1 | import nock from 'nock';
|
2 | import { expect } from 'chai';
|
3 |
|
4 | import { x5cSingle } from './keys';
|
5 | import { JwksClient } from '../src/JwksClient';
|
6 |
|
7 | describe('JwksClient (cache)', () => {
|
8 | const jwksHost = 'http://my-authz-server';
|
9 |
|
10 | beforeEach(() => {
|
11 | nock.cleanAll();
|
12 | });
|
13 |
|
14 | describe('#getSigningKeys', () => {
|
15 | it('should prevent too many requests', (done) => {
|
16 | const client = new JwksClient({
|
17 | cache: false,
|
18 | rateLimit: true,
|
19 | jwksRequestsPerMinute: 2,
|
20 | jwksUri: `${jwksHost}/.well-known/jwks.json`
|
21 | });
|
22 |
|
23 | nock(jwksHost)
|
24 | .get('/.well-known/jwks.json')
|
25 | .reply(200, x5cSingle);
|
26 |
|
27 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
28 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
29 |
|
30 | nock(jwksHost)
|
31 | .get('/.well-known/jwks.json')
|
32 | .reply(200, x5cSingle);
|
33 |
|
34 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
35 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
36 |
|
37 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err) => {
|
38 | expect(err).not.to.be.null;
|
39 | expect(err.name).to.equal('JwksRateLimitError');
|
40 | expect(err.message).to.equal('Too many requests to the JWKS endpoint');
|
41 | done();
|
42 | });
|
43 | });
|
44 | });
|
45 | });
|
46 |
|
47 | it('should not prevent cached requests', (done) => {
|
48 | const client = new JwksClient({
|
49 | cache: true,
|
50 | rateLimit: true,
|
51 | jwksRequestsPerMinute: 2,
|
52 | jwksUri: `${jwksHost}/.well-known/jwks.json`
|
53 | });
|
54 |
|
55 | nock(jwksHost)
|
56 | .get('/.well-known/jwks.json')
|
57 | .reply(200, x5cSingle);
|
58 |
|
59 |
|
60 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
61 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
62 |
|
63 |
|
64 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
65 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
66 |
|
67 |
|
68 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
69 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
70 |
|
71 | nock(jwksHost)
|
72 | .get('/.well-known/jwks.json')
|
73 | .reply(200, x5cSingle);
|
74 |
|
75 |
|
76 | client.getSigningKey('abc', (err) => {
|
77 | expect(err).not.to.be.null;
|
78 | expect(err.name).to.equal('SigningKeyNotFoundError');
|
79 | expect(err.message).to.equal('Unable to find a signing key that matches \'abc\'');
|
80 |
|
81 |
|
82 | client.getSigningKey('def', (err) => {
|
83 | expect(err).not.to.be.null;
|
84 | expect(err.name).to.equal('JwksRateLimitError');
|
85 | expect(err.message).to.equal('Too many requests to the JWKS endpoint');
|
86 | done();
|
87 | });
|
88 | });
|
89 | });
|
90 | });
|
91 | });
|
92 | });
|
93 | });
|
94 | });
|