UNPKG

google-oauth-jwt

Version:

Implementation of Google OAuth 2.0 for server-to-server interactions, allowing secure use of Google APIs without interaction from an end-user.

github.com/extrabacon/google-oauth-jwt

extrabacon/google-oauth-jwt

298 lines (244 loc) 8.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
var moduleToTest = require('..'), _ = require('underscore'), async = require('async'), fs = require('fs'), chai = require('chai'), spies = require('chai-spies'), expect = chai.expect, jwt_settings = require('./jwt-settings.json'); console.log('WARNING: running these tests require a per-user configuration!!'); console.log('To specify your configuration, copy `jwt-settings.json.sample` to `jwt-settings.json`'); console.log('\nMake sure that your service account is setup, has been granted access to the requested scopes, and that you have converted your key to PEM'); chai.use(spies); function jwtSettings(settings) { return _.extend({}, jwt_settings, settings); } describe('encodeJWT()', function () { it('should sign a token with a string-based key', function (done) { // read the key from the file var key = ''+fs.readFileSync(jwt_settings.keyFile); expect(key).to.not.be.null.and.to.be.a.string; expect(key).to.have.length.above(1); moduleToTest.encodeJWT(jwtSettings({ key: key }), function (err, jwt) { if (err) throw err; expect(jwt).to.not.be.null.and.to.be.a.string; expect(jwt).to.have.length.above(1); done(); }); }); it('should sign a token with a key obtained from a file', function (done) { moduleToTest.encodeJWT(jwtSettings(), function (err, jwt) { if (err) throw err; expect(jwt).to.not.be.null.and.to.be.a.string; expect(jwt).to.have.length.above(1); done(); }); }); it('should fail when options are missing or invalid', function () { function encodeJWT(settings) { return function () { moduleToTest.encodeJWT(settings); } } expect(encodeJWT(null)).to.throw(Error); expect(encodeJWT({})).to.throw(/email/); expect(encodeJWT({ key: 'key', scopes: ['scope'] })).to.throw(/email/); expect(encodeJWT({ email: 'email', scopes: ['scope'] })).to.throw(/key/); expect(encodeJWT({ email: 'email', key: 'key' })).to.throw(/scopes/); expect(encodeJWT({ email: 'email', key: 'key', scopes: '' })).to.throw(/scopes/); expect(encodeJWT({ email: 'email', key: 'key', scopes: [] })).to.throw(/scopes/); }); it('should fail when signing with an invalid key', function (done) { moduleToTest.encodeJWT(jwtSettings({ key: 'this is not a key' }), function (err, jwt) { expect(err).to.be.an.instanceOf(Error); expect(jwt).to.be.undefined; done(); }); }); }); describe('authenticate()', function () { it('should return a valid token for a legitimate request', function (done) { moduleToTest.authenticate(jwtSettings(), function (err, token) { if (err) throw err; expect(token).to.not.be.null.and.to.be.a.string; expect(token).to.have.length.above(1); done(); }); }); it('should fail for an invalid request', function (done) { moduleToTest.authenticate(jwtSettings({ email: 'invalid email!' }), function (err, token) { expect(err).to.be.an.instanceOf(Error); expect(token).to.be.undefined; done(); }); }); }); describe('TokenCache', function () { var fakeAuth = function (options, callback) { callback(null, 'fake_token'); }; describe('get()', function () { it('should request a token on first call', function (done) { var tokens = new moduleToTest.TokenCache(); tokens.authenticate = chai.spy(fakeAuth); tokens.get(jwtSettings(), function (err, token) { if (err) throw err; expect(tokens.authenticate).to.have.been.called.once; expect(token).to.equal('fake_token'); done(); }); }); it('should reuse a token on subsequent calls', function (done) { var tokens = new moduleToTest.TokenCache(); tokens.authenticate = chai.spy(fakeAuth); tokens.get(jwtSettings(), function (err, firstToken) { if (err) throw err; expect(tokens.authenticate).to.have.been.called.once; // request tokens at different intervals async.each([100, 200, 500], function (interval, next) { setTimeout(function () { tokens.get(jwt_settings, function (err, cachedToken) { if (err) throw err; expect(cachedToken).to.equal(firstToken); expect(tokens.authenticate).to.have.been.called.once; next(); }); }, interval); }, done); }); }); it('should issue only one request on concurrent calls', function (done) { var tokens = new moduleToTest.TokenCache(); tokens.authenticate = chai.spy(fakeAuth); tokens.get = chai.spy(tokens.get); // make 5 simultaneous calls on an empty cache - only one should make the request async.parallel([ function (next) { tokens.get(jwt_settings, next) }, function (next) { tokens.get(jwt_settings, next) }, function (next) { tokens.get(jwt_settings, next) }, function (next) { tokens.get(jwt_settings, next) }, function (next) { tokens.get(jwt_settings, next) } ], function (err, results) { if (err) throw err; expect(tokens.authenticate).to.have.been.called.once; expect(tokens.get).to.have.been.called.exactly(5); results.forEach(function (token) { expect(token).to.equal('fake_token'); }); done(); }); }); it('should discard an expired token and request another one', function (done) { var settings = jwtSettings({ expiration: 500 }); var tokens = new moduleToTest.TokenCache(); tokens.authenticate = chai.spy(fakeAuth); async.auto({ initial_request: function (next) { // this token should expire after 500ms tokens.get(settings, function (err, token) { expect(tokens.authenticate).to.have.been.called.once; next(err); }); }, wait_for_expiration: function (next) { setTimeout(next, settings.expiration + 5); }, get_new_token: ['wait_for_expiration', function (next) { // the token should no longer be available, a new request should be made tokens.get(settings, function (err, token) { expect(tokens.authenticate).to.have.been.called.twice; next(err); }); }] }, done); }); }); describe('clear()', function () { it('should remove previously requested tokens', function (done) { var tokens = new moduleToTest.TokenCache(); expect(_.keys(tokens._cache)).to.be.empty; tokens.get(jwtSettings(), function (err, token) { if (err) throw err; expect(_.keys(tokens._cache)).to.have.length(1); tokens.clear(); expect(_.keys(tokens._cache)).to.be.empty; done(); }); }); }); }); describe('requestWithJWT', function () { it('should work normally, without jwt settings', function (done) { var request = moduleToTest.requestWithJWT(); request('http://www.google.com/', function (err, res) { expect(res.statusCode).to.equal(200); done(err); }); }); it('should request a token automatically', function (done) { var tokens = new moduleToTest.TokenCache(); tokens.get = chai.spy(tokens.get); tokens.authenticate = chai.spy(tokens.authenticate); var request = moduleToTest.requestWithJWT(tokens); // test multiple variants of calls to request async.parallel({ get_helper: function (next) { request.get(jwt_settings.test_url, { jwt: jwtSettings() }, function (err, res, body) { expect(res.statusCode).to.equal(200); next(err); }); }, with_url_and_options: function (next) { request(jwt_settings.test_url, { jwt: jwtSettings() }, function (err, res, body) { expect(res.statusCode).to.equal(200); next(err); }); }, only_with_options: function (next) { request({ url: jwt_settings.test_url, jwt: jwtSettings() }, function (err, res, body) { expect(res.statusCode).to.equal(200); next(err); }); } }, function (err) { if (err) throw err; expect(tokens.get).to.have.been.called.exactly(3); expect(tokens.authenticate).to.have.been.called.once; done(); }); }); it('should use a global token cache', function (done) { var tokens = moduleToTest.TokenCache.global; tokens.get = chai.spy(tokens.get); tokens.authenticate = chai.spy(tokens.authenticate); // clear the global cache in case it has been used by other tests tokens.clear(); expect(_.keys(tokens._cache)).to.have.length(0); function requestWithoutTokenCache(next) { // use a new instance each time var request = moduleToTest.requestWithJWT(); request({ url: jwt_settings.test_url, jwt: jwtSettings() }, function (err, res, body) { expect(res.statusCode).to.equal(200); next(err); }); } // perform 3 simultaneous requests with 3 separate instances - the same cache should be used async.parallel([ requestWithoutTokenCache, requestWithoutTokenCache, requestWithoutTokenCache ], function (err) { if (err) throw er expect(_.keys(tokens._cache)).to.have.length(1); expect(tokens.get).to.have.been.called.exactly(3); expect(tokens.authenticate).to.have.been.called.once; done(); }); }); });