From 35109160ca5d439116bedeb3302ec3745e2895d5 Mon Sep 17 00:00:00 2001 From: Ciro Spaciari Date: Sat, 7 Oct 2023 19:22:45 -0300 Subject: feat(KeyObject) (#5940) * oops * createSecretKey but weird error * use the right prototype, do not add a function called export lol * HMAC JWT export + base64 fix * Fix Equals, Fix Get KeySize, add complete export RSA * fix RSA export * add EC exports * X25519 and ED25519 export + fixes * fix default exports * better asymmetricKeyType * fix private exports * fix symmetricKeySize * createPublicKey validations + refactor * jwt + der fixes * oopsies * add PEM into createPublicKey * cleanup * WIP * bunch of fixes * public from private + private OKP * encrypted keys fixes * oops * fix clear tls error, add some support to jwk and other formats on publicEncrypt/publicDecrypt * more fixes and tests working * more fixes more tests * more clear hmac errors * more tests and fixes * add generateKeyPair * more tests passing, some skips * fix EC key from private * fix OKP JWK * nodejs ignores ext and key_ops on KeyObject.exports * add EC sign verify test * some fixes * add crypto.generateKeyPairSync(type, options) * more fixes and more tests * fix hmac tests * jsonwebtoken tests * oops * oops2 * generated files * revert package.json * vm tests * todos instead of failues * toBunString -> toString * undo simdutf * improvements * unlikely * cleanup * cleanup 2 * oops * move _generateKeyPairSync checks to native --- test/js/third_party/jsonwebtoken/claim-exp.test.js | 316 +++++++++++++++++++++ 1 file changed, 316 insertions(+) create mode 100644 test/js/third_party/jsonwebtoken/claim-exp.test.js (limited to 'test/js/third_party/jsonwebtoken/claim-exp.test.js') diff --git a/test/js/third_party/jsonwebtoken/claim-exp.test.js b/test/js/third_party/jsonwebtoken/claim-exp.test.js new file mode 100644 index 000000000..ee836a755 --- /dev/null +++ b/test/js/third_party/jsonwebtoken/claim-exp.test.js @@ -0,0 +1,316 @@ +"use strict"; + +import jwt from "jsonwebtoken"; +import { expect, describe, it, beforeEach } from "bun:test"; +import util from "util"; +import testUtils from "./test-utils"; +import jws from "jws"; +import sinon from "sinon"; + +function signWithExpiresIn(expiresIn, payload, callback) { + const options = { algorithm: "HS256" }; + if (expiresIn !== undefined) { + options.expiresIn = expiresIn; + } + testUtils.signJWTHelper(payload, "secret", options, callback); +} + +describe("expires", function () { + describe('`jwt.sign` "expiresIn" option validation', function () { + [ + true, + false, + null, + -1.1, + 1.1, + -Infinity, + Infinity, + NaN, + " ", + "", + "invalid", + [], + ["foo"], + {}, + { foo: "bar" }, + ].forEach(expiresIn => { + it(`should error with with value ${util.inspect(expiresIn)}`, function (done) { + signWithExpiresIn(expiresIn, {}, err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty("message"); + }); + }); + }); + }); + + // undefined needs special treatment because {} is not the same as {expiresIn: undefined} + it("should error with with value undefined", function (done) { + testUtils.signJWTHelper({}, "secret", { expiresIn: undefined, algorithm: "HS256" }, err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty( + "message", + '"expiresIn" should be a number of seconds or string representing a timespan', + ); + }); + }); + }); + + it('should error when "exp" is in payload', function (done) { + signWithExpiresIn(100, { exp: 100 }, err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty( + "message", + 'Bad "options.expiresIn" option the payload already has an "exp" property.', + ); + }); + }); + }); + + it("should error with a string payload", function (done) { + signWithExpiresIn(100, "a string payload", err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty("message", "invalid expiresIn option for string payload"); + }); + }); + }); + + it("should error with a Buffer payload", function (done) { + signWithExpiresIn(100, Buffer.from("a Buffer payload"), err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty("message", "invalid expiresIn option for object payload"); + }); + }); + }); + }); + + describe('`jwt.sign` "exp" claim validation', function () { + [true, false, null, undefined, "", " ", "invalid", [], ["foo"], {}, { foo: "bar" }].forEach(exp => { + it(`should error with with value ${util.inspect(exp)}`, function (done) { + signWithExpiresIn(undefined, { exp }, err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(Error); + expect(err).toHaveProperty("message", '"exp" should be a number of seconds'); + }); + }); + }); + }); + }); + + describe('"exp" in payload validation', function () { + [true, false, null, -Infinity, Infinity, NaN, "", " ", "invalid", [], ["foo"], {}, { foo: "bar" }].forEach(exp => { + it(`should error with with value ${util.inspect(exp)}`, function (done) { + const header = { alg: "HS256" }; + const payload = { exp }; + const token = jws.sign({ header, payload, secret: "secret", encoding: "utf8" }); + testUtils.verifyJWTHelper(token, "secret", { exp }, err => { + testUtils.asyncCheck(done, () => { + expect(err).toBeInstanceOf(jwt.JsonWebTokenError); + expect(err).toHaveProperty("message", "invalid exp value"); + }); + }); + }); + }); + }); + + describe("when signing and verifying a token with expires option", function () { + let fakeClock; + beforeEach(function () { + fakeClock = sinon.useFakeTimers({ now: 60000 }); + }); + + afterEach(function () { + fakeClock.uninstall(); + }); + + it('should set correct "exp" with negative number of seconds', function (done) { + signWithExpiresIn(-10, {}, (e1, token) => { + fakeClock.tick(-10001); + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 50); + }); + }); + }); + }); + + it('should set correct "exp" with positive number of seconds', function (done) { + signWithExpiresIn(10, {}, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 70); + }); + }); + }); + }); + + it('should set correct "exp" with zero seconds', function (done) { + signWithExpiresIn(0, {}, (e1, token) => { + fakeClock.tick(-1); + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 60); + }); + }); + }); + }); + + it('should set correct "exp" with negative string timespan', function (done) { + signWithExpiresIn("-10 s", {}, (e1, token) => { + fakeClock.tick(-10001); + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 50); + }); + }); + }); + }); + + it('should set correct "exp" with positive string timespan', function (done) { + signWithExpiresIn("10 s", {}, (e1, token) => { + fakeClock.tick(-10001); + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 70); + }); + }); + }); + }); + + it('should set correct "exp" with zero string timespan', function (done) { + signWithExpiresIn("0 s", {}, (e1, token) => { + fakeClock.tick(-1); + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 60); + }); + }); + }); + }); + + // TODO an exp of -Infinity should fail validation + it('should set null "exp" when given -Infinity', function (done) { + signWithExpiresIn(undefined, { exp: -Infinity }, (err, token) => { + const decoded = jwt.decode(token); + testUtils.asyncCheck(done, () => { + expect(err).toBeNull(); + expect(decoded).toHaveProperty("exp", null); + }); + }); + }); + + // TODO an exp of Infinity should fail validation + it('should set null "exp" when given value Infinity', function (done) { + signWithExpiresIn(undefined, { exp: Infinity }, (err, token) => { + const decoded = jwt.decode(token); + testUtils.asyncCheck(done, () => { + expect(err).toBeNull(); + expect(decoded).toHaveProperty("exp", null); + }); + }); + }); + + // TODO an exp of NaN should fail validation + it('should set null "exp" when given value NaN', function (done) { + signWithExpiresIn(undefined, { exp: NaN }, (err, token) => { + const decoded = jwt.decode(token); + testUtils.asyncCheck(done, () => { + expect(err).toBeNull(); + expect(decoded).toHaveProperty("exp", null); + }); + }); + }); + + it('should set correct "exp" when "iat" is passed', function (done) { + signWithExpiresIn(-10, { iat: 80 }, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", {}, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("exp", 70); + }); + }); + }); + }); + + it('should verify "exp" using "clockTimestamp"', function (done) { + signWithExpiresIn(10, {}, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", { clockTimestamp: 69 }, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("iat", 60); + expect(decoded).toHaveProperty("exp", 70); + }); + }); + }); + }); + + it('should verify "exp" using "clockTolerance"', function (done) { + signWithExpiresIn(5, {}, (e1, token) => { + fakeClock.tick(10000); + testUtils.verifyJWTHelper(token, "secret", { clockTimestamp: 6 }, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("iat", 60); + expect(decoded).toHaveProperty("exp", 65); + }); + }); + }); + }); + + it('should ignore a expired token when "ignoreExpiration" is true', function (done) { + signWithExpiresIn("-10 s", {}, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", { ignoreExpiration: true }, (e2, decoded) => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeNull(); + expect(decoded).toHaveProperty("iat", 60); + expect(decoded).toHaveProperty("exp", 50); + }); + }); + }); + }); + + it('should error on verify if "exp" is at current time', function (done) { + signWithExpiresIn(undefined, { exp: 60 }, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", {}, e2 => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeInstanceOf(jwt.TokenExpiredError); + expect(e2).toHaveProperty("message", "jwt expired"); + }); + }); + }); + }); + + it('should error on verify if "exp" is before current time using clockTolerance', function (done) { + signWithExpiresIn(-5, {}, (e1, token) => { + testUtils.verifyJWTHelper(token, "secret", { clockTolerance: 5 }, e2 => { + testUtils.asyncCheck(done, () => { + expect(e1).toBeNull(); + expect(e2).toBeInstanceOf(jwt.TokenExpiredError); + expect(e2).toHaveProperty("message", "jwt expired"); + }); + }); + }); + }); + }); +}); -- cgit v1.2.3