aboutsummaryrefslogtreecommitdiff
path: root/test/js/third_party/jsonwebtoken/claim-nbf.test.js
diff options
context:
space:
mode:
authorGravatar Ciro Spaciari <ciro.spaciari@gmail.com> 2023-10-07 19:22:45 -0300
committerGravatar GitHub <noreply@github.com> 2023-10-07 15:22:45 -0700
commit35109160ca5d439116bedeb3302ec3745e2895d5 (patch)
tree7b864016acc5e689c6262a9fddc41b00160de28f /test/js/third_party/jsonwebtoken/claim-nbf.test.js
parentbb9933fa7ec5eafcb8ef902c96d85a2b248a85be (diff)
downloadbun-35109160ca5d439116bedeb3302ec3745e2895d5.tar.gz
bun-35109160ca5d439116bedeb3302ec3745e2895d5.tar.zst
bun-35109160ca5d439116bedeb3302ec3745e2895d5.zip
feat(KeyObject) (#5940)
* oops * createSecretKey but weird error * use the right prototype, do not add a function called export lol * HMAC JWT export + base64 fix * Fix Equals, Fix Get KeySize, add complete export RSA * fix RSA export * add EC exports * X25519 and ED25519 export + fixes * fix default exports * better asymmetricKeyType * fix private exports * fix symmetricKeySize * createPublicKey validations + refactor * jwt + der fixes * oopsies * add PEM into createPublicKey * cleanup * WIP * bunch of fixes * public from private + private OKP * encrypted keys fixes * oops * fix clear tls error, add some support to jwk and other formats on publicEncrypt/publicDecrypt * more fixes and tests working * more fixes more tests * more clear hmac errors * more tests and fixes * add generateKeyPair * more tests passing, some skips * fix EC key from private * fix OKP JWK * nodejs ignores ext and key_ops on KeyObject.exports * add EC sign verify test * some fixes * add crypto.generateKeyPairSync(type, options) * more fixes and more tests * fix hmac tests * jsonwebtoken tests * oops * oops2 * generated files * revert package.json * vm tests * todos instead of failues * toBunString -> toString * undo simdutf * improvements * unlikely * cleanup * cleanup 2 * oops * move _generateKeyPairSync checks to native
Diffstat (limited to 'test/js/third_party/jsonwebtoken/claim-nbf.test.js')
-rw-r--r--test/js/third_party/jsonwebtoken/claim-nbf.test.js312
1 files changed, 312 insertions, 0 deletions
diff --git a/test/js/third_party/jsonwebtoken/claim-nbf.test.js b/test/js/third_party/jsonwebtoken/claim-nbf.test.js
new file mode 100644
index 000000000..9c2e54c5c
--- /dev/null
+++ b/test/js/third_party/jsonwebtoken/claim-nbf.test.js
@@ -0,0 +1,312 @@
+"use strict";
+
+import jwt from "jsonwebtoken";
+import { expect, describe, it, beforeEach } from "bun:test";
+import util from "util";
+import testUtils from "./test-utils";
+import jws from "jws";
+import sinon from "sinon";
+
+function signWithNotBefore(notBefore, payload, callback) {
+ const options = { algorithm: "HS256" };
+ if (notBefore !== undefined) {
+ options.notBefore = notBefore;
+ }
+ testUtils.signJWTHelper(payload, "secret", options, callback);
+}
+
+describe("not before", function () {
+ describe('`jwt.sign` "notBefore" option validation', function () {
+ [
+ true,
+ false,
+ null,
+ -1.1,
+ 1.1,
+ -Infinity,
+ Infinity,
+ NaN,
+ "",
+ " ",
+ "invalid",
+ [],
+ ["foo"],
+ {},
+ { foo: "bar" },
+ ].forEach(notBefore => {
+ it(`should error with with value ${util.inspect(notBefore)}`, function (done) {
+ signWithNotBefore(notBefore, {}, err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty("message");
+ });
+ });
+ });
+ });
+
+ // undefined needs special treatment because {} is not the same as {notBefore: undefined}
+ it("should error with with value undefined", function (done) {
+ testUtils.signJWTHelper({}, "secret", { notBefore: undefined, algorithm: "HS256" }, err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty(
+ "message",
+ '"notBefore" should be a number of seconds or string representing a timespan',
+ );
+ });
+ });
+ });
+
+ it('should error when "nbf" is in payload', function (done) {
+ signWithNotBefore(100, { nbf: 100 }, err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty(
+ "message",
+ 'Bad "options.notBefore" option the payload already has an "nbf" property.',
+ );
+ });
+ });
+ });
+
+ it("should error with a string payload", function (done) {
+ signWithNotBefore(100, "a string payload", err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty("message", "invalid notBefore option for string payload");
+ });
+ });
+ });
+
+ it("should error with a Buffer payload", function (done) {
+ signWithNotBefore(100, new Buffer("a Buffer payload"), err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty("message", "invalid notBefore option for object payload");
+ });
+ });
+ });
+ });
+
+ describe('`jwt.sign` "nbf" claim validation', function () {
+ [true, false, null, undefined, "", " ", "invalid", [], ["foo"], {}, { foo: "bar" }].forEach(nbf => {
+ it(`should error with with value ${util.inspect(nbf)}`, function (done) {
+ signWithNotBefore(undefined, { nbf }, err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(Error);
+ expect(err).toHaveProperty("message", '"nbf" should be a number of seconds');
+ });
+ });
+ });
+ });
+ });
+
+ describe('"nbf" in payload validation', function () {
+ [true, false, null, -Infinity, Infinity, NaN, "", " ", "invalid", [], ["foo"], {}, { foo: "bar" }].forEach(nbf => {
+ it(`should error with with value ${util.inspect(nbf)}`, function (done) {
+ const header = { alg: "HS256" };
+ const payload = { nbf };
+ const token = jws.sign({ header, payload, secret: "secret", encoding: "utf8" });
+ testUtils.verifyJWTHelper(token, "secret", { nbf }, err => {
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeInstanceOf(jwt.JsonWebTokenError);
+ expect(err).toHaveProperty("message", "invalid nbf value");
+ });
+ });
+ });
+ });
+ });
+
+ describe('when signing and verifying a token with "notBefore" option', function () {
+ let fakeClock;
+ beforeEach(function () {
+ fakeClock = sinon.useFakeTimers({ now: 60000 });
+ });
+
+ afterEach(function () {
+ fakeClock.uninstall();
+ });
+
+ it('should set correct "nbf" with negative number of seconds', function (done) {
+ signWithNotBefore(-10, {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 50);
+ });
+ });
+ });
+ });
+
+ it('should set correct "nbf" with positive number of seconds', function (done) {
+ signWithNotBefore(10, {}, (e1, token) => {
+ fakeClock.tick(10000);
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 70);
+ });
+ });
+ });
+ });
+
+ it('should set correct "nbf" with zero seconds', function (done) {
+ signWithNotBefore(0, {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 60);
+ });
+ });
+ });
+ });
+
+ it('should set correct "nbf" with negative string timespan', function (done) {
+ signWithNotBefore("-10 s", {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 50);
+ });
+ });
+ });
+ });
+
+ it('should set correct "nbf" with positive string timespan', function (done) {
+ signWithNotBefore("10 s", {}, (e1, token) => {
+ fakeClock.tick(10000);
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 70);
+ });
+ });
+ });
+ });
+
+ it('should set correct "nbf" with zero string timespan', function (done) {
+ signWithNotBefore("0 s", {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 60);
+ });
+ });
+ });
+ });
+
+ // TODO an nbf of -Infinity should fail validation
+ it('should set null "nbf" when given -Infinity', function (done) {
+ signWithNotBefore(undefined, { nbf: -Infinity }, (err, token) => {
+ const decoded = jwt.decode(token);
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeNull();
+ expect(decoded).toHaveProperty("nbf", null);
+ });
+ });
+ });
+
+ // TODO an nbf of Infinity should fail validation
+ it('should set null "nbf" when given value Infinity', function (done) {
+ signWithNotBefore(undefined, { nbf: Infinity }, (err, token) => {
+ const decoded = jwt.decode(token);
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeNull();
+ expect(decoded).toHaveProperty("nbf", null);
+ });
+ });
+ });
+
+ // TODO an nbf of NaN should fail validation
+ it('should set null "nbf" when given value NaN', function (done) {
+ signWithNotBefore(undefined, { nbf: NaN }, (err, token) => {
+ const decoded = jwt.decode(token);
+ testUtils.asyncCheck(done, () => {
+ expect(err).toBeNull();
+ expect(decoded).toHaveProperty("nbf", null);
+ });
+ });
+ });
+
+ it('should set correct "nbf" when "iat" is passed', function (done) {
+ signWithNotBefore(-10, { iat: 40 }, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("nbf", 30);
+ });
+ });
+ });
+ });
+
+ it('should verify "nbf" using "clockTimestamp"', function (done) {
+ signWithNotBefore(10, {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", { clockTimestamp: 70 }, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("iat", 60);
+ expect(decoded).toHaveProperty("nbf", 70);
+ });
+ });
+ });
+ });
+
+ it('should verify "nbf" using "clockTolerance"', function (done) {
+ signWithNotBefore(5, {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", { clockTolerance: 6 }, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("iat", 60);
+ expect(decoded).toHaveProperty("nbf", 65);
+ });
+ });
+ });
+ });
+
+ it('should ignore a not active token when "ignoreNotBefore" is true', function (done) {
+ signWithNotBefore("10 s", {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", { ignoreNotBefore: true }, (e2, decoded) => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeNull();
+ expect(decoded).toHaveProperty("iat", 60);
+ expect(decoded).toHaveProperty("nbf", 70);
+ });
+ });
+ });
+ });
+
+ it('should error on verify if "nbf" is after current time', function (done) {
+ signWithNotBefore(undefined, { nbf: 61 }, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", {}, e2 => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeInstanceOf(jwt.NotBeforeError);
+ expect(e2).toHaveProperty("message", "jwt not active");
+ });
+ });
+ });
+ });
+
+ it('should error on verify if "nbf" is after current time using clockTolerance', function (done) {
+ signWithNotBefore(5, {}, (e1, token) => {
+ testUtils.verifyJWTHelper(token, "secret", { clockTolerance: 4 }, e2 => {
+ testUtils.asyncCheck(done, () => {
+ expect(e1).toBeNull();
+ expect(e2).toBeInstanceOf(jwt.NotBeforeError);
+ expect(e2).toHaveProperty("message", "jwt not active");
+ });
+ });
+ });
+ });
+ });
+});
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-27 03:41:50 +0000