require 'spec_helper' require 'yaml' describe SoarAuthenticationToken::TokenValidator do before :all do @test_store = AuthTokenStoreProvider::StubClient.new keypair_generator = SoarAuthenticationToken::KeypairGenerator.new @valid_private_key, @valid_public_key = keypair_generator.generate @invalid_private_key, @invalid_public_key = keypair_generator.generate @test_identifier = 'a@b.co.za' @local_valid_generator_configuration = { 'mode' => 'local', 'private_key' => @valid_private_key } @local_invalid_generator_configuration = { 'mode' => 'local', 'private_key' => @invalid_private_key } @local_validator_configuration = { 'mode' => 'local', 'public_key' => @valid_public_key } @remote_generator_configuration = { 'mode' => 'remote', 'generator-url' => 'http://authentication-token-generator-service:9393/generate', } @remote_validator_configuration = { 'mode' => 'remote', 'validator-url' => 'http://authentication-token-validator-service:9393/validate' } @local_valid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_valid_generator_configuration) @local_valid_generator.inject_store_provider(@test_store) @local_invalid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_invalid_generator_configuration) @local_invalid_generator.inject_store_provider(@test_store) @remote_generator = SoarAuthenticationToken::TokenGenerator.new(@remote_generator_configuration) end before :each do @iut_local = SoarAuthenticationToken::TokenValidator.new(@local_validator_configuration) @iut_local.inject_store_provider(@test_store) @iut_remote = SoarAuthenticationToken::TokenValidator.new(@remote_validator_configuration) end after :each do end it 'has a version number' do expect(SoarAuthenticationToken::VERSION).not_to be nil end context "when validating a token locally using the configured public key" do it 'should indicate valid if the token is valid' do token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_local.validate(authentication_token: token) expect(token_validity).to eq true end it 'should indicate invalid if the token is invalid' do token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_local.validate(authentication_token: token) expect(token_validity).to eq false end it 'should provide the authenticated_identifier if the token is valid' do token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_local.validate(authentication_token: token) expect(token_meta['authenticated_identifier']).to eq @test_identifier end it 'should not provide the authenticated_identifier if the token is invalid' do token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_local.validate(authentication_token: token) expect(token_meta).to eq nil end it 'should indicate as invalid tokens that are older than the configured expiry time' do #TODO #expect(true).to eq false end it 'should indicate as valid tokens that are not older than the configured expiry time' do #TODO #expect(true).to eq false end end context "when validating a token remotely using the configured url" do it 'should indicate valid if the token is valid' do token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_remote.validate(authentication_token: token) expect(token_validity).to eq true end it 'should indicate invalid if the token is invalid' do token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_remote.validate(authentication_token: token) expect(token_validity).to eq false end it 'should provide the authenticated_identifier if the token is valid' do token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_remote.validate(authentication_token: token) expect(token_meta['authenticated_identifier']).to eq @test_identifier end it 'should not provide the authenticated_identifier if the token is invalid' do token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier) token_validity, token_meta = @iut_remote.validate(authentication_token: token) expect(token_meta).to eq nil end it 'should indicate as invalid tokens that are older than the configured expiry time' do #TODO #expect(true).to eq false end it 'should indicate as valid tokens that are not older than the configured expiry time' do #TODO #expect(true).to eq false end end end