Skip to content

Commit

Permalink
adding tests
Browse files Browse the repository at this point in the history
  • Loading branch information
james-prysm committed Jan 19, 2024
1 parent 844cf08 commit 80e7ad8
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 12 deletions.
9 changes: 0 additions & 9 deletions api/constants.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,3 @@
package api

import "strings"

const WebUrlPrefix = "/v2/validator/"

func IsKeymanagerUrlPrefix(path string) bool {
if strings.Contains(path, "/eth/v1/keystores") || strings.Contains(path, "/eth/v1/remotekeys") || strings.Contains(path, "/eth/v1/validator") {
return true
}
return false
}
1 change: 0 additions & 1 deletion validator/rpc/auth_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,6 @@ func createTokenString(jwtKey []byte) (string, error) {
return tokenString, nil
}

// DEPRECATED: associated to Initialize Web UI API
func createRandomJWTSecret() ([]byte, error) {
r := rand.NewGenerator()
jwtKey := make([]byte, 32)
Expand Down
5 changes: 3 additions & 2 deletions validator/rpc/intercepter.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,7 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// if it's not initialize or has a web prefix
if !strings.Contains(r.URL.Path, api.WebUrlPrefix+"initialize") && // ignore some routes
!strings.Contains(r.URL.Path, api.WebUrlPrefix+"health/logs") &&
(strings.Contains(r.URL.Path, api.WebUrlPrefix) || api.IsKeymanagerUrlPrefix(r.URL.Path)) {
!strings.Contains(r.URL.Path, api.WebUrlPrefix+"health/logs") {
reqToken := r.Header.Get("Authorization")
if reqToken == "" {
http.Error(w, "unauthorized: no Authorization header passed. Please use an Authorization header with the jwt created in the prysm wallet", http.StatusUnauthorized)
Expand All @@ -50,6 +49,7 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler {
token := strings.Split(reqToken, "Bearer ")[1]
_, err := jwt.Parse(token, s.validateJWT)
if err != nil {
fmt.Println(err)
http.Error(w, fmt.Errorf("unauthorized:could not parse JWT token: %v", err).Error(), http.StatusForbidden)
return
}
Expand Down Expand Up @@ -84,5 +84,6 @@ func (s *Server) validateJWT(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected JWT signing method: %v", token.Header["alg"])
}
fmt.Println(s.jwtSecret)
return s.jwtSecret, nil
}
54 changes: 54 additions & 0 deletions validator/rpc/intercepter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@ package rpc

import (
"context"
"net/http"
"net/http/httptest"
"testing"

"github.com/golang-jwt/jwt/v4"
"github.com/prysmaticlabs/prysm/v4/api"
"github.com/prysmaticlabs/prysm/v4/testing/require"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
Expand Down Expand Up @@ -67,3 +70,54 @@ func TestServer_JWTInterceptor_InvalidSigningType(t *testing.T) {
_, err := ss.validateJWT(token)
require.ErrorContains(t, "unexpected JWT signing method", err)
}

func TestServer_JwtHttpInterceptor(t *testing.T) {
jwtKey, err := createRandomJWTSecret()
require.NoError(t, err)

s := &Server{jwtSecret: jwtKey}
testHandler := s.JwtHttpInterceptor(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Your test handler logic here
w.WriteHeader(http.StatusOK)
w.Write([]byte("Test Response"))
}))
t.Run("no jwt was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusUnauthorized, rr.Code)
})
t.Run("wrong jwt was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer YOUR_JWT_TOKEN") // Replace with a valid JWT token
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusForbidden, rr.Code)
})
t.Run("jwt was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
token, err := createTokenString(jwtKey)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+token) // Replace with a valid JWT token
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
})
t.Run("initialize does not need jwt", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, api.WebUrlPrefix+"initialize", nil)
require.NoError(t, err)
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
})
t.Run("health does not need jwt", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, api.WebUrlPrefix+"health/logs", nil)
require.NoError(t, err)
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
})
}

0 comments on commit 80e7ad8

Please sign in to comment.