package com.auth0.spring.security.api.authentication;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.hamcrest.Matchers;
import org.hamcrest.collection.IsEmptyCollection;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import java.util.Collections;
import java.util.Map;
import static com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken.usingToken;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.*;
public class PreAuthenticatedAuthenticationJsonWebTokenTest {
@Rule
public ExpectedException exception = ExpectedException.none();
private Algorithm hmacAlgorithm;
@Before
public void setUp() throws Exception {
hmacAlgorithm = Algorithm.HMAC256("secret");
}
@Test
public void shouldCreateNonAuthenticatedInstance() throws Exception {
String token = JWT.create()
.withIssuer("auth0")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.isAuthenticated(), is(false));
}
@Test
public void shouldAlwaysBeNonAuthenticated() throws Exception {
String token = JWT.create()
.withIssuer("auth0")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth.isAuthenticated(), is(false));
auth.setAuthenticated(true);
assertThat(auth.isAuthenticated(), is(false));
}
@Test
public void shouldGetKeyId() throws Exception {
Map<String, Object> keyIdHeader = Collections.singletonMap("kid", (Object) "key-id");
String token = JWT.create()
.withHeader(keyIdHeader)
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getKeyId(), is("key-id"));
}
@Test
public void shouldGetNullKeyIdOnMissingKeyIdClaim() throws Exception {
String token = JWT.create()
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getKeyId(), is(nullValue()));
}
@Test
public void shouldGetStringToken() throws Exception {
String token = JWT.create()
.withIssuer("auth0")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getToken(), is(token));
}
@Test
public void shouldGetStringTokenAsCredentials() throws Exception {
String token = JWT.create()
.withIssuer("auth0")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getCredentials(), is(notNullValue()));
assertThat(auth.getCredentials(), is(instanceOf(String.class)));
assertThat(auth.getCredentials(), Matchers.<Object>is(token));
}
@Test
public void shouldGetJWTAsDetails() throws Exception {
String token = JWT.create()
.withIssuer("auth0")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getDetails(), is(notNullValue()));
assertThat(auth.getDetails(), is(instanceOf(DecodedJWT.class)));
}
@Test
public void shouldGetSubjectAsPrincipal() throws Exception {
String token = JWT.create()
.withSubject("1234567890")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getPrincipal(), is(notNullValue()));
assertThat(auth.getPrincipal(), is(instanceOf(String.class)));
assertThat(auth.getPrincipal(), Matchers.<Object>is("1234567890"));
}
@Test
public void shouldGetNullPrincipalOnMissingSubjectClaim() throws Exception {
String token = JWT.create()
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getPrincipal(), is(nullValue()));
}
@Test
public void shouldGetSubjectAsName() throws Exception {
String token = JWT.create()
.withSubject("1234567890")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getName(), is(notNullValue()));
assertThat(auth.getName(), is(instanceOf(String.class)));
assertThat(auth.getName(), Matchers.<Object>is("1234567890"));
}
@Test
public void shouldGetNullNameOnMissingSubjectClaim() throws Exception {
String token = JWT.create()
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getName(), is(nullValue()));
}
@Test
public void shouldGetEmptyAuthoritiesOnMissingScopeClaim() throws Exception {
String token = JWT.create()
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getAuthorities(), is(notNullValue()));
assertThat(auth.getAuthorities(), is(IsEmptyCollection.empty()));
}
@Test
public void shouldAlwaysGetEmptyAuthorities() throws Exception {
String token = JWT.create()
.withClaim("scope", "read:users add:users")
.sign(hmacAlgorithm);
PreAuthenticatedAuthenticationJsonWebToken auth = usingToken(token);
assertThat(auth, is(notNullValue()));
assertThat(auth.getAuthorities(), is(notNullValue()));
assertThat(auth.getAuthorities(), is(IsEmptyCollection.empty()));
}
}
