From 80e7ad813b11e3839cf0f3f2973ff106734b2367 Mon Sep 17 00:00:00 2001 From: james-prysm Date: Fri, 19 Jan 2024 13:56:26 -0600 Subject: [PATCH] adding tests --- api/constants.go | 9 ------ validator/rpc/auth_token.go | 1 - validator/rpc/intercepter.go | 5 +-- validator/rpc/intercepter_test.go | 54 +++++++++++++++++++++++++++++++ 4 files changed, 57 insertions(+), 12 deletions(-) diff --git a/api/constants.go b/api/constants.go index 65b4aefbb048..3266cd934d98 100644 --- a/api/constants.go +++ b/api/constants.go @@ -1,12 +1,3 @@ package api -import "strings" - const WebUrlPrefix = "/v2/validator/" - -func IsKeymanagerUrlPrefix(path string) bool { - if strings.Contains(path, "/eth/v1/keystores") || strings.Contains(path, "/eth/v1/remotekeys") || strings.Contains(path, "/eth/v1/validator") { - return true - } - return false -} diff --git a/validator/rpc/auth_token.go b/validator/rpc/auth_token.go index e35b42d41e30..4251de8b6e15 100644 --- a/validator/rpc/auth_token.go +++ b/validator/rpc/auth_token.go @@ -191,7 +191,6 @@ func createTokenString(jwtKey []byte) (string, error) { return tokenString, nil } -// DEPRECATED: associated to Initialize Web UI API func createRandomJWTSecret() ([]byte, error) { r := rand.NewGenerator() jwtKey := make([]byte, 32) diff --git a/validator/rpc/intercepter.go b/validator/rpc/intercepter.go index 4f190b1913a3..3c2a64bf0927 100644 --- a/validator/rpc/intercepter.go +++ b/validator/rpc/intercepter.go @@ -40,8 +40,7 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // if it's not initialize or has a web prefix if !strings.Contains(r.URL.Path, api.WebUrlPrefix+"initialize") && // ignore some routes - !strings.Contains(r.URL.Path, api.WebUrlPrefix+"health/logs") && - (strings.Contains(r.URL.Path, api.WebUrlPrefix) || api.IsKeymanagerUrlPrefix(r.URL.Path)) { + !strings.Contains(r.URL.Path, api.WebUrlPrefix+"health/logs") { reqToken := r.Header.Get("Authorization") if reqToken == "" { http.Error(w, "unauthorized: no Authorization header passed. Please use an Authorization header with the jwt created in the prysm wallet", http.StatusUnauthorized) @@ -50,6 +49,7 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler { token := strings.Split(reqToken, "Bearer ")[1] _, err := jwt.Parse(token, s.validateJWT) if err != nil { + fmt.Println(err) http.Error(w, fmt.Errorf("unauthorized:could not parse JWT token: %v", err).Error(), http.StatusForbidden) return } @@ -84,5 +84,6 @@ func (s *Server) validateJWT(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected JWT signing method: %v", token.Header["alg"]) } + fmt.Println(s.jwtSecret) return s.jwtSecret, nil } diff --git a/validator/rpc/intercepter_test.go b/validator/rpc/intercepter_test.go index 2d1e1bab2a26..d16515ad3d2e 100644 --- a/validator/rpc/intercepter_test.go +++ b/validator/rpc/intercepter_test.go @@ -2,9 +2,12 @@ package rpc import ( "context" + "net/http" + "net/http/httptest" "testing" "github.com/golang-jwt/jwt/v4" + "github.com/prysmaticlabs/prysm/v4/api" "github.com/prysmaticlabs/prysm/v4/testing/require" "google.golang.org/grpc" "google.golang.org/grpc/metadata" @@ -67,3 +70,54 @@ func TestServer_JWTInterceptor_InvalidSigningType(t *testing.T) { _, err := ss.validateJWT(token) require.ErrorContains(t, "unexpected JWT signing method", err) } + +func TestServer_JwtHttpInterceptor(t *testing.T) { + jwtKey, err := createRandomJWTSecret() + require.NoError(t, err) + + s := &Server{jwtSecret: jwtKey} + testHandler := s.JwtHttpInterceptor(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Your test handler logic here + w.WriteHeader(http.StatusOK) + w.Write([]byte("Test Response")) + })) + t.Run("no jwt was sent", func(t *testing.T) { + rr := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil) + require.NoError(t, err) + testHandler.ServeHTTP(rr, req) + require.Equal(t, http.StatusUnauthorized, rr.Code) + }) + t.Run("wrong jwt was sent", func(t *testing.T) { + rr := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer YOUR_JWT_TOKEN") // Replace with a valid JWT token + testHandler.ServeHTTP(rr, req) + require.Equal(t, http.StatusForbidden, rr.Code) + }) + t.Run("jwt was sent", func(t *testing.T) { + rr := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil) + require.NoError(t, err) + token, err := createTokenString(jwtKey) + require.NoError(t, err) + req.Header.Set("Authorization", "Bearer "+token) // Replace with a valid JWT token + testHandler.ServeHTTP(rr, req) + require.Equal(t, http.StatusOK, rr.Code) + }) + t.Run("initialize does not need jwt", func(t *testing.T) { + rr := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, api.WebUrlPrefix+"initialize", nil) + require.NoError(t, err) + testHandler.ServeHTTP(rr, req) + require.Equal(t, http.StatusOK, rr.Code) + }) + t.Run("health does not need jwt", func(t *testing.T) { + rr := httptest.NewRecorder() + req, err := http.NewRequest(http.MethodGet, api.WebUrlPrefix+"health/logs", nil) + require.NoError(t, err) + testHandler.ServeHTTP(rr, req) + require.Equal(t, http.StatusOK, rr.Code) + }) +}