Skip to content

Commit

Permalink
test(jans-cedarling): implement a helper function for generating tokens
Browse files Browse the repository at this point in the history 
- Implement `generate_tokens_using_claims` which is a helper function
  that generates an access_token, id_token, and userinfo_token from the
  given claims.

Signed-off-by: rmarinn <[email protected]>
  • Loading branch information
@rmarinn
rmarinn committed Nov 5, 2024
1 parent c324a97 commit a771b40
Show file tree
Hide file tree
Showing 7 changed files with 153 additions and 106 deletions.
32 changes: 31 additions & 1 deletion jans-cedarling/cedarling/src/jwt/test/utils.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,14 @@

use core::panic;
use jsonwebkey as jwk;
use jsonwebtoken as jwt;
use jsonwebtoken::{self as jwt};
use serde::Serialize;
use std::{
time::{SystemTime, UNIX_EPOCH},
u64,
};

#[derive(Clone)]
pub struct EncodingKey {
pub key_id: String,
pub key: jwt::EncodingKey,
Expand Down Expand Up @@ -103,6 +104,35 @@ impl Timestamp {
}
}

/// The arguments for [`generate_token_using_claims`]
pub struct GenerateTokensArgs {
pub access_token_claims: serde_json::Value,
pub id_token_claims: serde_json::Value,
pub userinfo_token_claims: serde_json::Value,
pub encoding_keys: Vec<EncodingKey>,
}

/// Generates tokens using the given encoding keys.
///
/// The `access_token` and `userinfo_token` will be encoded by the first key in the
/// `Vec` and the `id_token` will be encoded by the second.
///
/// # Panics
///
/// Panics when a token cannot be encoded.
pub fn generate_tokens_using_claims(args: GenerateTokensArgs) -> (String, String, String) {
let access_token =
generate_token_using_claims(&args.access_token_claims, &args.encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&args.id_token_claims, &args.encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token =
generate_token_using_claims(&args.userinfo_token_claims, &args.encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));

(access_token, id_token, userinfo_token)
}

/// Generates a token string signed with ES256
pub fn generate_token_using_claims(
claims: &impl Serialize,
Expand Down
39 changes: 21 additions & 18 deletions jans-cedarling/cedarling/src/jwt/test/with_validation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,13 @@ fn can_decode_claims_with_validation() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims: access_token_claims.clone(),
id_token_claims: id_token_claims.clone(),
userinfo_token_claims: userinfo_token_claims.clone(),
encoding_keys: encoding_keys.clone(),
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -180,12 +181,13 @@ fn errors_on_unsupported_alg() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -300,12 +302,13 @@ fn can_gracefully_handle_unsupported_algorithms_from_jwks() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims: access_token_claims.clone(),
id_token_claims: id_token_claims.clone(),
userinfo_token_claims: userinfo_token_claims.clone(),
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down
41 changes: 22 additions & 19 deletions jans-cedarling/cedarling/src/jwt/test/with_validation/access_token.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,12 +106,13 @@ fn test_missing_claim(missing_claim: &'static str) {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -254,7 +255,7 @@ fn errors_on_invalid_signature() {
"exp": Timestamp::one_hour_after_now(),
});

// generate the signed access_token
// generate the access_token with invalid signature
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let access_token = invalidate_token(access_token);
Expand Down Expand Up @@ -378,12 +379,13 @@ fn errors_on_expired_token() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -498,12 +500,13 @@ fn errors_on_token_used_before_nbf() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down
67 changes: 36 additions & 31 deletions jans-cedarling/cedarling/src/jwt/test/with_validation/id_token.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,12 +107,13 @@ fn test_missing_claim(missing_claim: &str) {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -252,7 +253,7 @@ fn errors_on_invalid_signature() {
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));

// generate signed id_token
// generate id_token with invalid signature
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let id_token = invalidate_token(id_token);
Expand Down Expand Up @@ -372,12 +373,13 @@ fn errors_on_expired_token() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -491,12 +493,13 @@ fn errors_on_invalid_iss() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -610,12 +613,13 @@ fn errors_on_invalid_aud() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -730,12 +734,13 @@ fn errors_on_token_used_before_nbf() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down
13 changes: 7 additions & 6 deletions jans-cedarling/cedarling/src/jwt/test/with_validation/key_service.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,12 +249,13 @@ fn can_update_local_jwks() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims: access_token_claims.clone(),
id_token_claims: id_token_claims.clone(),
userinfo_token_claims: userinfo_token_claims.clone(),
encoding_keys: encoding_keys.clone(),
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down
54 changes: 29 additions & 25 deletions jans-cedarling/cedarling/src/jwt/test/with_validation/userinfo_token.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,13 @@ fn test_missing_claim(missing_claim: &str) {
}

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -255,7 +256,7 @@ fn errors_on_invalid_signature() {
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));

// generate signed userinfo_token
// generate userinfo_token with invalid signature
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let userinfo_token = invalidate_token(userinfo_token);
Expand Down Expand Up @@ -377,12 +378,13 @@ fn errors_on_invalid_iss() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -500,12 +502,13 @@ fn errors_on_invalid_aud() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down Expand Up @@ -623,12 +626,13 @@ fn errors_on_invalid_sub() {
});

// generate the signed token strings
let access_token = generate_token_using_claims(&access_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate access_token: {:?}", e));
let id_token = generate_token_using_claims(&id_token_claims, &encoding_keys[1])
.unwrap_or_else(|e| panic!("Failed to generate id_token: {:?}", e));
let userinfo_token = generate_token_using_claims(&userinfo_token_claims, &encoding_keys[0])
.unwrap_or_else(|e| panic!("Failed to generate userinfo_token: {:?}", e));
let (access_token, id_token, userinfo_token) =
generate_tokens_using_claims(GenerateTokensArgs {
access_token_claims,
id_token_claims,
userinfo_token_claims,
encoding_keys,
});

// setup mock server responses for OpenID configuration and JWKS URIs
let openid_config_response = json!({
Expand Down
Loading

0 comments on commit a771b40

Please sign in to comment.