| 1 | import nock from 'nock';
|
| 2 | import { expect } from 'chai';
|
| 3 |
|
| 4 | import { x5cSingle } from './keys';
|
| 5 | import { JwksClient } from '../src/JwksClient';
|
| 6 |
|
| 7 | describe('JwksClient (cache)', () => {
|
| 8 | const jwksHost = 'http://my-authz-server';
|
| 9 |
|
| 10 | beforeEach(() => {
|
| 11 | nock.cleanAll();
|
| 12 | });
|
| 13 |
|
| 14 | describe('#getSigningKeys', () => {
|
| 15 | it('should prevent too many requests', (done) => {
|
| 16 | const client = new JwksClient({
|
| 17 | cache: false,
|
| 18 | rateLimit: true,
|
| 19 | jwksRequestsPerMinute: 2,
|
| 20 | jwksUri: `${jwksHost}/.well-known/jwks.json`
|
| 21 | });
|
| 22 |
|
| 23 | nock(jwksHost)
|
| 24 | .get('/.well-known/jwks.json')
|
| 25 | .reply(200, x5cSingle);
|
| 26 |
|
| 27 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
| 28 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
| 29 |
|
| 30 | nock(jwksHost)
|
| 31 | .get('/.well-known/jwks.json')
|
| 32 | .reply(200, x5cSingle);
|
| 33 |
|
| 34 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
| 35 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
| 36 |
|
| 37 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err) => {
|
| 38 | expect(err).not.to.be.null;
|
| 39 | expect(err.name).to.equal('JwksRateLimitError');
|
| 40 | expect(err.message).to.equal('Too many requests to the JWKS endpoint');
|
| 41 | done();
|
| 42 | });
|
| 43 | });
|
| 44 | });
|
| 45 | });
|
| 46 |
|
| 47 | it('should not prevent cached requests', (done) => {
|
| 48 | const client = new JwksClient({
|
| 49 | cache: true,
|
| 50 | rateLimit: true,
|
| 51 | jwksRequestsPerMinute: 2,
|
| 52 | jwksUri: `${jwksHost}/.well-known/jwks.json`
|
| 53 | });
|
| 54 |
|
| 55 | nock(jwksHost)
|
| 56 | .get('/.well-known/jwks.json')
|
| 57 | .reply(200, x5cSingle);
|
| 58 |
|
| 59 |
|
| 60 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
| 61 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
| 62 |
|
| 63 |
|
| 64 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
| 65 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
| 66 |
|
| 67 |
|
| 68 | client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
|
| 69 | expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
|
| 70 |
|
| 71 | nock(jwksHost)
|
| 72 | .get('/.well-known/jwks.json')
|
| 73 | .reply(200, x5cSingle);
|
| 74 |
|
| 75 |
|
| 76 | client.getSigningKey('abc', (err) => {
|
| 77 | expect(err).not.to.be.null;
|
| 78 | expect(err.name).to.equal('SigningKeyNotFoundError');
|
| 79 | expect(err.message).to.equal('Unable to find a signing key that matches \'abc\'');
|
| 80 |
|
| 81 |
|
| 82 | client.getSigningKey('def', (err) => {
|
| 83 | expect(err).not.to.be.null;
|
| 84 | expect(err.name).to.equal('JwksRateLimitError');
|
| 85 | expect(err.message).to.equal('Too many requests to the JWKS endpoint');
|
| 86 | done();
|
| 87 | });
|
| 88 | });
|
| 89 | });
|
| 90 | });
|
| 91 | });
|
| 92 | });
|
| 93 | });
|
| 94 | });
|