0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

test: add integration tests for jwt (#5565)

This commit is contained in:
wangsijie 2024-03-28 17:00:08 +08:00 committed by GitHub
parent 113221e55d
commit 80a3808398
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -3,11 +3,12 @@ import path from 'node:path';
import { fetchTokenByRefreshToken } from '@logto/js';
import { InteractionEvent, type Resource, RoleType } from '@logto/schemas';
import { assert } from '@silverhand/essentials';
import { createRemoteJWKSet, jwtVerify } from 'jose';
import fetch from 'node-fetch';
import { createResource, putInteraction } from '#src/api/index.js';
import { assignUsersToRole, createRole } from '#src/api/role.js';
import { createScope } from '#src/api/scope.js';
import { createResource, deleteResource, deleteUser, putInteraction } from '#src/api/index.js';
import { assignUsersToRole, createRole, deleteRole } from '#src/api/role.js';
import { createScope, deleteScope } from '#src/api/scope.js';
import MockClient, { defaultConfig } from '#src/client/index.js';
import { logtoUrl } from '#src/constants.js';
import { processSession } from '#src/helpers/client.js';
@ -25,24 +26,50 @@ describe('get access token', () => {
};
const testApiScopeNames = ['read', 'write', 'delete', 'update'];
/* eslint-disable @silverhand/fp/no-let */
let testApiResourceId: string;
let testApiScopeIds: string[];
let testApiUserRoleId: string;
let guestUserId: string;
/* eslint-enable @silverhand/fp/no-let */
/* eslint-disable @silverhand/fp/no-mutation */
beforeAll(async () => {
await createUserByAdmin({ username: guestUsername, password });
const guestUser = await createUserByAdmin({ username: guestUsername, password });
guestUserId = guestUser.id;
const user = await createUserByAdmin({ username, password });
const testApiResource = await createResource(
testApiResourceInfo.name,
testApiResourceInfo.indicator
);
testApiResourceId = testApiResource.id;
const testApiScopes = await Promise.all(
testApiScopeNames.map(async (name) => createScope(testApiResource.id, name))
);
testApiScopeIds = testApiScopes.map(({ id }) => id);
const testApiUserRole = await createRole({
name: 'test-api-user-role',
type: RoleType.User,
scopeIds: testApiScopes.map(({ id }) => id),
});
testApiUserRoleId = testApiUserRole.id;
await assignUsersToRole([user.id], testApiUserRole.id);
await enableAllPasswordSignInMethods();
});
/* eslint-enable @silverhand/fp/no-mutation */
afterAll(async () => {
if (testApiUserRoleId) {
await deleteRole(testApiUserRoleId);
}
if (testApiResourceId) {
await Promise.all(testApiScopeIds.map(async (id) => deleteScope(testApiResourceId, id)));
await deleteResource(testApiResourceId);
}
if (guestUserId) {
await deleteUser(guestUserId);
}
});
it('can sign in and getAccessToken with admin user', async () => {
const client = new MockClient({
@ -84,6 +111,29 @@ describe('get access token', () => {
);
});
it('sign in and verify jwt', async () => {
const client = new MockClient({
resources: [testApiResourceInfo.indicator],
scopes: testApiScopeNames,
});
await client.initSession();
await client.successSend(putInteraction, {
event: InteractionEvent.SignIn,
identifier: { username: guestUsername, password },
});
const { redirectTo } = await client.submitInteraction();
await processSession(client, redirectTo);
const accessToken = await client.getAccessToken(testApiResourceInfo.indicator);
await expect(
jwtVerify(accessToken, createRemoteJWKSet(new URL('/oidc/jwks', logtoUrl)), {
issuer: new URL('/oidc', logtoUrl).href,
audience: testApiResourceInfo.indicator,
requiredClaims: ['scope', 'client_id'],
subject: guestUserId,
})
).resolves.toBeTruthy();
});
it('can sign in and get multiple Access Tokens by the same Refresh Token within refreshTokenReuseInterval', async () => {
const client = new MockClient({ resources: [testApiResourceInfo.indicator] });