mirror of
https://github.com/appwrite/appwrite
synced 2026-05-05 22:38:37 +00:00
Merge pull request #10354 from appwrite/cursor/update-token-tests-with-jwt-decode-75df
Update token tests with jwt decode
This commit is contained in:
Evan
GitHub
commit
cfbbb4af50
1 changed files with 77 additions and 24 deletions
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace Tests\E2E\Services\Tokens;
|
||||
|
||||
use Ahc\Jwt\JWT;
|
||||
use Ahc\Jwt\JWTException;
|
||||
use CURLFile;
|
||||
use Tests\E2E\Client;
|
||||
use Tests\E2E\Scopes\ProjectCustom;
|
||||
|
|
@ -12,6 +14,7 @@ use Utopia\Database\Helpers\ID;
|
|||
use Utopia\Database\Helpers\Permission;
|
||||
use Utopia\Database\Helpers\Role;
|
||||
use Utopia\Database\Validator\Datetime as DatetimeValidator;
|
||||
use Utopia\System\System;
|
||||
|
||||
class TokensConsoleClientTest extends Scope
|
||||
{
|
||||
|
|
@ -67,6 +70,28 @@ class TokensConsoleClientTest extends Scope
|
|||
|
||||
$this->assertEquals(201, $token['headers']['status-code']);
|
||||
$this->assertEquals('files', $token['body']['resourceType']);
|
||||
$this->assertNotEmpty($token['body']['$id']);
|
||||
$this->assertNotEmpty($token['body']['secret']);
|
||||
|
||||
// Verify the generated token JWT contains correct resource information
|
||||
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
|
||||
try {
|
||||
$payload = $jwt->decode($token['body']['secret']);
|
||||
$this->assertIsArray($payload, 'JWT payload should decode to an array');
|
||||
$this->assertArrayHasKey('tokenId', $payload, 'JWT payload should contain tokenId');
|
||||
$this->assertArrayHasKey('resourceId', $payload, 'JWT payload should contain resourceId');
|
||||
$this->assertArrayHasKey('resourceType', $payload, 'JWT payload should contain resourceType');
|
||||
$this->assertArrayHasKey('resourceInternalId', $payload, 'JWT payload should contain resourceInternalId');
|
||||
|
||||
$this->assertEquals($token['body']['$id'], $payload['tokenId'], 'JWT tokenId should match token ID');
|
||||
$this->assertEquals($fileId, $payload['resourceId'], 'JWT resourceId should match file ID');
|
||||
$this->assertEquals('files', $payload['resourceType'], 'JWT resourceType should be files');
|
||||
|
||||
// For newly created tokens without expiry, should not have exp field
|
||||
$this->assertArrayNotHasKey('exp', $payload, 'JWT payload should not contain exp field for tokens without expiry');
|
||||
} catch (JWTException $e) {
|
||||
$this->fail('Failed to decode JWT: ' . $e->getMessage());
|
||||
}
|
||||
|
||||
return [
|
||||
'fileId' => $fileId,
|
||||
|
|
@ -94,24 +119,20 @@ class TokensConsoleClientTest extends Scope
|
|||
$dateValidator = new DatetimeValidator();
|
||||
$this->assertTrue($dateValidator->isValid($token['body']['expire']));
|
||||
|
||||
// Verify JWT contains correct expiration
|
||||
// Verify JWT contains correct expiration using native JWT decode
|
||||
$this->assertNotEmpty($token['body']['secret']);
|
||||
$jwtParts = explode('.', $token['body']['secret']);
|
||||
$this->assertCount(3, $jwtParts, 'JWT should have 3 parts');
|
||||
|
||||
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
|
||||
try {
|
||||
$payload = $jwt->decode($token['body']['secret']);
|
||||
$this->assertIsArray($payload, 'JWT payload should decode to an array');
|
||||
$this->assertArrayHasKey('exp', $payload, 'JWT payload should contain exp field');
|
||||
|
||||
// Decode JWT payload (using base64url decoding)
|
||||
$payloadB64 = $jwtParts[1];
|
||||
// Convert base64url to base64
|
||||
$payloadB64 = str_replace(['-', '_'], ['+', '/'], $payloadB64);
|
||||
// Add padding if needed
|
||||
$payloadB64 .= str_repeat('=', (4 - strlen($payloadB64) % 4) % 4);
|
||||
$payload = json_decode(base64_decode($payloadB64), true);
|
||||
|
||||
$this->assertIsArray($payload, 'JWT payload should decode to an array');
|
||||
$this->assertArrayHasKey('exp', $payload, 'JWT payload should contain exp field');
|
||||
|
||||
$expectedExp = (new \DateTime($expiry))->getTimestamp();
|
||||
$this->assertEquals($expectedExp, $payload['exp'], 'JWT exp should match token expiry');
|
||||
$expectedExp = (new \DateTime($expiry))->getTimestamp();
|
||||
$this->assertEquals($expectedExp, $payload['exp'], 'JWT exp should match token expiry');
|
||||
} catch (JWTException $e) {
|
||||
$this->fail('Failed to decode JWT: ' . $e->getMessage());
|
||||
}
|
||||
|
||||
// Infinite expiry
|
||||
$token = $this->client->call(Client::METHOD_PATCH, '/tokens/' . $tokenId, array_merge([
|
||||
|
|
@ -123,14 +144,14 @@ class TokensConsoleClientTest extends Scope
|
|||
|
||||
$this->assertEmpty($token['body']['expire']);
|
||||
|
||||
// Verify JWT does not contain exp for infinite expiry
|
||||
$jwtParts = explode('.', $token['body']['secret']);
|
||||
$payloadB64 = $jwtParts[1];
|
||||
$payloadB64 = str_replace(['-', '_'], ['+', '/'], $payloadB64);
|
||||
$payloadB64 .= str_repeat('=', (4 - strlen($payloadB64) % 4) % 4);
|
||||
$payload = json_decode(base64_decode($payloadB64), true);
|
||||
|
||||
$this->assertArrayNotHasKey('exp', $payload, 'JWT payload should not contain exp field for infinite expiry');
|
||||
// Verify JWT does not contain exp for infinite expiry using native JWT decode
|
||||
try {
|
||||
$payload = $jwt->decode($token['body']['secret']);
|
||||
$this->assertIsArray($payload, 'JWT payload should decode to an array');
|
||||
$this->assertArrayNotHasKey('exp', $payload, 'JWT payload should not contain exp field for infinite expiry');
|
||||
} catch (JWTException $e) {
|
||||
$this->fail('Failed to decode JWT: ' . $e->getMessage());
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
|
@ -151,6 +172,38 @@ class TokensConsoleClientTest extends Scope
|
|||
|
||||
$this->assertIsArray($res['body']);
|
||||
$this->assertEquals(200, $res['headers']['status-code']);
|
||||
$this->assertArrayHasKey('tokens', $res['body']);
|
||||
$this->assertIsArray($res['body']['tokens']);
|
||||
$this->assertGreaterThan(0, count($res['body']['tokens']), 'Should have at least one token');
|
||||
|
||||
// Verify each token in the list
|
||||
$jwt = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 86400 * 365 * 10, 10); // 10 years maxAge
|
||||
foreach ($res['body']['tokens'] as $token) {
|
||||
$this->assertArrayHasKey('$id', $token, 'Token should have an ID');
|
||||
$this->assertArrayHasKey('secret', $token, 'Token should have a secret');
|
||||
$this->assertArrayHasKey('resourceType', $token, 'Token should have resourceType');
|
||||
$this->assertArrayHasKey('resourceId', $token, 'Token should have resourceId');
|
||||
|
||||
$this->assertEquals('files', $token['resourceType'], 'Token resourceType should be files');
|
||||
$this->assertEquals($data['fileId'], $token['resourceId'], 'Token resourceId should match file ID');
|
||||
|
||||
// Verify the JWT token is valid and contains correct information
|
||||
try {
|
||||
$payload = $jwt->decode($token['secret']);
|
||||
$this->assertIsArray($payload, 'JWT payload should decode to an array');
|
||||
$this->assertArrayHasKey('tokenId', $payload, 'JWT payload should contain tokenId');
|
||||
$this->assertArrayHasKey('resourceId', $payload, 'JWT payload should contain resourceId');
|
||||
$this->assertArrayHasKey('resourceType', $payload, 'JWT payload should contain resourceType');
|
||||
$this->assertArrayHasKey('resourceInternalId', $payload, 'JWT payload should contain resourceInternalId');
|
||||
|
||||
$this->assertEquals($token['$id'], $payload['tokenId'], 'JWT tokenId should match token ID');
|
||||
$this->assertEquals($data['fileId'], $payload['resourceId'], 'JWT resourceId should match file ID');
|
||||
$this->assertEquals('files', $payload['resourceType'], 'JWT resourceType should be files');
|
||||
} catch (JWTException $e) {
|
||||
$this->fail('Failed to decode JWT for token ' . $token['$id'] . ': ' . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue