Skip to content
This repository has been archived by the owner on Jul 15, 2024. It is now read-only.

Commit

Permalink
Merge pull request #5 from Giftbit/JwtSigning
Browse files Browse the repository at this point in the history 
Jwt signing
  • Loading branch information
@pushplay
pushplay authored Sep 11, 2017
2 parents 917a857 + 2f6253e commit 5a0a8e5
Show file tree
Hide file tree
Showing 6 changed files with 272 additions and 79 deletions.
7 changes: 4 additions & 3 deletions dist/jwtauth/AuthorizationBadge.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,10 @@ export declare class AuthorizationBadge {
scopes: string[];
effectiveScopes: string[];
constructor(jwtPayload?: JwtPayload, rolesConfig?: RolesConfig);
private getEffectiveScopes(rolesConfig);
private getParentScope(scope);
getJwtPayload(): JwtPayload;
sign(secret: string): string;
requireIds(...ids: ("giftbitUserId" | "merchantId" | "cardId" | "programId" | "recipientId" | "templateId" | "teamMemberId" | "serviceId")[]): void;
isBadgeAuthorized(scope: string): boolean;
requireScopes(...scopes: string[]): void;
requireIds(...ids: ("giftbitUserId" | "merchantId" | "cardId" | "programId" | "recipientId" | "templateId" | "teamMemberId" | "serviceId")[]): void;
private getEffectiveScopes(rolesConfig);
}
95 changes: 63 additions & 32 deletions dist/jwtauth/AuthorizationBadge.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/jwtauth/AuthorizationBadge.js.map
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 9 additions & 9 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "giftbit-cassava-routes",
"version": "4.0.0",
"version": "4.1.0",
"description": "Private Giftbit routes for use with Cassava.",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand All @@ -26,21 +26,21 @@
"cassava": "^0.2.1"
},
"devDependencies": {
"@types/aws-lambda": "^0.0.14",
"@types/chai": "^4.0.1",
"@types/cookie": "^0.3.0",
"@types/jsonwebtoken": "^7.2.1",
"@types/mocha": "^2.2.41",
"@types/aws-lambda": "^0.0.16",
"@types/chai": "^4.0.4",
"@types/cookie": "^0.3.1",
"@types/jsonwebtoken": "^7.2.3",
"@types/mocha": "^2.2.43",
"@types/node": "^8.0.8",
"aws-sdk": "^2.81.0",
"chai": "^4.0.2",
"mocha": "^3.4.2",
"chai": "^4.1.2",
"mocha": "^3.5.0",
"rimraf": "^2.6.1",
"ts-node": "^3.1.0",
"tslint": "^5.5.0",
"typescript": "^2.4.1"
},
"dependencies": {
"jsonwebtoken": "^7.4.1"
"jsonwebtoken": "^8.0.0"
}
}
128 changes: 128 additions & 0 deletions src/jwtauth/AuthorizationBadge.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import * as chai from "chai";
import * as jwt from "jsonwebtoken";
import {AuthorizationBadge} from "./AuthorizationBadge";
import {JwtPayload} from "./JwtPayload";

describe("AuthorizationBadge", () => {
describe("effectiveScopes", () => {
Expand Down Expand Up @@ -221,4 +223,130 @@ describe("AuthorizationBadge", () => {
chai.assert.isFalse(badge.isBadgeAuthorized("lightrailV1:foo:create:baz"));
});
});

describe("getJwtPayload()", () => {
it("returns the same value the badge was constructed with", () => {
const jwt: Partial<JwtPayload> = {
"g": {
"gui": "user-7052210bcb94448b825ffa68508d29ad-TEST",
"gmi": "user-7052210bcb94448b825ffa68508d29ad-TEST"
},
"iat": 1488911646.603,
"jti": "badge-dd95b9b582e840ecba1cbf41365d57e1",
"scopes": [
"C",
"T",
"R",
"CEC",
"CER",
"UA",
"F"
]
};

const auth = new AuthorizationBadge(jwt);
const newJwt = auth.getJwtPayload();

// Stringify and parse to remove undefineds.
chai.assert.notEqual(newJwt, jwt);
chai.assert.deepEqual(JSON.parse(JSON.stringify(newJwt)), jwt);
});

it("does not mix effective scopes into scopes", () => {
const jwt: Partial<JwtPayload> = {
"g": {
"gui": "user-7052210bcb94448b825ffa68508d29ad-TEST",
"gmi": "user-7052210bcb94448b825ffa68508d29ad-TEST"
},
"iat": 1488911646.603,
"jti": "badge-dd95b9b582e840ecba1cbf41365d57e1",
"scopes": [
"C",
"T",
"R",
"CEC",
"CER",
"UA",
"F",
"wildwest:okcorral:whisky:sipping",
],
roles: [
"DocHoliday",
"VirgilEarp"
]
};
const rolesConfig = {
roles: [
{
name: "DocHoliday",
description: "",
scopes: [
"wildwest:okcorral:gunfighter",
"wildwest:okcorral:dentist",
"wildwest:okcorral:gambler",
"wildwest:okcorral:law:deputy:temp"
]
},
{
name: "WyattEarp",
description: "",
scopes: [
"wildwest:okcorral:gambler",
"wildwest:okcorral:law:deputy"
]
},
{
name: "VirgilEarp",
description: "",
scopes: [
"wildwest:okcorral:law"
]
}
]
};

const auth = new AuthorizationBadge(jwt, rolesConfig);
const newJwt = auth.getJwtPayload();

// Stringify and parse to remove undefineds.
chai.assert.notEqual(newJwt, jwt);
chai.assert.deepEqual(JSON.parse(JSON.stringify(newJwt)), jwt);
});
});

describe("sign()", () => {
it("returns the same jwt that was decoded", () => {
const originalHeader = {
"ver": 2,
"vav": 1,
"alg": "HS256",
"typ": "JWT"
};
const originalPayload = {
"g": {
"gui": "user-7052210bcb94448b825ffa68508d29ad-TEST",
"gmi": "user-7052210bcb94448b825ffa68508d29ad-TEST"
},
"iat": 1488911646.603,
"jti": "badge-dd95b9b582e840ecba1cbf41365d57e1",
"scopes": [
"C",
"T",
"R",
"CEC",
"CER",
"UA",
"F"
]
};

const auth = new AuthorizationBadge(originalPayload);
const newToken = auth.sign("secret");
const newHeader = (jwt.decode(newToken, {complete: true}) as any).header;
const newPayload = jwt.verify(newToken, "secret", {ignoreExpiration: true, algorithms: ["HS256"]});

chai.assert.deepEqual(originalPayload, newPayload);
chai.assert.deepEqual(originalHeader, newHeader);
});
});
});
Loading

0 comments on commit 5a0a8e5

Please sign in to comment.