Skip to content

Commit

Permalink
Pass access/refresh claims to session for claim verification
Browse files Browse the repository at this point in the history
  • Loading branch information
floriandejonckheere committed Sep 19, 2024
1 parent 59a1534 commit cfc786f
Show file tree
Hide file tree
Showing 2 changed files with 111 additions and 2 deletions.
11 changes: 9 additions & 2 deletions lib/jwt_sessions/authorization.rb
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,11 @@ def request_method
end

def valid_csrf_token?(csrf_token, token_type)
JWTSessions::Session.new.valid_csrf?(found_token, csrf_token, token_type)
JWTSessions::Session.new(claims).valid_csrf?(found_token, csrf_token, token_type)
end

def session_exists?(token_type)
JWTSessions::Session.new.session_exists?(found_token, token_type)
JWTSessions::Session.new(claims).session_exists?(found_token, token_type)
end

def cookieless_auth(token_type)
Expand Down Expand Up @@ -150,5 +150,12 @@ def authorize_request(token_type)
invalid_authorization unless session_exists?(token_type)
check_csrf(token_type)
end

def claims
{
access_claims: token_claims,
refresh_claims: token_claims
}
end
end
end
102 changes: 102 additions & 0 deletions test/units/jwt_sessions/test_authorization.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,22 @@
class TestAuthorization < Minitest::Test
include JWTSessions::Authorization

def token_claims
{
iss: "issuer",
aud: "audience",
}
end

def setup
JWTSessions.signing_key = "abcdefghijklmnopqrstuvwxyzABCDEF"
end

def teardown
JWTSessions.jwt_options[:verify_iss] = false
JWTSessions.jwt_options[:verify_aud] = false
end

def test_payload_when_token_is_nil
@_raw_token = nil

Expand All @@ -23,4 +35,94 @@ def test_payload_when_token_is_present
assert_equal payload['user_id'], 1
assert_equal payload['secret'], 'mystery'
end

def test_verify_iss
JWTSessions.jwt_options[:verify_iss] = true

session = JWTSessions::Session.new(payload: { user_id: 1, iss: "issuer" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid, iss: "issuer" })

assert session_exists?(:access)
end

def test_verify_iss_when_iss_is_not_correct
JWTSessions.jwt_options[:verify_iss] = true

session = JWTSessions::Session.new(payload: { user_id: 1, iss: "issuer" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid, iss: "another_issuer" })

assert !session_exists?(:access)
end

def test_verify_iss_when_iss_is_not_present
JWTSessions.jwt_options[:verify_iss] = true

session = JWTSessions::Session.new(payload: { user_id: 1, iss: "issuer" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid })

assert !session_exists?(:access)
end

def test_verify_aud
JWTSessions.jwt_options[:verify_aud] = true

session = JWTSessions::Session.new(payload: { user_id: 1, aud: "audience" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid, aud: "audience" })

assert session_exists?(:access)
end

def test_verify_aud_when_aud_is_not_correct
JWTSessions.jwt_options[:verify_aud] = true

session = JWTSessions::Session.new(payload: { user_id: 1, aud: "audience" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid, aud: "another_audience" })

assert !session_exists?(:access)
end

def test_verify_aud_when_aud_is_not_present
JWTSessions.jwt_options[:verify_aud] = true

session = JWTSessions::Session.new(payload: { user_id: 1, aud: "audience" })
tokens = session.login

# Extract uid from access token
uid = JWT.decode(tokens[:access], JWTSessions.public_key).first["uid"]

@_raw_token =
JWTSessions::Token.encode({ user_id: 1, uid: uid })

assert !session_exists?(:access)
end
end

0 comments on commit cfc786f

Please sign in to comment.