token: Bring back HS256 test

This does make it decode the keys every iteration in the stability
test, which isn't too much of an issue and can be fixed later.

token/src/tests.rs

@@ -27,6 +27,23 @@ fn test_basic() {
         }
       }
     */
+
+    let tokens: &[(&str, Box<dyn Fn() -> Token>)] = &[
+        (
+            "hs256",
+            Box::new(|| {
+                // "very secure secret"
+                let base64_secret = "dmVyeSBzZWN1cmUgc2VjcmV0";
+                let dec_key = decode_token_hs256_secret_base64(base64_secret).unwrap();
+
+                let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MTY2NjA1ODksInN1YiI6Im1lb3cifQ.8vtxp_1OEYdcnkGPM4c9ORXooJZV7DOTS4NRkMKN8mw";
+
+                Token::from_jwt(token, &SignatureType::HS256(dec_key), &None, &None).unwrap()
+            }),
+        ),
+        (
+            "rs256",
+            Box::new(|| {
                 // nix shell nixpkgs#jwt-cli
                 // openssl genpkey -out rs256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform der
                 // BASE64_SECRET=$(openssl rsa -in rs256 -outform PEM -traditional | base64 -w0)
@@ -37,6 +54,14 @@ fn test_basic() {
                 // TOKEN=$(jq -c < json | jwt encode --alg RS256 --secret @./rs256 -)
                 let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjQxMDIzMjQ5ODYsImh0dHBzOi8vand0LmF0dGljLnJzL3YxIjp7ImNhY2hlcyI6eyJhbGwtKiI6eyJyIjoxfSwiYWxsLWNpLSoiOnsidyI6MX0sImNhY2hlLXJvIjp7InIiOjF9LCJjYWNoZS1ydyI6eyJyIjoxLCJ3IjoxfSwidGVhbS0qIjp7ImNjIjoxLCJyIjoxLCJ3IjoxfX19LCJpYXQiOjE3MjIwMDUwNzksIm5iZiI6MCwic3ViIjoibWVvdyJ9.Zs24IUbQOpOjhEe0sfsoSSJhDrzf4v-_wX_ceKqHeb2MERY8XSIQ1RPTNVeOW4LfJHumJj_rxh8Wv2BRGZSMldrTt0Ab_N7FnkhA37_jnRvgvEjSG3V4fC8aA4KoOa-43NRpg4HmPxiXte5-6LneBOR94Wss868wC1b_2yX2zCc1wQoZA3LNo-CRLnL4Yp5wY4Bbgyguv_9mfqXVYZykZnxumyGwVFD-Rub3KQ9d53Rf9tKcvRk9qxO2q8F2PKjeaUBG2xZtGwkWTMvSmwR1dKtkPUyPggOzbLoUG-6fxfo7D3NyL5qWCSN_7CkI-xlsRSLY1gTq-FqXvcpHeZbc8w";
 
+                Token::from_jwt(token, &SignatureType::RS256(dec_key), &None, &None).unwrap()
+            }),
+        ),
+    ];
+
+    for (name, decode) in tokens {
+        eprintln!("Testing {name}");
+
         // NOTE(cole-h): check that we get a consistent iteration order when getting permissions for
         // caches -- this depends on the order of the fields in the token, but should otherwise be
         // consistent between iterations
@@ -44,8 +69,7 @@ fn test_basic() {
         for _ in 0..=1_000 {
             // NOTE(cole-h): we construct a new Token every iteration in order to get different "random
             // state"
-        let decoded =
-            Token::from_jwt(token, &SignatureType::RS256(dec_key.clone()), &None, &None).unwrap();
+            let decoded = decode();
             let perm_all_ci = decoded.get_permission_for_cache(&cache! { "all-ci-abc" });
 
             // NOTE(cole-h): if the iteration order of the token is inconsistent, the permissions may be
@@ -60,7 +84,7 @@ fn test_basic() {
             "Iteration order should be consistent to prevent random auth failures (and successes)"
         );
 
-    let decoded = Token::from_jwt(token, &SignatureType::RS256(dec_key), &None, &None).unwrap();
+        let decoded = decode();
 
         let perm_rw = decoded.get_permission_for_cache(&cache! { "cache-rw" });
 
@@ -101,4 +125,5 @@ fn test_basic() {
         assert!(!decoded
             .get_permission_for_cache(&cache! { "forbidden-cache" })
             .can_discover());
+    }
 }