mirror of
https://github.com/zhaofengli/attic.git
synced 2025-03-16 13:28:17 +00:00
token: Bring back HS256 test
This does make it decode the keys every iteration in the stability test, which isn't too much of an issue and can be fixed later.
This commit is contained in:
parent
5d6560e409
commit
0d2b20025e
1 changed files with 93 additions and 68 deletions
|
@ -27,6 +27,23 @@ fn test_basic() {
|
|||
}
|
||||
}
|
||||
*/
|
||||
|
||||
let tokens: &[(&str, Box<dyn Fn() -> Token>)] = &[
|
||||
(
|
||||
"hs256",
|
||||
Box::new(|| {
|
||||
// "very secure secret"
|
||||
let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0";
|
||||
let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
|
||||
|
||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MTY2NjA1ODksInN1YiI6Im1lb3cifQ.8vtxp_1OEYdcnkGPM4c9ORXooJZV7DOTS4NRkMKN8mw";
|
||||
|
||||
Token::from_jwt(token, &SignatureType::HS256(dec_key), &None, &None).unwrap()
|
||||
}),
|
||||
),
|
||||
(
|
||||
"rs256",
|
||||
Box::new(|| {
|
||||
// nix shell nixpkgs#jwt-cli
|
||||
// openssl genpkey -out rs256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform der
|
||||
// BASE64_SECRET=$(openssl rsa -in rs256 -outform PEM -traditional | base64 -w0)
|
||||
|
@ -37,6 +54,14 @@ fn test_basic() {
|
|||
// TOKEN=$(jq -c < json | jwt encode --alg RS256 --secret @./rs256 -)
|
||||
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MjIwMDUwNzksIm5iZiI6MCwic3ViIjoibWVvdyJ9.Zs24IUbQOpOjhEe0sfsoSSJhDrzf4v-_wX_ceKqHeb2MERY8XSIQ1RPTNVeOW4LfJHumJj_rxh8Wv2BRGZSMldrTt0Ab_N7FnkhA37_jnRvgvEjSG3V4fC8aA4KoOa-43NRpg4HmPxiXte5-6LneBOR94Wss868wC1b_2yX2zCc1wQoZA3LNo-CRLnL4Yp5wY4Bbgyguv_9mfqXVYZykZnxumyGwVFD-Rub3KQ9d53Rf9tKcvRk9qxO2q8F2PKjeaUBG2xZtGwkWTMvSmwR1dKtkPUyPggOzbLoUG-6fxfo7D3NyL5qWCSN_7CkI-xlsRSLY1gTq-FqXvcpHeZbc8w";
|
||||
|
||||
Token::from_jwt(token, &SignatureType::RS256(dec_key), &None, &None).unwrap()
|
||||
}),
|
||||
),
|
||||
];
|
||||
|
||||
for (name, decode) in tokens {
|
||||
eprintln!("Testing {name}");
|
||||
|
||||
// NOTE(cole-h): check that we get a consistent iteration order when getting permissions for
|
||||
// caches -- this depends on the order of the fields in the token, but should otherwise be
|
||||
// consistent between iterations
|
||||
|
@ -44,8 +69,7 @@ fn test_basic() {
|
|||
for _ in 0..=1_000 {
|
||||
// NOTE(cole-h): we construct a new Token every iteration in order to get different "random
|
||||
// state"
|
||||
let decoded =
|
||||
Token::from_jwt(token, &SignatureType::RS256(dec_key.clone()), &None, &None).unwrap();
|
||||
let decoded = decode();
|
||||
let perm_all_ci = decoded.get_permission_for_cache(&cache! { "all-ci-abc" });
|
||||
|
||||
// NOTE(cole-h): if the iteration order of the token is inconsistent, the permissions may be
|
||||
|
@ -60,7 +84,7 @@ fn test_basic() {
|
|||
"Iteration order should be consistent to prevent random auth failures (and successes)"
|
||||
);
|
||||
|
||||
let decoded = Token::from_jwt(token, &SignatureType::RS256(dec_key), &None, &None).unwrap();
|
||||
let decoded = decode();
|
||||
|
||||
let perm_rw = decoded.get_permission_for_cache(&cache! { "cache-rw" });
|
||||
|
||||
|
@ -101,4 +125,5 @@ fn test_basic() {
|
|||
assert!(!decoded
|
||||
.get_permission_for_cache(&cache! { "forbidden-cache" })
|
||||
.can_discover());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue