spec/jwt/verify_spec.rb in jwt-2.0.0.beta1 vs spec/jwt/verify_spec.rb in jwt-2.0.0
- old
+ new
@@ -1,17 +1,18 @@
# frozen_string_literal: true
+
require 'spec_helper'
require 'jwt/verify'
module JWT
RSpec.describe Verify do
let(:base_payload) { { 'user_id' => 'some@user.tld' } }
let(:options) { { leeway: 0 } }
context '.verify_aud(payload, options)' do
let(:scalar_aud) { 'ruby-jwt-aud' }
- let(:array_aud) { %w(ruby-jwt-aud test-aud ruby-ruby-ruby) }
+ let(:array_aud) { %w[ruby-jwt-aud test-aud ruby-ruby-ruby] }
let(:scalar_payload) { base_payload.merge('aud' => scalar_aud) }
let(:array_payload) { base_payload.merge('aud' => array_aud) }
it 'must raise JWT::InvalidAudError when the singular audience does not match' do
expect do
@@ -41,11 +42,10 @@
Verify.verify_aud(scalar_payload, options.merge(aud: array_aud))
end
end
context '.verify_expiration(payload, options)' do
- let(:leeway) { 10 }
let(:payload) { base_payload.merge('exp' => (Time.now.to_i - 5)) }
it 'must raise JWT::ExpiredSignature when the token has expired' do
expect do
Verify.verify_expiration(payload, options)
@@ -65,10 +65,20 @@
expect do
Verify.verify_expiration(payload, options)
end.to raise_error JWT::ExpiredSignature
end
+
+ context 'when leeway is not specified' do
+ let(:options) { {} }
+
+ it 'used a default leeway of 0' do
+ expect do
+ Verify.verify_expiration(payload, options)
+ end.to raise_error JWT::ExpiredSignature
+ end
+ end
end
context '.verify_iat(payload, options)' do
let(:iat) { Time.now.to_f }
let(:payload) { base_payload.merge('iat' => iat) }
@@ -106,23 +116,42 @@
let(:iss) { 'ruby-jwt-gem' }
let(:payload) { base_payload.merge('iss' => iss) }
let(:invalid_token) { JWT.encode base_payload, payload[:secret] }
- it 'must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer' do
- expect do
- Verify.verify_iss(payload, options.merge(iss: 'mismatched-issuer'))
- end.to raise_error JWT::InvalidIssuerError
- end
+ context 'when iss is a String' do
+ it 'must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer' do
+ expect do
+ Verify.verify_iss(payload, options.merge(iss: 'mismatched-issuer'))
+ end.to raise_error JWT::InvalidIssuerError
+ end
- it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
- expect do
- Verify.verify_iss(base_payload, options.merge(iss: iss))
- end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
+ it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
+ expect do
+ Verify.verify_iss(base_payload, options.merge(iss: iss))
+ end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
+ end
+
+ it 'must allow a matching issuer to pass' do
+ Verify.verify_iss(payload, options.merge(iss: iss))
+ end
end
+ context 'when iss is an Array' do
+ it 'must raise JWT::InvalidIssuerError when no matching issuers in array' do
+ expect do
+ Verify.verify_iss(payload, options.merge(iss: %w[first second]))
+ end.to raise_error JWT::InvalidIssuerError
+ end
- it 'must allow a matching issuer to pass' do
- Verify.verify_iss(payload, options.merge(iss: iss))
+ it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
+ expect do
+ Verify.verify_iss(base_payload, options.merge(iss: %w[first second]))
+ end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
+ end
+
+ it 'must allow an array with matching issuer to pass' do
+ Verify.verify_iss(payload, options.merge(iss: ['first', iss, 'third']))
+ end
end
end
context '.verify_jti(payload, options)' do
let(:payload) { base_payload.merge('jti' => 'some-random-uuid-or-whatever') }