diff options
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/omni_auth/strategies/jwt_spec.rb | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/spec/lib/omni_auth/strategies/jwt_spec.rb b/spec/lib/omni_auth/strategies/jwt_spec.rb new file mode 100644 index 00000000000..23485fbcb18 --- /dev/null +++ b/spec/lib/omni_auth/strategies/jwt_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::Jwt do + include Rack::Test::Methods + include DeviseHelpers + + context '.decoded' do + let(:strategy) { described_class.new({}) } + let(:timestamp) { Time.now.to_i } + let(:jwt_config) { Devise.omniauth_configs[:jwt] } + let(:key) { JWT.encode(claims, jwt_config.strategy.secret) } + + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp + } + end + + before do + allow_any_instance_of(OmniAuth::Strategy).to receive(:options).and_return(jwt_config.strategy) + allow_any_instance_of(Rack::Request).to receive(:params).and_return({ 'jwt' => key }) + end + + it 'decodes the user information' do + result = strategy.decoded + + expect(result["id"]).to eq(123) + expect(result["name"]).to eq("user_example") + expect(result["email"]).to eq("user@example.com") + expect(result["iat"]).to eq(timestamp) + end + + context 'required claims is missing' do + let(:claims) do + { + id: 123, + email: "user@example.com", + iat: timestamp + } + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when valid_within is specified but iat attribute is missing in response' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com" + } + end + + before do + jwt_config.strategy.valid_within = Time.now.to_i + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + + context 'when timestamp claim is too skewed from present' do + let(:claims) do + { + id: 123, + name: "user_example", + email: "user@example.com", + iat: timestamp - 10.minutes.to_i + } + end + + before do + jwt_config.strategy.valid_within = 2.seconds + end + + it 'raises error' do + expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid) + end + end + end +end |