2016-08-07 14:44:33 +02:00
|
|
|
<?php
|
2017-10-12 10:13:20 +02:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
2016-08-07 14:44:33 +02:00
|
|
|
namespace ShlinkioTest\Shlink\Rest\Authentication;
|
|
|
|
|
|
|
|
use Firebase\JWT\JWT;
|
2017-03-24 20:34:18 +01:00
|
|
|
use PHPUnit\Framework\TestCase;
|
2016-08-07 14:44:33 +02:00
|
|
|
use Shlinkio\Shlink\Core\Options\AppOptions;
|
|
|
|
use Shlinkio\Shlink\Rest\Authentication\JWTService;
|
|
|
|
use Shlinkio\Shlink\Rest\Entity\ApiKey;
|
2019-02-16 10:53:45 +01:00
|
|
|
use Shlinkio\Shlink\Rest\Exception\AuthenticationException;
|
2018-10-28 08:34:02 +01:00
|
|
|
use function time;
|
2016-08-07 14:44:33 +02:00
|
|
|
|
|
|
|
class JWTServiceTest extends TestCase
|
|
|
|
{
|
2018-11-20 19:30:27 +01:00
|
|
|
/** @var JWTService */
|
2018-11-20 19:37:22 +01:00
|
|
|
private $service;
|
2016-08-07 14:44:33 +02:00
|
|
|
|
2019-02-16 10:53:45 +01:00
|
|
|
public function setUp(): void
|
2016-08-07 14:44:33 +02:00
|
|
|
{
|
|
|
|
$this->service = new JWTService(new AppOptions([
|
|
|
|
'name' => 'ShlinkTest',
|
|
|
|
'version' => '10000.3.1',
|
|
|
|
'secret_key' => 'foo',
|
|
|
|
]));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function tokenIsProperlyCreated()
|
|
|
|
{
|
2018-09-15 10:03:42 +02:00
|
|
|
$id = '34';
|
2016-08-07 14:44:33 +02:00
|
|
|
$token = $this->service->create((new ApiKey())->setId($id));
|
|
|
|
$payload = (array) JWT::decode($token, 'foo', [JWTService::DEFAULT_ENCRYPTION_ALG]);
|
|
|
|
$this->assertGreaterThanOrEqual($payload['iat'], time());
|
|
|
|
$this->assertGreaterThan(time(), $payload['exp']);
|
|
|
|
$this->assertEquals($id, $payload['key']);
|
|
|
|
$this->assertEquals('auth', $payload['sub']);
|
|
|
|
$this->assertEquals('ShlinkTest:v10000.3.1', $payload['iss']);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function refreshIncreasesExpiration()
|
|
|
|
{
|
|
|
|
$originalLifetime = 10;
|
|
|
|
$newLifetime = 30;
|
|
|
|
$originalPayload = ['exp' => time() + $originalLifetime];
|
|
|
|
$token = JWT::encode($originalPayload, 'foo');
|
|
|
|
$newToken = $this->service->refresh($token, $newLifetime);
|
|
|
|
$newPayload = (array) JWT::decode($newToken, 'foo', [JWTService::DEFAULT_ENCRYPTION_ALG]);
|
|
|
|
|
|
|
|
$this->assertGreaterThan($originalPayload['exp'], $newPayload['exp']);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function verifyReturnsTrueWhenTheTokenIsCorrect()
|
|
|
|
{
|
|
|
|
$this->assertTrue($this->service->verify(JWT::encode([], 'foo')));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function verifyReturnsFalseWhenTheTokenIsCorrect()
|
|
|
|
{
|
|
|
|
$this->assertFalse($this->service->verify('invalidToken'));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
*/
|
|
|
|
public function getPayloadWorksWithCorrectTokens()
|
|
|
|
{
|
|
|
|
$originalPayload = [
|
|
|
|
'exp' => time() + 10,
|
|
|
|
'sub' => 'testing',
|
|
|
|
];
|
|
|
|
$token = JWT::encode($originalPayload, 'foo');
|
|
|
|
$this->assertEquals($originalPayload, $this->service->getPayload($token));
|
|
|
|
}
|
|
|
|
|
2019-02-16 10:53:45 +01:00
|
|
|
/** @test */
|
2016-08-07 14:44:33 +02:00
|
|
|
public function getPayloadThrowsExceptionWithIncorrectTokens()
|
|
|
|
{
|
2019-02-16 10:53:45 +01:00
|
|
|
$this->expectException(AuthenticationException::class);
|
2016-08-07 14:44:33 +02:00
|
|
|
$this->service->getPayload('invalidToken');
|
|
|
|
}
|
|
|
|
}
|