Skip to content

Commit

Permalink
Added test coverage (#756)
Browse files Browse the repository at this point in the history
### Changes

Added test coverage for previous added issuer claim validation with
custom domain.
- Added expecting failure scenario with invalid `domain` not matching
token issuer
- Added expecting failure scenario with invalid `domain` AND invalid
`custom domain` not matching token issuer
- Added scenario with custom domain matching token issuer, should
validate.
- Added scenario with custom domain not matching token issuer, should
validate with tenant domain

### References

Ref: #755

### Contributor Checklist

- [x] I agree to adhere to the [Auth0 General Contribution
Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md).
- [x] I agree to uphold the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).

---------

Signed-off-by: ramonschriks <[email protected]>
Co-authored-by: Ramon <[email protected]>
  • Loading branch information
ramonschriks and Ramon authored Jan 11, 2024
1 parent 347bea6 commit a6adf46
Showing 1 changed file with 76 additions and 0 deletions.
76 changes: 76 additions & 0 deletions tests/Unit/TokenTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,42 @@ function(): SdkConfiguration {
fn() => TokenGenerator::create(TokenGenerator::TOKEN_LOGOUT, TokenGenerator::ALG_HS256, ['events' => null])
]])->throws(InvalidTokenException::class, InvalidTokenException::MSG_MISSING_EVENTS_CLAIM);

it('fails validating a Logout Token with a mismatch `issuer` claim', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt
): void {
$token = new Token($configuration, $jwt->token, Token::TYPE_LOGOUT_TOKEN);
$token->validate();
})->with(['mocked hs256 access token' => [
function(): SdkConfiguration {
$this->configuration->setDomain('invalid-domain.test');
$this->configuration->setClientId('__test_client_id__');
$this->configuration->setTokenAlgorithm('HS256');
$this->configuration->setClientSecret('__test_client_secret__');
return $this->configuration;
},
fn() => TokenGenerator::create(TokenGenerator::TOKEN_LOGOUT, TokenGenerator::ALG_HS256)
]])->throws(InvalidTokenException::class, sprintf(InvalidTokenException::MSG_MISMATCHED_ISS_CLAIM, "https://invalid-domain.test/", "https://domain.test/"));

it('fails validating a Logout Token with a mismatch `issuer` claim with custom domain', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt
): void {
$token = new Token($configuration, $jwt->token, Token::TYPE_LOGOUT_TOKEN);
$token->validate();
})->with(['mocked hs256 access token' => [
function(): SdkConfiguration {
$this->configuration->setDomain('invalid-domain.test');
$this->configuration->setCustomDomain('invalid-custom-domain.test');
$this->configuration->setClientId('__test_client_id__');
$this->configuration->setTokenAlgorithm('HS256');
$this->configuration->setClientSecret('__test_client_secret__');
return $this->configuration;
},
fn() => TokenGenerator::create(TokenGenerator::TOKEN_LOGOUT, TokenGenerator::ALG_HS256)
]])->throws(InvalidTokenException::class, sprintf(InvalidTokenException::MSG_MISMATCHED_ISS_CLAIM, "https://invalid-domain.test/", "https://domain.test/"));


it('fails validating a Logout Token with a malformed `events` claim', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt
Expand Down Expand Up @@ -338,6 +374,46 @@ function(): SdkConfiguration {
fn() => ['nonce' => '__test_nonce__']
]]);

test('validate() with custom domain as token issuer fails, but succeeds with tenant domain', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt,
array $claims
): void {
$token = new Token($configuration, $jwt->token, Token::TYPE_ID_TOKEN);
expect($token->validate(null, null, ['org_123'], $claims['nonce'], 100))->toEqual($token);
})->with(['mocked data' => [
function(): SdkConfiguration {
$this->configuration->setDomain('domain.test');
$this->configuration->setCustomDomain('not-the-issuer.domain');
$this->configuration->setClientId('__test_client_id__');
$this->configuration->setTokenAlgorithm('HS256');
$this->configuration->setClientSecret('__test_client_secret__');
return $this->configuration;
},
fn() => TokenGenerator::create(TokenGenerator::TOKEN_ID, TokenGenerator::ALG_HS256, ['org_id' => 'org_123']),
fn() => ['nonce' => '__test_nonce__']
]]);

test('validate() with custom domain as token issuer succeeds, tenant domain is thereby irrelevant', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt,
array $claims
): void {
$token = new Token($configuration, $jwt->token, Token::TYPE_ID_TOKEN);
expect($token->validate(null, null, ['org_123'], $claims['nonce'], 100))->toEqual($token);
})->with(['mocked data' => [
function(): SdkConfiguration {
$this->configuration->setDomain('invalid-domain.test');
$this->configuration->setCustomDomain('domain.test');
$this->configuration->setClientId('__test_client_id__');
$this->configuration->setTokenAlgorithm('HS256');
$this->configuration->setClientSecret('__test_client_secret__');
return $this->configuration;
},
fn() => TokenGenerator::create(TokenGenerator::TOKEN_ID, TokenGenerator::ALG_HS256, ['org_id' => 'org_123']),
fn() => ['nonce' => '__test_nonce__']
]]);

test('validate() overrides globally configured algorithm', function(
SdkConfiguration $configuration,
TokenGeneratorResponse $jwt,
Expand Down

0 comments on commit a6adf46

Please sign in to comment.