spec/jwt/verify_spec.rb in jwt-1.5.6 vs spec/jwt/verify_spec.rb in jwt-2.0.0.beta1

- old
+ new

@@ -6,11 +6,11 @@ RSpec.describe Verify do let(:base_payload) { { 'user_id' => 'some@user.tld' } } let(:options) { { leeway: 0 } } context '.verify_aud(payload, options)' do - let(:scalar_aud) { 'ruby-jwt-audience' } + let(:scalar_aud) { 'ruby-jwt-aud' } let(:array_aud) { %w(ruby-jwt-aud test-aud ruby-ruby-ruby) } let(:scalar_payload) { base_payload.merge('aud' => scalar_aud) } let(:array_payload) { base_payload.merge('aud' => array_aud) } it 'must raise JWT::InvalidAudError when the singular audience does not match' do @@ -23,43 +23,24 @@ expect do Verify.verify_aud(array_payload, options.merge(aud: 'no-match')) end.to raise_error JWT::InvalidAudError end - it 'must raise JWT::InvalidAudError when the singular audience does not match and the options aud key is a string' do - expect do - Verify.verify_aud(scalar_payload, options.merge('aud' => 'no-match')) - end.to raise_error JWT::InvalidAudError - end - it 'must allow a matching singular audience to pass' do Verify.verify_aud(scalar_payload, options.merge(aud: scalar_aud)) end - it 'must allow a matching audence to pass when the options key is a string' do - Verify.verify_aud(scalar_payload, options.merge('aud' => scalar_aud)) - end - it 'must allow an array with any value matching the one in the options' do Verify.verify_aud(array_payload, options.merge(aud: array_aud.first)) end - it 'must allow an array with any value matching the one in the options with a string options key' do - Verify.verify_aud(array_payload, options.merge('aud' => array_aud.first)) + it 'must allow an array with any value matching any value in the options array' do + Verify.verify_aud(array_payload, options.merge(aud: array_aud)) end - it 'should allow strings or symbolds in options array' do - options['aud'] = [ - 'ruby-jwt-aud', - 'test-aud', - 'ruby-ruby-ruby', - :test - ] - - array_payload['aud'].push('test') - - Verify.verify_aud(array_payload, options) + it 'must allow a singular audience payload matching any value in the options array' do + Verify.verify_aud(scalar_payload, options.merge(aud: array_aud)) end end context '.verify_expiration(payload, options)' do let(:leeway) { 10 } @@ -69,14 +50,18 @@ expect do Verify.verify_expiration(payload, options) end.to raise_error JWT::ExpiredSignature end - it 'must allow some leeway in the expiration when configured' do + it 'must allow some leeway in the expiration when global leeway is configured' do Verify.verify_expiration(payload, options.merge(leeway: 10)) end + it 'must allow some leeway in the expiration when exp_leeway is configured' do + Verify.verify_expiration(payload, options.merge(exp_leeway: 10)) + end + it 'must be expired if the exp claim equals the current time' do payload['exp'] = Time.now.to_i expect do Verify.verify_expiration(payload, options) @@ -94,10 +79,14 @@ it 'must allow configured leeway' do Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(leeway: 70)) end + it 'must allow configured iat_leeway' do + Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(iat_leeway: 70)) + end + it 'must properly handle integer times' do Verify.verify_iat(payload.merge('iat' => Time.now.to_i), options) end it 'must raise JWT::InvalidIatError when the iat value is not Numeric' do @@ -173,11 +162,15 @@ expect do Verify.verify_not_before(payload, options) end.to raise_error JWT::ImmatureSignature end - it 'must allow some leeway in the token age when configured' do + it 'must allow some leeway in the token age when global leeway is configured' do Verify.verify_not_before(payload, options.merge(leeway: 10)) + end + + it 'must allow some leeway in the token age when nbf_leeway is configured' do + Verify.verify_not_before(payload, options.merge(nbf_leeway: 10)) end end context '.verify_sub(payload, options)' do let(:sub) { 'ruby jwt subject' }