Skip to content

Commit

Permalink
refactor: fix unit tests and assign allowedIss default based on domain
Browse files Browse the repository at this point in the history
  • Loading branch information
toomuchdesign committed Apr 21, 2023
1 parent 735ba15 commit ed61ae6
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 15 deletions.
18 changes: 13 additions & 5 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -41,28 +41,36 @@ function verifyOptions(options) {
// Prepare verification options
const verify = Object.assign({}, options, { algorithms: [] })

let domainURLObject
// @NOTE This is going to be renamed domain once we rename current domain :)
let domainOrigin

if (domain) {
domain = domain.toString()

// Normalize the domain in order to get a complete URL for JWKS fetching
if (!domain.match(/^http(?:s?)/)) {
domain = new URL(`https://${domain}`).toString()
domainURLObject = new URL(`https://${domain}`)
domain = domainURLObject.toString()
} else {
// adds missing trailing slash if it's not been provided in the config
domain = new URL(domain).toString()
domainURLObject = new URL(domain)
domain = domainURLObject.toString()
}

domainOrigin = domainURLObject.origin + '/'

verify.algorithms.push('RS256')
// @TODO normalize issuer url like done for domain
verify.allowedIss = issuer || domain
verify.allowedIss = issuer || domainOrigin

if (audience) {
verify.allowedAud = domain
verify.allowedAud = domainOrigin
}
}

if (audience) {
verify.allowedAud = audience === true ? domain : audience
verify.allowedAud = audience === true ? domainOrigin : audience
}

if (secret) {
Expand Down
37 changes: 27 additions & 10 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -553,14 +553,13 @@ describe('RS256 JWT token validation', function () {
let server

beforeEach(async function () {
server = await buildServer({ domain: 'https://localhost/' })
server = await buildServer({ domain: 'https://localhost/.well-known/jwks.json' })
})

afterEach(() => server.close())

beforeEach(function () {
nock.disableNetConnect()

nock('https://localhost/').get('/.well-known/jwks.json').reply(200, jwks)
})

Expand All @@ -585,9 +584,12 @@ describe('RS256 JWT token validation', function () {
})
})

it('should make the complete token informations available through request.user', async function () {
it('should make the complete token information available through request.user', async function () {
await server.close()
server = await buildServer({ domain: 'localhost', complete: true })
server = await buildServer({
domain: 'https://localhost/.well-known/jwks.json',
complete: true
})

const response = await server.inject({
method: 'GET',
Expand Down Expand Up @@ -615,7 +617,10 @@ describe('RS256 JWT token validation', function () {

it('should validate the audience', async function () {
await server.close()
server = await buildServer({ domain: 'localhost', audience: 'foo' })
server = await buildServer({
domain: 'https://localhost/.well-known/jwks.json',
audience: 'foo'
})

const response = await server.inject({
method: 'GET',
Expand All @@ -635,7 +640,11 @@ describe('RS256 JWT token validation', function () {

it('should validate the audience using the domain', async function () {
await server.close()
server = await buildServer({ domain: 'localhost', audience: true, secret: 'secret' })
server = await buildServer({
domain: 'https://localhost/.well-known/jwks.json',
audience: true,
secret: 'secret'
})

const response = await server.inject({
method: 'GET',
Expand All @@ -653,10 +662,10 @@ describe('RS256 JWT token validation', function () {
})
})

it('should validate with multiple audiences ', async function () {
it('should validate with multiple audiences', async function () {
await server.close()
server = await buildServer({
domain: 'localhost',
domain: 'https://localhost/.well-known/jwks.json',
audience: ['https://otherhost/', 'foo', 'https://somehost/'],
secret: 'secret'
})
Expand Down Expand Up @@ -798,7 +807,11 @@ describe('RS256 JWT token validation', function () {

it('should correctly get the key again from the well-known URL if cache expired', async function () {
await server.close()
server = await buildServer({ domain: 'localhost', secret: 'secret', secretsTtl: 10 })
server = await buildServer({
domain: 'https://localhost/.well-known/jwks.json',
secret: 'secret',
secretsTtl: 10
})

let response

Expand Down Expand Up @@ -831,7 +844,11 @@ describe('RS256 JWT token validation', function () {

it('should not cache the key if cache was disabled', async function () {
await server.close()
server = await buildServer({ domain: 'localhost', secret: 'secret', secretsTtl: 0 })
server = await buildServer({
domain: 'https://localhost/.well-known/jwks.json',
secret: 'secret',
secretsTtl: 0
})

let response

Expand Down

0 comments on commit ed61ae6

Please sign in to comment.