fix: fix observable
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
import { TestBed } from '@/testing';
|
||||
import { base64url } from 'rfc4648';
|
||||
import { vi } from 'vitest';
|
||||
import { CryptoService } from '../utils/crypto/crypto.service';
|
||||
import { JwkWindowCryptoService } from './jwk-window-crypto.service';
|
||||
|
||||
@@ -42,9 +41,6 @@ describe('JwkWindowCryptoService', () => {
|
||||
imports: [],
|
||||
providers: [JwkWindowCryptoService, CryptoService],
|
||||
});
|
||||
});
|
||||
|
||||
beforeEach(async () => {
|
||||
service = TestBed.inject(JwkWindowCryptoService);
|
||||
});
|
||||
|
||||
@@ -53,22 +49,21 @@ describe('JwkWindowCryptoService', () => {
|
||||
});
|
||||
|
||||
describe('importVerificationKey', () => {
|
||||
it('returns instance of CryptoKey when valid input is provided', (done) => {
|
||||
it('returns instance of CryptoKey when valid input is provided', async () => {
|
||||
const promises = keys.map((key) =>
|
||||
service.importVerificationKey(key, alg)
|
||||
);
|
||||
|
||||
Promise.all(promises).then((values) => {
|
||||
values.forEach((value) => {
|
||||
for (const value of values) {
|
||||
expect(value).toBeInstanceOf(CryptoKey);
|
||||
});
|
||||
done();
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('verifyKey', () => {
|
||||
it('returns true when valid input is provided', (done) => {
|
||||
it('returns true when valid input is provided', async () => {
|
||||
const headerAndPayloadString =
|
||||
'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0';
|
||||
const signatureString =
|
||||
@@ -77,17 +72,13 @@ describe('JwkWindowCryptoService', () => {
|
||||
loose: true,
|
||||
});
|
||||
|
||||
service
|
||||
const value = await service
|
||||
.importVerificationKey(key3, alg)
|
||||
.then((c) =>
|
||||
service.verifyKey(alg, c, signature, headerAndPayloadString)
|
||||
)
|
||||
.then((value) => {
|
||||
expect(value).toEqual(true);
|
||||
})
|
||||
.finally(() => {
|
||||
done();
|
||||
});
|
||||
);
|
||||
|
||||
expect(value).toEqual(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -28,9 +28,8 @@ describe('JwtWindowCryptoService', () => {
|
||||
'44445543344242132145455aaabbdc3b4'
|
||||
);
|
||||
|
||||
observable.subscribe((value) => {
|
||||
expect(value).toBe(outcome);
|
||||
});
|
||||
const value = await lastValueFrom(observable);
|
||||
expect(value).toBe(outcome);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -693,9 +693,8 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
isValidObs$.subscribe((isValid) => {
|
||||
expect(isValid.authResponseIsValid).toBe(false);
|
||||
});
|
||||
const isValid = await lastValueFrom(isValidObs$);
|
||||
expect(isValid.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid context error', async () => {
|
||||
@@ -730,9 +729,8 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
isValidObs$.subscribe((isValid) => {
|
||||
expect(isValid.authResponseIsValid).toBe(false);
|
||||
});
|
||||
const isValid = await lastValueFrom(isValidObs$);
|
||||
expect(isValid.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenExpNotExpired is false', async () => {
|
||||
@@ -826,16 +824,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback id token expired'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateStateFromHashCallback is false', async () => {
|
||||
@@ -879,16 +876,15 @@ describe('State Validation Service', () => {
|
||||
tokenValidationService.validateStateFromHashCallback
|
||||
).toHaveBeenCalled();
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect state'
|
||||
);
|
||||
expect(state.accessToken).toBe('');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
expect(state.decodedIdToken).toBeDefined();
|
||||
expect(state.idToken).toBe('');
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('');;
|
||||
expect(state.authResponseIsValid).toBe(false);;
|
||||
expect(state.decodedIdToken).toBeDefined();;
|
||||
expect(state.idToken).toBe('');
|
||||
});
|
||||
|
||||
it('access_token should equal result.access_token and is valid if response_type is "id_token token"', async () => {
|
||||
@@ -977,12 +973,11 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateSignatureIdToken is false', async () => {
|
||||
@@ -1031,17 +1026,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logDebugSpy).toBeCalledWith([
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logDebugSpy).toBeCalledWith([
|
||||
[config, 'authCallback Signature validation failed id_token'],
|
||||
[config, 'authCallback token(s) invalid'],
|
||||
]);
|
||||
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
]);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenNonce is false', async () => {
|
||||
@@ -1093,16 +1086,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect nonce, did you call the checkAuth() method multiple times?'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateRequiredIdToken is false', async () => {
|
||||
@@ -1162,20 +1154,19 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
config,
|
||||
'authCallback Validation, one of the REQUIRED properties missing from id_token'
|
||||
);
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
);;
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
config,
|
||||
'authCallback token(s) invalid'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenIatMaxOffset is false', async () => {
|
||||
@@ -1238,16 +1229,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback Validation, iat rejected id_token was issued too far away from the current time'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenIss is false and has authWellKnownEndPoints', async () => {
|
||||
@@ -1317,16 +1307,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect iss does not match authWellKnownEndpoints issuer'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenIss is false and has no authWellKnownEndPoints', async () => {
|
||||
@@ -1384,18 +1373,16 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authWellKnownEndpoints is undefined'
|
||||
);
|
||||
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
expect(state.state).toBe(ValidationResult.NoAuthWellKnownEndPoints);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);;
|
||||
expect(state.state).toBe(ValidationResult.NoAuthWellKnownEndPoints);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenAud is false', async () => {
|
||||
@@ -1463,16 +1450,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect aud'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenAzpExistsIfMoreThanOneAud is false', async () => {
|
||||
@@ -1544,17 +1530,16 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback missing azp'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
expect(state.state).toBe(ValidationResult.IncorrectAzp);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);;
|
||||
expect(state.state).toBe(ValidationResult.IncorrectAzp);
|
||||
});
|
||||
|
||||
it('should return invalid result if validateIdTokenAzpValid is false', async () => {
|
||||
@@ -1630,17 +1615,16 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect azp'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
expect(state.state).toBe(ValidationResult.IncorrectAzp);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);;
|
||||
expect(state.state).toBe(ValidationResult.IncorrectAzp);
|
||||
});
|
||||
|
||||
it('should return invalid result if isIdTokenAfterRefreshTokenRequestValid is false', async () => {
|
||||
@@ -1720,19 +1704,18 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback pre, post id_token claims do not match in refresh'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
expect(state.state).toBe(
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);;
|
||||
expect(state.state).toBe(
|
||||
ValidationResult.IncorrectIdTokenClaimsAfterRefresh
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
it('Reponse is valid if authConfiguration.response_type does not equal "id_token token"', async () => {
|
||||
@@ -1824,20 +1807,19 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
config,
|
||||
'authCallback token(s) validated, continue'
|
||||
);
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
);;
|
||||
expect(logDebugSpy).toHaveBeenCalledWith(
|
||||
config,
|
||||
'authCallback token(s) invalid'
|
||||
);
|
||||
expect(state.accessToken).toBe('');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
|
||||
it('Response is invalid if validateIdTokenAtHash is false', async () => {
|
||||
@@ -1930,16 +1912,15 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logWarningSpy).toHaveBeenCalledExactlyOnceWith(
|
||||
config,
|
||||
'authCallback incorrect at_hash'
|
||||
);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('id_tokenTEST');;
|
||||
expect(state.decodedIdToken).toBe('decoded_id_token');;
|
||||
expect(state.authResponseIsValid).toBe(false);
|
||||
});
|
||||
|
||||
it('should return valid result if validateIdTokenIss is false and iss_validation_off is true', async () => {
|
||||
@@ -2028,17 +2009,16 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(logDebugSpy).toBeCalledWith([
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(logDebugSpy).toBeCalledWith([
|
||||
[config, 'iss validation is turned off, this is not recommended!'],
|
||||
[config, 'authCallback token(s) validated, continue'],
|
||||
]);
|
||||
expect(state.state).toBe(ValidationResult.Ok);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
expect(state.decodedIdToken).toBeDefined();
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
});
|
||||
]);;
|
||||
expect(state.state).toBe(ValidationResult.Ok);;
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.authResponseIsValid).toBe(true);;
|
||||
expect(state.decodedIdToken).toBeDefined();;
|
||||
expect(state.idToken).toBe('id_tokenTEST');
|
||||
});
|
||||
|
||||
it('should return valid if there is no id_token', async () => {
|
||||
@@ -2114,12 +2094,11 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
stateObs$.subscribe((state) => {
|
||||
expect(state.accessToken).toBe('access_tokenTEST');
|
||||
expect(state.idToken).toBe('');
|
||||
expect(state.decodedIdToken).toBeDefined();
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
const state = await lastValueFrom(stateObs$);
|
||||
expect(state.accessToken).toBe('access_tokenTEST');;
|
||||
expect(state.idToken).toBe('');;
|
||||
expect(state.decodedIdToken).toBeDefined();;
|
||||
expect(state.authResponseIsValid).toBe(true);
|
||||
});
|
||||
|
||||
it('should return OK if disableIdTokenValidation is true', async () => {
|
||||
@@ -2154,10 +2133,9 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
isValidObs$.subscribe((isValid) => {
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
const isValid = await lastValueFrom(isValidObs$);
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);;
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
|
||||
it('should return OK if disableIdTokenValidation is true', async () => {
|
||||
@@ -2192,10 +2170,9 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
isValidObs$.subscribe((isValid) => {
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
const isValid = await lastValueFrom(isValidObs$);
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);;
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
|
||||
it('should return OK if disableIdTokenValidation is false but inrefreshtokenflow and no id token is returned', async () => {
|
||||
@@ -2230,10 +2207,9 @@ describe('State Validation Service', () => {
|
||||
config
|
||||
);
|
||||
|
||||
isValidObs$.subscribe((isValid) => {
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
const isValid = await lastValueFrom(isValidObs$);
|
||||
expect(isValid.state).toBe(ValidationResult.Ok);;
|
||||
expect(isValid.authResponseIsValid).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -28,9 +28,6 @@ describe('TokenValidationService', () => {
|
||||
CryptoService,
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
tokenValidationService = TestBed.inject(TokenValidationService);
|
||||
tokenHelperService = TestBed.inject(TokenHelperService);
|
||||
jwtWindowCryptoService = TestBed.inject(JwtWindowCryptoService);
|
||||
@@ -506,9 +503,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns true if no idToken is passed', async () => {
|
||||
@@ -518,9 +514,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(true);
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(true);
|
||||
});
|
||||
|
||||
it('returns false if jwtkeys has no keys-property', async () => {
|
||||
@@ -530,9 +525,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns false if header data has no header data', async () => {
|
||||
@@ -548,9 +542,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns false if header data alg property does not exist in keyalgorithms', async () => {
|
||||
@@ -568,12 +561,11 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns false if header data has kid property and jwtKeys has same kid property but they are not valid with the token', (done) => {
|
||||
it('returns false if header data has kid property and jwtKeys has same kid property but they are not valid with the token', async () => {
|
||||
const kid = '5626CE6A8F4F5FCD79C6642345282CA76D337548';
|
||||
|
||||
vi.spyOn(tokenHelperService, 'getHeaderFromToken').mockReturnValue({
|
||||
@@ -605,13 +597,11 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueFalse$.subscribe((valueFalse) => {
|
||||
expect(valueFalse).toEqual(false);
|
||||
done();
|
||||
});
|
||||
const valueFalse = await lastValueFrom(valueFalse$);
|
||||
expect(valueFalse).toEqual(false);
|
||||
});
|
||||
|
||||
it('should return true if valid input is provided', (done) => {
|
||||
it('should return true if valid input is provided', async () => {
|
||||
const idToken =
|
||||
'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tIiwic3ViIjoiMTIzNDU2IiwiYXVkIjoibXlfY2xpZW50X2lkIiwiZXhwIjoxMzExMjgxOTcwLCJpYXQiOjEzMTEyODA5NzAsIm5hbWUiOiJKYW5lIERvZSIsImdpdmVuX25hbWUiOiJKYW5lIiwiZmFtaWx5X25hbWUiOiJEb2UiLCJiaXJ0aGRhdGUiOiIxOTkwLTEwLTMxIiwiZW1haWwiOiJqYW5lZG9lQGV4YW1wbGUuY29tIiwicGljdHVyZSI6Imh0dHBzOi8vZXhhbXBsZS5jb20vamFuZWRvZS9tZS5qcGcifQ.SY0ilps7yKYmYCc41zNOatfmAFhOtDYwuIT80qrHMl_4FEO2WFWSv-aDl4QfTSKY9A6MMP6xy0Z_8Kk7NeRwIV7FVScMLnPvVzs9pxza0e_rl6hmZLb5P5n4AEINwn46X9XmRB5W3EZO_x2LG65_g3NZFiPrzOC1Fs_6taJl7TfI8lOveYDoJyXCWYQMS3Oh5MM9S8W-Hc29_qJLH-kixm1S01qoICRPDGMRwhtAu1DHjwWQp9Ycfz6g3uyb7N1imBvI49t1CwWy02_mQ3g-7e7bOP1Ax2kgrwnJgsVBDULnyCZG9PE8T0CHZl_fErZtvbJJ0jdoZ1fyr48906am2w';
|
||||
const idTokenParts = idToken.split('.');
|
||||
@@ -644,15 +634,13 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
valueTrue$.subscribe((valueTrue) => {
|
||||
expect(valueTrue).toEqual(true);
|
||||
done();
|
||||
});
|
||||
const valueTrue = await lastValueFrom(valueTrue$);
|
||||
expect(valueTrue).toEqual(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe('validateIdTokenAtHash', () => {
|
||||
it('returns true if sha is sha256 and generated hash equals atHash param', (done) => {
|
||||
it('returns true if sha is sha256 and generated hash equals atHash param', async () => {
|
||||
const accessToken = 'iGU3DhbPoDljiYtr0oepxi7zpT8BsjdU7aaXcdq-DPk';
|
||||
const atHash = '-ODC_7Go_UIUTC8nP4k2cA';
|
||||
|
||||
@@ -663,10 +651,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
result$.subscribe((result) => {
|
||||
expect(result).toEqual(true);
|
||||
done();
|
||||
});
|
||||
const result = await lastValueFrom(result$);
|
||||
expect(result).toEqual(true);
|
||||
});
|
||||
|
||||
it('returns false if sha is sha256 and generated hash does not equal atHash param', async () => {
|
||||
@@ -686,15 +672,14 @@ describe('TokenValidationService', () => {
|
||||
expect(result).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns true if sha is sha256 and generated hash does equal atHash param', (done) => {
|
||||
it('returns true if sha is sha256 and generated hash does equal atHash param', async () => {
|
||||
const accessToken =
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE1ODkyMTAwODYsIm5iZiI6MTU4OTIwNjQ4NiwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kYW1pZW5ib2QuYjJjbG9naW4uY29tL2EwOTU4ZjQ1LTE5NWItNDAzNi05MjU5LWRlMmY3ZTU5NGRiNi92Mi4wLyIsInN1YiI6ImY4MzZmMzgwLTNjNjQtNDgwMi04ZGJjLTAxMTk4MWMwNjhmNSIsImF1ZCI6ImYxOTM0YTZlLTk1OGQtNDE5OC05ZjM2LTYxMjdjZmM0Y2RiMyIsIm5vbmNlIjoiMDA3YzQxNTNiNmEwNTE3YzBlNDk3NDc2ZmIyNDk5NDhlYzVjbE92UVEiLCJpYXQiOjE1ODkyMDY0ODYsImF1dGhfdGltZSI6MTU4OTIwNjQ4NiwibmFtZSI6ImRhbWllbmJvZCIsImVtYWlscyI6WyJkYW1pZW5AZGFtaWVuYm9kLm9ubWljcm9zb2Z0LmNvbSJdLCJ0ZnAiOiJCMkNfMV9iMmNwb2xpY3lkYW1pZW4iLCJhdF9oYXNoIjoiWmswZktKU19wWWhPcE04SUJhMTJmdyJ9.E5Z-0kOzNU7LBkeVHHMyNoER8TUapGzUUfXmW6gVu4v6QMM5fQ4sJ7KC8PHh8lBFYiCnaDiTtpn3QytUwjXEFnLDAX5qcZT1aPoEgL_OmZMC-8y-4GyHp35l7VFD4iNYM9fJmLE8SYHTVl7eWPlXSyz37Ip0ciiV0Fd6eoksD_aVc-hkIqngDfE4fR8ZKfv4yLTNN_SfknFfuJbZ56yN-zIBL4GkuHsbQCBYpjtWQ62v98p1jO7NhHKV5JP2ec_Ge6oYc_bKTrE6OIX38RJ2rIm7zU16mtdjnl_350Nw3ytHcTPnA1VpP_VLElCfe83jr5aDHc_UQRYaAcWlOgvmVg';
|
||||
const atHash = 'good';
|
||||
|
||||
vi.spyOn(jwtWindowCryptoService, 'generateAtHash').mockReturnValues(
|
||||
of('notEqualsGood'),
|
||||
of('good')
|
||||
);
|
||||
vi.spyOn(jwtWindowCryptoService, 'generateAtHash')
|
||||
.mockReturnValueOnce(of('notEqualsGood'))
|
||||
.mockReturnValueOnce(of('good'));
|
||||
|
||||
const result$ = tokenValidationService.validateIdTokenAtHash(
|
||||
accessToken,
|
||||
@@ -703,13 +688,11 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
result$.subscribe((result) => {
|
||||
expect(result).toEqual(true);
|
||||
done();
|
||||
});
|
||||
const result = await lastValueFrom(result$);
|
||||
expect(result).toEqual(true);
|
||||
});
|
||||
|
||||
it('returns false if sha is sha384 and generated hash does not equal atHash param', (done) => {
|
||||
it('returns false if sha is sha384 and generated hash does not equal atHash param', async () => {
|
||||
const accessToken =
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE1ODkyMTAwODYsIm5iZiI6MTU4OTIwNjQ4NiwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kYW1pZW5ib2QuYjJjbG9naW4uY29tL2EwOTU4ZjQ1LTE5NWItNDAzNi05MjU5LWRlMmY3ZTU5NGRiNi92Mi4wLyIsInN1YiI6ImY4MzZmMzgwLTNjNjQtNDgwMi04ZGJjLTAxMTk4MWMwNjhmNSIsImF1ZCI6ImYxOTM0YTZlLTk1OGQtNDE5OC05ZjM2LTYxMjdjZmM0Y2RiMyIsIm5vbmNlIjoiMDA3YzQxNTNiNmEwNTE3YzBlNDk3NDc2ZmIyNDk5NDhlYzVjbE92UVEiLCJpYXQiOjE1ODkyMDY0ODYsImF1dGhfdGltZSI6MTU4OTIwNjQ4NiwibmFtZSI6ImRhbWllbmJvZCIsImVtYWlscyI6WyJkYW1pZW5AZGFtaWVuYm9kLm9ubWljcm9zb2Z0LmNvbSJdLCJ0ZnAiOiJCMkNfMV9iMmNwb2xpY3lkYW1pZW4iLCJhdF9oYXNoIjoiWmswZktKU19wWWhPcE04SUJhMTJmdyJ9.E5Z-0kOzNU7LBkeVHHMyNoER8TUapGzUUfXmW6gVu4v6QMM5fQ4sJ7KC8PHh8lBFYiCnaDiTtpn3QytUwjXEFnLDAX5qcZT1aPoEgL_OmZMC-8y-4GyHp35l7VFD4iNYM9fJmLE8SYHTVl7eWPlXSyz37Ip0ciiV0Fd6eoksD_aVc-hkIqngDfE4fR8ZKfv4yLTNN_SfknFfuJbZ56yN-zIBL4GkuHsbQCBYpjtWQ62v98p1jO7NhHKV5JP2ec_Ge6oYc_bKTrE6OIX38RJ2rIm7zU16mtdjnl_350Nw3ytHcTPnA1VpP_VLElCfe83jr5aDHc_UQRYaAcWlOgvmVg';
|
||||
const atHash = 'bad';
|
||||
@@ -721,13 +704,11 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
result$.subscribe((result) => {
|
||||
expect(result).toEqual(false);
|
||||
done();
|
||||
});
|
||||
const result = await lastValueFrom(result$);
|
||||
expect(result).toEqual(false);
|
||||
});
|
||||
|
||||
it('returns false if sha is sha512 and generated hash does not equal atHash param', (done) => {
|
||||
it('returns false if sha is sha512 and generated hash does not equal atHash param', async () => {
|
||||
const accessToken =
|
||||
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE1ODkyMTAwODYsIm5iZiI6MTU4OTIwNjQ4NiwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kYW1pZW5ib2QuYjJjbG9naW4uY29tL2EwOTU4ZjQ1LTE5NWItNDAzNi05MjU5LWRlMmY3ZTU5NGRiNi92Mi4wLyIsInN1YiI6ImY4MzZmMzgwLTNjNjQtNDgwMi04ZGJjLTAxMTk4MWMwNjhmNSIsImF1ZCI6ImYxOTM0YTZlLTk1OGQtNDE5OC05ZjM2LTYxMjdjZmM0Y2RiMyIsIm5vbmNlIjoiMDA3YzQxNTNiNmEwNTE3YzBlNDk3NDc2ZmIyNDk5NDhlYzVjbE92UVEiLCJpYXQiOjE1ODkyMDY0ODYsImF1dGhfdGltZSI6MTU4OTIwNjQ4NiwibmFtZSI6ImRhbWllbmJvZCIsImVtYWlscyI6WyJkYW1pZW5AZGFtaWVuYm9kLm9ubWljcm9zb2Z0LmNvbSJdLCJ0ZnAiOiJCMkNfMV9iMmNwb2xpY3lkYW1pZW4iLCJhdF9oYXNoIjoiWmswZktKU19wWWhPcE04SUJhMTJmdyJ9.E5Z-0kOzNU7LBkeVHHMyNoER8TUapGzUUfXmW6gVu4v6QMM5fQ4sJ7KC8PHh8lBFYiCnaDiTtpn3QytUwjXEFnLDAX5qcZT1aPoEgL_OmZMC-8y-4GyHp35l7VFD4iNYM9fJmLE8SYHTVl7eWPlXSyz37Ip0ciiV0Fd6eoksD_aVc-hkIqngDfE4fR8ZKfv4yLTNN_SfknFfuJbZ56yN-zIBL4GkuHsbQCBYpjtWQ62v98p1jO7NhHKV5JP2ec_Ge6oYc_bKTrE6OIX38RJ2rIm7zU16mtdjnl_350Nw3ytHcTPnA1VpP_VLElCfe83jr5aDHc_UQRYaAcWlOgvmVg';
|
||||
const atHash = 'bad';
|
||||
@@ -739,10 +720,8 @@ describe('TokenValidationService', () => {
|
||||
{ configId: 'configId1' }
|
||||
);
|
||||
|
||||
result$.subscribe((result) => {
|
||||
expect(result).toEqual(false);
|
||||
done();
|
||||
});
|
||||
const result = await lastValueFrom(result$);
|
||||
expect(result).toEqual(false);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -817,8 +796,8 @@ describe('TokenValidationService', () => {
|
||||
},
|
||||
];
|
||||
|
||||
testCases.forEach(({ date, offsetSeconds, expectedResult }) => {
|
||||
it(`returns ${expectedResult} if ${date} is given with an offset of ${offsetSeconds}`, () => {
|
||||
for (const { date, offsetSeconds, expectedResult } of testCases) {
|
||||
it(`returns $expectedResultif ${date} is given with an offset of $offsetSeconds`, () => {
|
||||
const notExpired = tokenValidationService.validateAccessTokenNotExpired(
|
||||
date as Date,
|
||||
{ configId: 'configId1' },
|
||||
@@ -827,7 +806,7 @@ describe('TokenValidationService', () => {
|
||||
|
||||
expect(notExpired).toEqual(expectedResult);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
describe('hasIdTokenExpired', () => {
|
||||
|
||||
Reference in New Issue
Block a user