@Test public void validate_token_does_not_refresh_session_when_token_is_no_more_valid() { addJwtCookie(); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.empty()); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); }
@Test public void validate_token_does_not_refresh_session_when_user_is_disabled() { addJwtCookie(); UserDto user = addUser(false); Claims claims = createToken(user.getLogin(), NOW); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); }
@Test public void validate_token() { UserDto user = db.users().insertUser(); addJwtCookie(); Claims claims = createToken(user.getUuid(), NOW); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer, never()).encode(any(JwtSerializer.JwtSession.class)); }
@Test public void validate_token_refresh_session_when_refresh_time_is_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 6 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("lastRefreshTime", SIX_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer).refresh(any(Claims.class), eq(3 * 24 * 60 * 60)); }
@Test public void generate_token_with_property() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = underTest.encode(new JwtSession(USER_LOGIN, 10, ImmutableMap.of("custom", "property"))); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); assertThat(claims.get("custom")).isEqualTo("property"); }
@Test public void validate_token_does_not_refresh_session_when_refresh_time_is_not_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 4 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("lastRefreshTime", FOUR_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isTrue(); verify(jwtSerializer, never()).refresh(any(Claims.class), anyInt()); }
@Test public void validate_token_does_not_refresh_session_when_disconnected_timeout_is_reached() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 4 months ago, refreshed 4 minutes ago, and it expired in 5 minutes Claims claims = createToken(user.getUuid(), NOW - (4L * 30 * 24 * 60 * 60 * 1000)); claims.setExpiration(new Date(NOW + 5 * 60 * 1000)); claims.put("lastRefreshTime", FOUR_MINUTES_AGO); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); assertThat(underTest.validateToken(request, response).isPresent()).isFalse(); }
@Test public void generate_token_with_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); long expirationTimeInSeconds = 10L; String token = underTest.encode(new JwtSession(USER_LOGIN, expirationTimeInSeconds)); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + expirationTimeInSeconds * 1000L - 1000L); }
@Test public void generate_token_with_big_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); long oneYearInSeconds = 12 * 30 * 24 * 60 * 60L; String token = underTest.encode(new JwtSession(USER_LOGIN, oneYearInSeconds)); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); // Check expiration date it set to one year in the future assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + oneYearInSeconds * 1000L - 1000L); }
@Test public void decode_fail_when_not_started() { expectedException.expect(NullPointerException.class); expectedException.expectMessage("org.sonar.server.authentication.JwtSerializer not started"); underTest.decode("token"); }
@Test public void decode_token() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); String token = underTest.encode(new JwtSession(USER_LOGIN, 20 * 60)); Claims claims = underTest.decode(token).get(); assertThat(claims.getId()).isNotEmpty(); assertThat(claims.getSubject()).isEqualTo(USER_LOGIN); assertThat(claims.getExpiration()).isNotNull(); assertThat(claims.getIssuedAt()).isNotNull(); // Check expiration date it set to more than 19 minutes in the future assertThat(claims.getExpiration()).isAfterOrEqualsTo(new Date(now.getTime() + 19 * 60 * 1000)); }
@Test public void validate_token_refresh_state_when_refreshing_token() { UserDto user = db.users().insertUser(); addJwtCookie(); // Token was created 10 days ago and refreshed 6 minutes ago Claims claims = createToken(user.getUuid(), TEN_DAYS_AGO); claims.put("xsrfToken", "CSRF_STATE"); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); underTest.validateToken(request, response); verify(jwtSerializer).refresh(any(Claims.class), anyInt()); verify(jwtCsrfVerifier).refreshState(request, response, "CSRF_STATE", 3 * 24 * 60 * 60); }
@Test public void validate_token_verify_csrf_state() { UserDto user = db.users().insertUser(); addJwtCookie(); Claims claims = createToken(user.getUuid(), NOW); claims.put("xsrfToken", CSRF_STATE); when(jwtSerializer.decode(JWT_TOKEN)).thenReturn(Optional.of(claims)); underTest.validateToken(request, response); verify(jwtCsrfVerifier).verifyState(request, CSRF_STATE, user.getUuid()); }
@Test public void refresh_token_generate_a_new_hash() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = underTest.encode(new JwtSession(USER_LOGIN, 30)); Optional<Claims> claims = underTest.decode(token); String newToken = underTest.refresh(claims.get(), 45); assertThat(newToken).isNotEqualTo(token); }
@Test public void return_no_token_when_expiration_date_is_reached() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void return_no_token_when_secret_key_has_changed() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey("LyWgHktP0FuHB2K+kMs3KWMCJyFHVZDdDSqpIxAMVaQ=")) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void fail_to_decode_token_when_no_id() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setSubject(USER_LOGIN) .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token id hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_subject() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withoutLogin().andNoPublicMessage()); expectedException.expectMessage("Token subject hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_creation_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token creation date hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token expiration date hasn't been found"); underTest.decode(token); }