add JWT auth module unit tests

vctr-sls · Feb 13, 2021 · a09ae86 · a09ae86
1 parent 348dec3
commit a09ae86
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 2 deletions.
diff --git a/Gateway.Test/Services/Authorization/JwtAuthorizationServiceTest.cs b/Gateway.Test/Services/Authorization/JwtAuthorizationServiceTest.cs
@@ -0,0 +1,88 @@
+using Moq;
+using NUnit.Framework;
+using Microsoft.Extensions.Configuration;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Gateway.Services.Authorization;
+using System.Threading;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Gateway.Test.Services.Authorization
+{
+    [TestFixture]
+    class JwtAuthorizationServiceTest
+    {
+        private static readonly AuthClaims testClaims = new AuthClaims()
+        {
+            Guid = Guid.NewGuid()
+        };
+
+        [Test]
+        public void GetSessionKeyTest()
+        {
+            var cfg = GetConfig();
+            var auth = new JwtAuthorizationService(cfg);
+
+            var sessionKey1 = auth.GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            var sessionKey2 = auth.GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            var sessionKey3 = auth.GetSessionKey(new AuthClaims(), TimeSpan.FromMinutes(10));
+            Assert.AreEqual(sessionKey1, sessionKey2);
+            Assert.AreNotEqual(sessionKey1, sessionKey3);
+
+            auth = new JwtAuthorizationService(cfg);
+            var sessionKey4 = auth.GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            Assert.AreNotEqual(sessionKey1, sessionKey4);
+
+            cfg = GetConfig("testKeyWithALengthOfAtLeast32Bit");
+            sessionKey1 = new JwtAuthorizationService(cfg)
+                .GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            sessionKey2 = new JwtAuthorizationService(cfg)
+                .GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            Assert.AreEqual(sessionKey1, sessionKey2);
+        }
+
+        [Test]
+        public void ValidateSessionKeyTest()
+        {
+            var cfg = GetConfig();
+            var auth = new JwtAuthorizationService(cfg);
+
+            var sessionKey = auth.GetSessionKey(testClaims, TimeSpan.FromMilliseconds(250));
+            var recoveredClaims = auth.ValidateSessionKey(sessionKey);
+            Assert.AreEqual(testClaims.Guid, recoveredClaims.Guid);
+
+            sessionKey = new JwtAuthorizationService(cfg)
+                .GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            Assert.Throws<SecurityTokenInvalidSignatureException>(
+                () => new JwtAuthorizationService(cfg).ValidateSessionKey(sessionKey));
+
+            cfg = GetConfig("testKeyWithALengthOfAtLeast32Bit");
+            sessionKey = new JwtAuthorizationService(cfg)
+                .GetSessionKey(testClaims, TimeSpan.FromMinutes(10));
+            recoveredClaims = new JwtAuthorizationService(cfg)
+                .ValidateSessionKey(sessionKey);
+            Assert.AreEqual(testClaims.Guid, recoveredClaims.Guid);
+        }
+
+        [Test]
+        public void ValidateSessionKey_TimeoutTest()
+        {
+            var cfg = GetConfig();
+            var auth = new JwtAuthorizationService(cfg);
+
+            var sessionKey = auth.GetSessionKey(testClaims, TimeSpan.FromMilliseconds(250));
+
+            Thread.Sleep(15000);
+            Assert.Throws<SecurityTokenExpiredException>(
+                () => auth.ValidateSessionKey(sessionKey));
+        }
+
+        private IConfiguration GetConfig(string key = null) =>
+            new ConfigurationBuilder()
+                .AddInMemoryCollection(new Dictionary<string, string> { { Constants.ConfigKeySessionsJwtSecret, key } })
+                .Build();
+    }
+}
diff --git a/Gateway/Services/Authorization/JwtAuthorizationService.cs b/Gateway/Services/Authorization/JwtAuthorizationService.cs
@@ -39,8 +39,8 @@ public string GetSessionKey(AuthClaims claims, TimeSpan expire)
             var token = tokenHandler.CreateJwtSecurityToken(
                   issuer: issuer,
                   subject: ci,
-                  notBefore: DateTime.UtcNow,
-                  expires: DateTime.UtcNow.Add(expire),
+                  notBefore: DateTime.Now,
+                  expires: DateTime.Now.Add(expire),
                   signingCredentials: credentials);
 
             return tokenHandler.WriteToken(token);
@@ -53,6 +53,9 @@ public AuthClaims ValidateSessionKey(string sessionKey)
                 IssuerSigningKey = signingKey,
                 ValidIssuer = issuer,
                 ValidateIssuer = true,
+                ValidateLifetime = true,
+                RequireExpirationTime = true,
+                ClockSkew = TimeSpan.FromSeconds(10),
                 ValidateAudience = false
             };