@Test public void load_secret_key_from_settings() { setSecretKey(A_SECRET_KEY); underTest.start(); assertThat(settings.getString("sonar.auth.jwtBase64Hs256Secret")).isEqualTo(A_SECRET_KEY); }
@Test public void generate_token_with_property() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = underTest.encode(new JwtSession(USER_LOGIN, 10, ImmutableMap.of("custom", "property"))); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); assertThat(claims.get("custom")).isEqualTo("property"); }
@Test public void generate_new_secret_key_if_not_set_by_settings() { assertThat(underTest.getSecretKey()).isNull(); underTest.start(); assertThat(underTest.getSecretKey()).isNotNull(); assertThat(underTest.getSecretKey().getAlgorithm()).isEqualTo(SignatureAlgorithm.HS256.getJcaName()); }
@Test public void generate_token_with_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); long expirationTimeInSeconds = 10L; String token = underTest.encode(new JwtSession(USER_LOGIN, expirationTimeInSeconds)); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + expirationTimeInSeconds * 1000L - 1000L); }
@Test public void generate_token_with_big_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); long oneYearInSeconds = 12 * 30 * 24 * 60 * 60L; String token = underTest.encode(new JwtSession(USER_LOGIN, oneYearInSeconds)); assertThat(token).isNotEmpty(); Claims claims = underTest.decode(token).get(); // Check expiration date it set to one year in the future assertThat(claims.getExpiration().getTime()).isGreaterThanOrEqualTo(now.getTime() + oneYearInSeconds * 1000L - 1000L); }
@Test public void decode_token() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); String token = underTest.encode(new JwtSession(USER_LOGIN, 20 * 60)); Claims claims = underTest.decode(token).get(); assertThat(claims.getId()).isNotEmpty(); assertThat(claims.getSubject()).isEqualTo(USER_LOGIN); assertThat(claims.getExpiration()).isNotNull(); assertThat(claims.getIssuedAt()).isNotNull(); // Check expiration date it set to more than 19 minutes in the future assertThat(claims.getExpiration()).isAfterOrEqualsTo(new Date(now.getTime() + 19 * 60 * 1000)); }
@Test public void generate_token() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = underTest.encode(new JwtSession(USER_LOGIN, 10)); assertThat(token).isNotEmpty(); }
@Test public void refresh_token_generate_a_new_hash() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = underTest.encode(new JwtSession(USER_LOGIN, 30)); Optional<Claims> claims = underTest.decode(token); String newToken = underTest.refresh(claims.get(), 45); assertThat(newToken).isNotEqualTo(token); }
@Test public void refresh_token() { setSecretKey(A_SECRET_KEY); underTest.start(); Date now = new Date(); Date createdAt = DateUtils.parseDate("2016-01-01"); // Expired in 10 minutes Date expiredAt = new Date(now.getTime() + 10 * 60 * 1000); Claims token = new DefaultClaims() .setId("id") .setSubject("subject") .setIssuer("sonarqube") .setIssuedAt(createdAt) .setExpiration(expiredAt); token.put("key", "value"); // Refresh the token with a higher expiration time String encodedToken = underTest.refresh(token, 20 * 60); Claims result = underTest.decode(encodedToken).get(); assertThat(result.getId()).isEqualTo("id"); assertThat(result.getSubject()).isEqualTo("subject"); assertThat(result.getIssuer()).isEqualTo("sonarqube"); assertThat(result.getIssuedAt()).isEqualTo(createdAt); assertThat(result.get("key")).isEqualTo("value"); // Expiration date has been changed assertThat(result.getExpiration()).isNotEqualTo(expiredAt) .isAfterOrEqualsTo(new Date(now.getTime() + 19 * 1000)); }
@Test public void return_no_token_when_expiration_date_is_reached() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void return_no_token_when_secret_key_has_changed() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey("LyWgHktP0FuHB2K+kMs3KWMCJyFHVZDdDSqpIxAMVaQ=")) .compact(); assertThat(underTest.decode(token)).isEmpty(); }
@Test public void fail_to_decode_token_when_no_id() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setSubject(USER_LOGIN) .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token id hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_subject() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setIssuedAt(new Date(system2.now())) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withoutLogin().andNoPublicMessage()); expectedException.expectMessage("Token subject hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_creation_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setSubject(USER_LOGIN) .setExpiration(new Date(system2.now() + 20 * 60 * 1000)) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token creation date hasn't been found"); underTest.decode(token); }
@Test public void fail_to_decode_token_when_no_expiration_date() { setSecretKey(A_SECRET_KEY); underTest.start(); String token = Jwts.builder() .setId("123") .setIssuer("sonarqube") .setSubject(USER_LOGIN) .setIssuedAt(new Date(system2.now())) .signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)) .compact(); expectedException.expect(authenticationException().from(Source.jwt()).withLogin(USER_LOGIN).andNoPublicMessage()); expectedException.expectMessage("Token expiration date hasn't been found"); underTest.decode(token); }