View source
<?php
namespace Drupal\Tests\users_jwt\Kernel;
use Drupal\KernelTests\KernelTestBase;
use Drupal\Tests\user\Traits\UserCreationTrait;
use Firebase\JWT\JWT;
use Symfony\Component\HttpFoundation\Request;
class UsersJwtRequestTest extends KernelTestBase {
use UserCreationTrait;
public static $modules = [
'system',
'user',
'users_jwt',
];
protected $testUser;
public function setUp() {
parent::setUp();
$this
->installSchema('system', 'sequences');
$this
->installEntitySchema('user');
$this
->installSchema('user', [
'users_data',
]);
$this
->installConfig([
'users_jwt',
]);
$account = $this
->createUser([
'access content',
]);
$this
->setCurrentUser($account);
$this->testUser = $account;
}
public function testAuth() {
$key_repository = $this->container
->get('users_jwt.key_repository');
$path = drupal_get_path('module', 'users_jwt') . '/tests/fixtures/users_jwt_rsa1-public.pem';
$public_key = file_get_contents($path);
$key_repository
->saveKey($this->testUser
->id(), 'wxyz', 'RS256', $public_key);
$iat = \Drupal::time()
->getRequestTime();
$good_payload = [
'iat' => $iat,
'exp' => $iat + 1000,
'drupal' => [
'uid' => $this->testUser
->id(),
],
];
$path = drupal_get_path('module', 'users_jwt') . '/tests/fixtures/users_jwt_rsa1-private.pem';
$private_key = file_get_contents($path);
$auth_service = $this->container
->get('users_jwt.authentication.jwt');
$other_account = $this
->createUser([
'access content',
]);
foreach ([
'Authorization',
'JWT-Authorization',
] as $header) {
$token = JWT::encode($good_payload, $private_key, 'RS256', 'wxyz');
$this
->assertNotEmpty($token);
$request = Request::create('/');
$request->headers
->set($header, 'Bearer ' . $token);
$this
->assertFalse($auth_service
->applies($request));
$request = Request::create('/');
$this
->assertFalse($auth_service
->applies($this
->createRequest($header, '')));
$request = $this
->createRequest($header, $token);
$this
->assertTrue($auth_service
->applies($request));
$user = $auth_service
->authenticate($request);
$this
->assertNotEmpty($user);
$this
->assertEqual($this->testUser
->id(), $user
->id());
$this->testUser
->block()
->save();
$this
->assertNull($auth_service
->authenticate($request));
$this->testUser
->activate()
->save();
$extra_payload = $good_payload + [
'iss' => 'test',
'hello' => 'world',
];
$token = JWT::encode($extra_payload, $private_key, 'RS256', 'wxyz');
$this
->assertNotEmpty($auth_service
->authenticate($this
->createRequest($header, $token)));
$token = JWT::encode($good_payload, $private_key, 'RS256', 'foo');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$token = JWT::encode($good_payload, $private_key, 'RS256');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$payload = $good_payload;
$payload['drupal']['uid'] = $other_account
->id();
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$payload = $good_payload;
unset($payload['iat']);
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$payload = $good_payload;
unset($payload['exp']);
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$payload = $good_payload;
$payload['exp'] += 24 * 3600;
$token = JWT::encode($payload, $private_key, 'RS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
$token = JWT::encode($good_payload, $private_key, 'HS256', 'wxyz');
$this
->assertNull($auth_service
->authenticate($this
->createRequest($header, $token)));
}
}
protected function createRequest($header_name, $token) : Request {
$request = Request::create('/');
$request->headers
->set($header_name, 'UsersJwt ' . $token);
return $request;
}
}