108 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
import { CognitoJwtVerifier } from 'aws-jwt-verify'; | ||
|
||
import { isValidCognitoToken } from '../../src/utils/isValidCognitoToken'; | ||
import { createTokenValidator } from '../../src/utils/createTokenValidator'; | ||
import { JwtVerifier } from '../../src/types'; | ||
|
||
jest.mock('aws-jwt-verify'); | ||
jest.mock('../../src/utils/isValidCognitoToken'); | ||
|
||
const mockIsValidCognitoToken = isValidCognitoToken as jest.Mock; | ||
|
||
const userPoolId = 'userPoolId'; | ||
const userPoolClientId = 'clientId'; | ||
const tokenValidatorInput = { | ||
userPoolId, | ||
userPoolClientId, | ||
}; | ||
const accessToken = { | ||
key: 'CognitoIdentityServiceProvider.clientId.usersub.accessToken', | ||
value: | ||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMTEiLCJpc3MiOiJodHRwc', | ||
}; | ||
const idToken = { | ||
key: 'CognitoIdentityServiceProvider.clientId.usersub.idToken', | ||
value: 'eyJzdWIiOiIxMTEiLCJpc3MiOiJodHRwc.XAiOiJKV1QiLCJhbGciOiJIUzI1NiJ', | ||
}; | ||
|
||
const tokenValidator = createTokenValidator({ | ||
userPoolId, | ||
userPoolClientId, | ||
}); | ||
describe('createTokenValidator', () => { | ||
const userPoolId = 'userPoolId'; | ||
const userPoolClientId = 'clientId'; | ||
const accessToken = { | ||
key: 'CognitoIdentityServiceProvider.clientId.usersub.accessToken', | ||
value: 'access-token-value', | ||
}; | ||
const idToken = { | ||
key: 'CognitoIdentityServiceProvider.clientId.usersub.idToken', | ||
value: 'id-token-value', | ||
}; | ||
|
||
const mockIsValidCognitoToken = jest.mocked(isValidCognitoToken); | ||
const mockCognitoJwtVerifier = { | ||
create: jest.mocked(CognitoJwtVerifier.create), | ||
}; | ||
|
||
describe('Validator', () => { | ||
afterEach(() => { | ||
jest.resetAllMocks(); | ||
}); | ||
it('should return a validator', () => { | ||
expect(createTokenValidator(tokenValidatorInput)).toBeDefined(); | ||
mockIsValidCognitoToken.mockClear(); | ||
}); | ||
|
||
it('should return true for non-token keys', async () => { | ||
const result = await tokenValidator.getItem?.('mockKey', 'mockValue'); | ||
expect(result).toBe(true); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledTimes(0); | ||
it('should return a token validator', () => { | ||
expect( | ||
createTokenValidator({ | ||
userPoolId, | ||
userPoolClientId, | ||
}), | ||
).toStrictEqual({ | ||
getItem: expect.any(Function), | ||
}); | ||
}); | ||
|
||
it('should return true for valid accessToken', async () => { | ||
mockIsValidCognitoToken.mockImplementation(() => Promise.resolve(true)); | ||
|
||
const result = await tokenValidator.getItem?.( | ||
accessToken.key, | ||
accessToken.value, | ||
); | ||
|
||
expect(result).toBe(true); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledTimes(1); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledWith({ | ||
userPoolId, | ||
clientId: userPoolClientId, | ||
token: accessToken.value, | ||
tokenType: 'access', | ||
describe('created token validator', () => { | ||
afterEach(() => { | ||
mockCognitoJwtVerifier.create.mockReset(); | ||
}); | ||
}); | ||
|
||
it('should return true for valid idToken', async () => { | ||
mockIsValidCognitoToken.mockImplementation(() => Promise.resolve(true)); | ||
|
||
const result = await tokenValidator.getItem?.(idToken.key, idToken.value); | ||
expect(result).toBe(true); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledTimes(1); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledWith({ | ||
userPoolId, | ||
clientId: userPoolClientId, | ||
token: idToken.value, | ||
tokenType: 'id', | ||
it('should return true if key is not for access or id tokens', async () => { | ||
const tokenValidator = createTokenValidator({ | ||
userPoolId, | ||
userPoolClientId, | ||
}); | ||
|
||
expect(await tokenValidator.getItem?.('key', 'value')).toBe(true); | ||
expect(mockIsValidCognitoToken).not.toHaveBeenCalled(); | ||
}); | ||
}); | ||
|
||
it('should return false if invalid tokenType is access', async () => { | ||
mockIsValidCognitoToken.mockImplementation(() => Promise.resolve(false)); | ||
it('should return false if validator created without user pool or client ids', async () => { | ||
const tokenValidator = createTokenValidator({}); | ||
|
||
const result = await tokenValidator.getItem?.(idToken.key, idToken.value); | ||
expect(result).toBe(false); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledTimes(1); | ||
expect( | ||
await tokenValidator.getItem?.(accessToken.key, accessToken.value), | ||
).toBe(false); | ||
expect(await tokenValidator.getItem?.(idToken.key, idToken.value)).toBe( | ||
false, | ||
); | ||
expect(mockIsValidCognitoToken).not.toHaveBeenCalled(); | ||
}); | ||
|
||
describe.each([ | ||
{ tokenUse: 'access', token: accessToken }, | ||
{ tokenUse: 'id', token: idToken }, | ||
])('$tokenUse token verifier', ({ tokenUse, token }) => { | ||
const mockTokenVerifier = {} as JwtVerifier; | ||
const tokenValidator = createTokenValidator({ | ||
userPoolId, | ||
userPoolClientId, | ||
}); | ||
|
||
beforeAll(() => { | ||
mockCognitoJwtVerifier.create.mockReturnValue(mockTokenVerifier); | ||
}); | ||
|
||
it('should create a jwt verifier and use it to validate', async () => { | ||
await tokenValidator.getItem?.(token.key, token.value); | ||
|
||
expect(mockCognitoJwtVerifier.create).toHaveBeenCalledWith({ | ||
userPoolId, | ||
clientId: userPoolClientId, | ||
tokenUse, | ||
}); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalledWith({ | ||
token: token.value, | ||
verifier: mockTokenVerifier, | ||
}); | ||
}); | ||
|
||
it('should not re-create the jwt verifier', async () => { | ||
await tokenValidator.getItem?.(token.key, token.value); | ||
|
||
expect(mockCognitoJwtVerifier.create).not.toHaveBeenCalled(); | ||
expect(mockIsValidCognitoToken).toHaveBeenCalled(); | ||
}); | ||
}); | ||
}); | ||
}); |
Oops, something went wrong.