diff --git a/pan-domain-node/src/panda.ts b/pan-domain-node/src/panda.ts index ff33fcfa..23685879 100644 --- a/pan-domain-node/src/panda.ts +++ b/pan-domain-node/src/panda.ts @@ -46,7 +46,7 @@ export function createCookie(user: User, privateKey: string): string { return queryParamsString + "." + signature } -export function verifyUser(pandaCookie: string | undefined, publicKey: string, currentTimestamp: number, validateUser: ValidateUserFn): AuthenticationResult { +export function verifyUser(pandaCookie: string | undefined, publicKey: string, currentTime: Date, validateUser: ValidateUserFn): AuthenticationResult { if(!pandaCookie) { return { status: AuthenticationStatus.INVALID_COOKIE }; } @@ -57,6 +57,8 @@ export function verifyUser(pandaCookie: string | undefined, publicKey: string, c return { status: AuthenticationStatus.INVALID_COOKIE }; } + const currentTimestamp = currentTime.getTime(); + try { const user: User = parseUser(data); const isExpired = user.expires < currentTimestamp; @@ -124,8 +126,7 @@ export class PanDomainAuthentication { const cookies = cookie.parse(requestCookies); const pandaCookie = cookies[this.cookieName]; - const now = new Date().getTime(); - return verifyUser(pandaCookie, publicKey, now, this.validateUser); + return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser); }); } } diff --git a/pan-domain-node/test/panda.test.ts b/pan-domain-node/test/panda.test.ts index d0346e4d..3806cd97 100644 --- a/pan-domain-node/test/panda.test.ts +++ b/pan-domain-node/test/panda.test.ts @@ -13,28 +13,29 @@ import {decodeBase64} from "../src/utils"; describe('verifyUser', function () { test("return invalid cookie if missing", () => { - expect(verifyUser(undefined, "", 0, guardianValidation).status).toBe(AuthenticationStatus.INVALID_COOKIE); + expect(verifyUser(undefined, "", new Date(0), guardianValidation).status).toBe(AuthenticationStatus.INVALID_COOKIE); }); test("return invalid cookie for a malformed signature", () => { const [data, signature] = sampleCookie.split("."); const testCookie = data + ".1234"; - expect(verifyUser(testCookie, publicKey, 0, guardianValidation).status).toBe(AuthenticationStatus.INVALID_COOKIE); + expect(verifyUser(testCookie, publicKey, new Date(0), guardianValidation).status).toBe(AuthenticationStatus.INVALID_COOKIE); }); test("return expired", () => { - const someTimeInTheFuture = 5678; + const someTimeInTheFuture = new Date(5678); + expect(someTimeInTheFuture.getTime()).toBe(5678); expect(verifyUser(sampleCookie, publicKey, someTimeInTheFuture, guardianValidation).status).toBe(AuthenticationStatus.EXPIRED); }); test("return not authenticated if user fails validation function", () => { - expect(verifyUser(sampleCookieWithoutMultifactor, publicKey, 0, guardianValidation).status).toBe(AuthenticationStatus.NOT_AUTHORISED); - expect(verifyUser(sampleNonGuardianCookie, publicKey, 0, guardianValidation).status).toBe(AuthenticationStatus.NOT_AUTHORISED); + expect(verifyUser(sampleCookieWithoutMultifactor, publicKey, new Date(0), guardianValidation).status).toBe(AuthenticationStatus.NOT_AUTHORISED); + expect(verifyUser(sampleNonGuardianCookie, publicKey, new Date(0), guardianValidation).status).toBe(AuthenticationStatus.NOT_AUTHORISED); }); test("return authenticated", () => { - expect(verifyUser(sampleCookie, publicKey, 0, guardianValidation).status).toBe(AuthenticationStatus.AUTHORISED); + expect(verifyUser(sampleCookie, publicKey, new Date(0), guardianValidation).status).toBe(AuthenticationStatus.AUTHORISED); }); });