diff options
author | Michael Klishin <mklishin@pivotal.io> | 2018-07-19 22:20:57 +0300 |
---|---|---|
committer | Michael Klishin <mklishin@pivotal.io> | 2018-07-19 22:20:57 +0300 |
commit | f0178d77293a93a89d19e23576648961077c2966 (patch) | |
tree | 694ec2186be62a0720f04bcc984203125c53a386 /deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl | |
parent | 5b002c5eab351e3f12617ee00c04ea9d0cb7384a (diff) | |
download | rabbitmq-server-git-f0178d77293a93a89d19e23576648961077c2966.tar.gz |
rabbitmq_auth_backend_uaa => rabbitmq_auth_backend_oauth2
"OAuth 2" is many things but it's still more descriptive, open-ended and easier
to find than "uaa" (too tool-specific) or "jwt" (too narrow, not known widely enough).
Per discussion with @hairyhum @kjnilsson.
Diffstat (limited to 'deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl')
-rw-r--r-- | deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl new file mode 100644 index 0000000000..0213186e3f --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_auth_backend_oauth2_test_util.erl @@ -0,0 +1,85 @@ +-module(rabbit_auth_backend_oauth2_test_util). + +-compile(export_all). + +-define(EXPIRATION_TIME, 2000). + +%% +%% API +%% + +sign_token_hs(Token, #{<<"kid">> := TokenKey} = Jwk) -> + sign_token_hs(Token, Jwk, TokenKey). + +sign_token_hs(Token, Jwk, TokenKey) -> + Jws = #{ + <<"alg">> => <<"HS256">>, + <<"kid">> => TokenKey + }, + sign_token(Token, Jwk, Jws). + +sign_token_rsa(Token, Jwk, TokenKey) -> + Jws = #{ + <<"alg">> => <<"RS256">>, + <<"kid">> => TokenKey + }, + sign_token(Token, Jwk, Jws). + +sign_token_no_kid(Token, Jwk) -> + Signed = jose_jwt:sign(Jwk, Token), + jose_jws:compact(Signed). + +sign_token(Token, Jwk, Jws) -> + Signed = jose_jwt:sign(Jwk, Jws, Token), + jose_jws:compact(Signed). + +fixture_jwk() -> + #{<<"alg">> => <<"HS256">>, + <<"k">> => <<"dG9rZW5rZXk">>, + <<"kid">> => <<"token-key">>, + <<"kty">> => <<"oct">>, + <<"use">> => <<"sig">>, + <<"value">> => <<"tokenkey">>}. + +full_permission_scopes() -> + [<<"rabbitmq.configure:*/*">>, + <<"rabbitmq.write:*/*">>, + <<"rabbitmq.read:*/*">>]. + +expirable_token() -> + TokenPayload = fixture_token(), + TokenPayload#{<<"exp">> := os:system_time(seconds) + timer:seconds(?EXPIRATION_TIME)}. + +wait_for_token_to_expire() -> + timer:sleep(?EXPIRATION_TIME). + +expired_token() -> + expired_token_with_scopes(full_permission_scopes()). + +expired_token_with_scopes(Scopes) -> + token_with_scopes_and_expiration(Scopes, os:system_time(seconds) - timer:seconds(10)). + +fixture_token_with_scopes(Scopes) -> + token_with_scopes_and_expiration(Scopes, os:system_time(seconds) + timer:seconds(10)). + +token_with_scopes_and_expiration(Scopes, Expiration) -> + #{<<"exp">> => Expiration, + <<"kid">> => <<"token-key">>, + <<"iss">> => <<"unit_test">>, + <<"foo">> => <<"bar">>, + <<"aud">> => [<<"rabbitmq">>], + <<"scope">> => Scopes}. + +fixture_token() -> + fixture_token([]). + +fixture_token(ExtraScopes) -> + Scopes = [<<"rabbitmq.configure:vhost/foo">>, + <<"rabbitmq.write:vhost/foo">>, + <<"rabbitmq.read:vhost/foo">>, + <<"rabbitmq.read:vhost/bar">>, + <<"rabbitmq.read:vhost/bar/%23%2Ffoo">>] ++ ExtraScopes, + fixture_token_with_scopes(Scopes). + +fixture_token_with_full_permissions() -> + fixture_token_with_scopes(full_permission_scopes()). |