diff options
| author | Robert Newson <rnewson@apache.org> | 2020-05-14 16:17:58 +0100 |
|---|---|---|
| committer | Robert Newson <rnewson@apache.org> | 2020-05-18 18:35:13 +0100 |
| commit | 4f7d1d97fd7d960f7ef6e9f1764bfd6e55ba8e0c (patch) | |
| tree | 52c9f19aab57aeadd4561e6d6ee0115592aba670 /test | |
| parent | 03992009e788d631b1a09aff3cfb88f97f73ce23 (diff) | |
| download | couchdb-4f7d1d97fd7d960f7ef6e9f1764bfd6e55ba8e0c.tar.gz | |
allow configurability of JWT claims that require a value
e.g;
[jwt]
required_claims = {iss, "https://example.com/issuer"}
Diffstat (limited to 'test')
| -rw-r--r-- | test/elixir/test/jwtauth_test.exs | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/test/elixir/test/jwtauth_test.exs b/test/elixir/test/jwtauth_test.exs index 2fb89c3af..7281ed146 100644 --- a/test/elixir/test/jwtauth_test.exs +++ b/test/elixir/test/jwtauth_test.exs @@ -137,4 +137,81 @@ defmodule JwtAuthTest do assert resp.body["userCtx"]["name"] == "adm" assert resp.body["info"]["authenticated"] == "default" end + + test "jwt auth with required iss claim", _context do + + secret = "zxczxc12zxczxc12" + + server_config = [ + %{ + :section => "jwt_auth", + :key => "required_claims", + :value => "{iss, \"hello\"}" + }, + %{ + :section => "jwt_keys", + :key => "hmac:_default", + :value => :base64.encode(secret) + }, + %{ + :section => "jwt_auth", + :key => "allowed_algorithms", + :value => "HS256, HS384, HS512" + } + ] + + run_on_modified_server(server_config, fn -> good_iss("HS256", secret) end) + run_on_modified_server(server_config, fn -> bad_iss("HS256", secret) end) + end + + def good_iss(alg, key) do + {:ok, token} = :jwtf.encode( + { + [ + {"alg", alg}, + {"typ", "JWT"} + ] + }, + { + [ + {"iss", "hello"}, + {"sub", "couch@apache.org"}, + {"_couchdb.roles", ["testing"] + } + ] + }, key) + + resp = Couch.get("/_session", + headers: [authorization: "Bearer #{token}"] + ) + + assert resp.body["userCtx"]["name"] == "couch@apache.org" + assert resp.body["userCtx"]["roles"] == ["testing"] + assert resp.body["info"]["authenticated"] == "jwt" + end + + def bad_iss(alg, key) do + {:ok, token} = :jwtf.encode( + { + [ + {"alg", alg}, + {"typ", "JWT"} + ] + }, + { + [ + {"iss", "goodbye"}, + {"sub", "couch@apache.org"}, + {"_couchdb.roles", ["testing"] + } + ] + }, key) + + resp = Couch.get("/_session", + headers: [authorization: "Bearer #{token}"] + ) + + assert resp.status_code == 400 + end + end |