1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# frozen_string_literal: true
RSpec.describe JWT::Claims do
let(:payload) { { 'pay' => 'load' } }
describe '.verify_payload!' do
context 'when required_claims is passed' do
it 'raises error' do
expect { described_class.verify_payload!(payload, required: ['exp']) }.to raise_error(JWT::MissingRequiredClaim, 'Missing required claim exp')
end
end
context 'exp claim' do
let(:payload) { { 'exp' => Time.now.to_i - 10, 'pay' => 'load' } }
it 'verifies the exp' do
described_class.verify_payload!(payload, required: ['exp'])
expect { described_class.verify_payload!(payload, exp: {}) }.to raise_error(JWT::ExpiredSignature, 'Signature has expired')
described_class.verify_payload!(payload, exp: { leeway: 1000 })
end
context 'when claims given as symbol' do
it 'validates the claim' do
expect { described_class.verify_payload!(payload, :exp) }.to raise_error(JWT::ExpiredSignature, 'Signature has expired')
end
end
context 'when claims given as a list of symbols' do
it 'validates the claim' do
expect { described_class.verify_payload!(payload, :exp, :nbf) }.to raise_error(JWT::ExpiredSignature, 'Signature has expired')
end
end
context 'when claims given as a list of symbols and hashes' do
it 'validates the claim' do
expect { described_class.verify_payload!(payload, { exp: { leeway: 1000 }, nbf: {} }, :exp, :nbf) }.to raise_error(JWT::ExpiredSignature, 'Signature has expired')
end
end
end
end
describe '.valid_payload?' do
context 'exp claim' do
let(:payload) { { 'exp' => Time.now.to_i - 10, 'pay' => 'load' } }
context 'when claim is valid' do
it 'returns true' do
expect(described_class.valid_payload?(payload, exp: { leeway: 1000 })).to be(true)
end
end
context 'when claim is invalid' do
it 'returns false' do
expect(described_class.valid_payload?(payload, :exp)).to be(false)
end
end
end
context 'various types of params' do
context 'when payload is missing most of the claims' do
it 'raises an error' do
expect do
described_class.verify_payload!(payload,
:nbf,
iss: ['www.host.com', 'https://other.host.com'].freeze,
aud: 'aud',
exp: { leeway: 10 })
end.to raise_error(JWT::InvalidIssuerError)
end
end
context 'when payload has everything that is expected of it' do
let(:payload) { { 'iss' => 'www.host.com', 'aud' => 'audience', 'exp' => Time.now.to_i - 10, 'pay' => 'load' } }
it 'does not raise' do
expect do
described_class.verify_payload!(payload,
:nbf,
iss: ['www.host.com', 'https://other.host.com'].freeze,
aud: 'audience',
exp: { leeway: 11 })
end.not_to raise_error
end
end
end
end
describe '.payload_errors' do
context 'exp claim' do
let(:payload) { { 'exp' => Time.now.to_i - 10, 'pay' => 'load' } }
context 'when claim is valid' do
it 'returns empty array' do
expect(described_class.payload_errors(payload, exp: { leeway: 1000 })).to be_empty
end
end
context 'when claim is invalid' do
it 'returns array with error objects' do
expect(described_class.payload_errors(payload, :exp).map(&:message)).to eq(['Signature has expired'])
end
end
end
context 'various types of params' do
let(:payload) { { 'exp' => Time.now.to_i - 10, 'pay' => 'load' } }
context 'when payload is most of the claims' do
it 'raises an error' do
messages = described_class.payload_errors(payload,
:nbf,
iss: ['www.host.com', 'https://other.host.com'].freeze,
aud: 'aud',
exp: { leeway: 10 }).map(&:message)
expect(messages).to eq(['Invalid issuer. Expected ["www.host.com", "https://other.host.com"], received <none>',
'Invalid audience. Expected aud, received <none>',
'Signature has expired'])
end
end
end
end
end
|
