require 'spec_helper' require 'yaml' describe SoarAuthenticationToken::RemoteTokenValidator do subject { SoarAuthenticationToken::RemoteTokenValidator } before :all do @test_store = AuthTokenStoreProvider::StubClient.new keypair_generator = SoarAuthenticationToken::KeypairGenerator.new @valid_private_key, @valid_public_key = keypair_generator.generate @invalid_private_key, @invalid_public_key = keypair_generator.generate @test_identifier = 'a@b.co.za' @local_invalid_generator_configuration = { 'provider' => 'SoarAuthenticationToken::JwtTokenGenerator', 'private_key' => @invalid_private_key } @remote_generator_configuration = { 'provider' => 'SoarAuthenticationToken::RemoteTokenGenerator', 'generator-url' => 'http://authentication-token-generator-service:9393/generate', 'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service' } @remote_validator_configuration = { 'provider' => 'SoarAuthenticationToken::RemoteTokenValidator', 'validator-url' => 'http://authentication-token-validator-service:9393/validate', 'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service' } @local_invalid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_invalid_generator_configuration) @local_invalid_generator.inject_store_provider(@test_store) @remote_generator = SoarAuthenticationToken::TokenGenerator.new(@remote_generator_configuration) end it 'has a version number' do expect(SoarAuthenticationToken::VERSION).not_to be nil end describe "#validate" do let!(:iut) { subject.new(@remote_validator_configuration) } context 'given valid token' do let!(:token_validation_result) { token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier) iut.validate(authentication_token: token) } let!(:token_validity) { token_validation_result[0] } let!(:token_meta) { token_validation_result[1] } let!(:message) { token_validation_result[2] } it 'should indicate valid if the token is valid' do expect(token_validity).to eq true end it 'should provide the authenticated_identifier if the token is valid' do expect(token_meta['authenticated_identifier']).to eq @test_identifier end end context 'given invalid (generalized) token' do let!(:token_validation_result) { token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier) iut.validate(authentication_token: token) } let!(:token_validity) { token_validation_result[0] } let!(:token_meta) { token_validation_result[1] } let!(:message) { token_validation_result[2] } it 'indicate token is invalid' do expect(token_validity).to eq false end it 'does not provide the token meta' do expect(token_meta).to eq nil end it 'provides a message indicating the token is invalid' do expect(message).to match /Token decode\/verification failure/ end end context 'given invalid token validator url that will result in timeouts' do let!(:invalid_validator_configuration) {{ 'provider' => 'SoarAuthenticationToken::RemoteTokenValidator', 'validator-url' => 'http://auth-token-validator.auto-h.net/validate', 'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service' }} let!(:iut) { subject.new(invalid_validator_configuration) } let!(:valid_token) { token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier) token } it 'raise error after attempt that timeout has occured' do expect{ iut.validate(authentication_token: valid_token) }.to raise_error Timeout::Error end it 'by default attempts 2 times with 3 second timeout' do start_time = Time.now expect{ iut.validate(authentication_token: valid_token) }.to raise_error Timeout::Error expect(Time.now - start_time).to be_within(1).of 6 end end end end