blob: 5c92bb3b0d465a2e6e24523240a0eeb45fb998a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# frozen_string_literal: true
RSpec.shared_examples 'a gitlab jwt token' do
let_it_be(:base_secret) { SecureRandom.base64(64) }
let(:jwt_secret) do
OpenSSL::HMAC.hexdigest(
'SHA256',
base_secret,
described_class::HMAC_KEY
)
end
before do
allow(Settings).to receive(:attr_encrypted_db_key_base).and_return(base_secret)
end
describe '#secret' do
subject { described_class.secret }
it { is_expected.to eq(jwt_secret) }
end
describe '#decode' do
let(:encoded_jwt_token) { jwt_token.encoded }
subject(:decoded_jwt_token) { described_class.decode(encoded_jwt_token) }
context 'with a custom payload' do
let(:personal_access_token) { create(:personal_access_token) }
let(:jwt_token) { described_class.new.tap { |jwt_token| jwt_token['token'] = personal_access_token.token } }
it 'returns the correct token' do
expect(decoded_jwt_token['token']).to eq jwt_token['token']
end
it 'returns nil and logs the exception after expiration' do
travel_to((described_class::HMAC_EXPIRES_IN + 1.minute).ago) do
encoded_jwt_token
end
expect(Gitlab::ErrorTracking).to receive(:track_exception)
.with(instance_of(JWT::ExpiredSignature))
expect(decoded_jwt_token).to be_nil
end
end
end
end
|
