Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
spec/util_paseto_spec.lua
changeset 12844 33d902b093f0
parent 12717 52eead170bb8
child 12845 8b06d7c73090
equal deleted inserted replaced
12843:7db1c1da7bfd 12844:33d902b093f0 
     2 --luacheck: ignore 631
 
     2 --luacheck: ignore 631
 
     3 
     3 
     4 describe("util.paseto", function ()
 
     4 describe("util.paseto", function ()
 
     5 	local paseto = require "util.paseto";
 
     5 	local paseto = require "util.paseto";
 
     6 	local json = require "util.json";
 
     6 	local json = require "util.json";
 
     7 
     7 	local hex = require "util.hex";
 
     8 	local function parse_test_cases(json_test_cases)
 
     8 
     9 		local input_cases = json.decode(json_test_cases);
 
     9 	describe("v3.local", function ()
 
    10 		local output_cases = {};
 
    10 		local function parse_test_cases(json_test_cases)
 
    11 		for _, case in ipairs(input_cases) do
 
    11 			local input_cases = json.decode(json_test_cases);
 
    12 			assert.is_string(case.name, "Bad test case: expected name");
 
    12 			local output_cases = {};
 
    13 			assert.is_nil(output_cases[case.name], "Bad test case: duplicate name");
 
    13 			for _, case in ipairs(input_cases) do
 
    14 			output_cases[case.name] = function ()
 
    14 				assert.is_string(case.name, "Bad test case: expected name");
 
    15 				local verify_key = paseto.v4_public.import_public_key(case["public-key-pem"]);
 
    15 				assert.is_nil(output_cases[case.name], "Bad test case: duplicate name");
 
    16 				local payload, err = paseto.v4_public.verify(case.token, verify_key, case.footer, case["implicit-assertion"]);
 
    16 				output_cases[case.name] = function ()
 
    17 				if case["expect-fail"] then
 
    17 					local key = hex.decode(case.key);
 
    18 					assert.is_nil(payload);
 
    18 					local payload, err = paseto.v3_local.decrypt(case.token, key, case.footer, case["implicit-assertion"]);
 
    19 				else
 
    19 					if case["expect-fail"] then
 
    20 					assert.is_nil(err);
 
    20 						assert.is_nil(payload);
 
    21 					assert.same(json.decode(case.payload), payload);
 
    21 					else
 
    22 				end
 
    22 						assert.is_nil(err);
 
    23 			end;
 
    23 						assert.same(json.decode(case.payload), payload);
 
    24 		end
 
    24 					end
 
    25 		return output_cases;
 
    25 				end;
 
    26 	end
 
    26 			end
 
       
    27 			return output_cases;
 
       
    28 		end
 
       
    29 
       
    30 		local test_cases = parse_test_cases [=[[
 
       
    31 			    {
 
       
    32 			      "name": "3-E-1",
 
       
    33 			      "expect-fail": false,
 
       
    34 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    35 			      "nonce": "0000000000000000000000000000000000000000000000000000000000000000",
 
       
    36 			      "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAsRm2EsD6yBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9Iza7teRdkiR89ZFyvPPsVjjFiepFUVcMa-LP18zV77f_crJrVXWa5PDNRkCSeHfBBeg",
 
       
    37 			      "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    38 			      "footer": "",
 
       
    39 			      "implicit-assertion": ""
 
       
    40 			    },
 
       
    41 			    {
 
       
    42 			      "name": "3-E-2",
 
       
    43 			      "expect-fail": false,
 
       
    44 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    45 			      "nonce": "0000000000000000000000000000000000000000000000000000000000000000",
 
       
    46 			      "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAqhWxBMDgyBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9IzZfaZpReVpHlDSwfuygx1riVXYVs-UjcrG_apl9oz3jCVmmJbRuKn5ZfD8mHz2db0A",
 
       
    47 			      "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    48 			      "footer": "",
 
       
    49 			      "implicit-assertion": ""
 
       
    50 			    },
 
       
    51 			    {
 
       
    52 			      "name": "3-E-3",
 
       
    53 			      "expect-fail": false,
 
       
    54 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
    55 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    56 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlxnt5xyhQjFJomwnt7WW_7r2VT0G704ifult011-TgLCyQ2X8imQhniG_hAQ4BydM",
 
       
    57 			      "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    58 			      "footer": "",
 
       
    59 			      "implicit-assertion": ""
 
       
    60 			    },
 
       
    61 			    {
 
       
    62 			      "name": "3-E-4",
 
       
    63 			      "expect-fail": false,
 
       
    64 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
    65 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    66 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlBZa_gOpVj4gv0M9lV6Pwjp8JS_MmaZaTA1LLTULXybOBZ2S4xMbYqYmDRhh3IgEk",
 
       
    67 			      "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    68 			      "footer": "",
 
       
    69 			      "implicit-assertion": ""
 
       
    70 			    },
 
       
    71 			    {
 
       
    72 			      "name": "3-E-5",
 
       
    73 			      "expect-fail": false,
 
       
    74 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
    75 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    76 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlkYSIbXOgVuIQL65UMdW9WcjOpmqvjqD40NNzed-XPqn1T3w-bJvitYpUJL_rmihc.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9",
 
       
    77 			      "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    78 			      "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}",
 
       
    79 			      "implicit-assertion": ""
 
       
    80 			    },
 
       
    81 			    {
 
       
    82 			      "name": "3-E-6",
 
       
    83 			      "expect-fail": false,
 
       
    84 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
    85 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    86 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJmSeEMphEWHiwtDKJftg41O1F8Hat-8kQ82ZIAMFqkx9q5VkWlxZke9ZzMBbb3Znfo.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9",
 
       
    87 			      "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    88 			      "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}",
 
       
    89 			      "implicit-assertion": ""
 
       
    90 			    },
 
       
    91 			    {
 
       
    92 			      "name": "3-E-7",
 
       
    93 			      "expect-fail": false,
 
       
    94 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
    95 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
    96 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJkzWACWAIoVa0bz7EWSBoTEnS8MvGBYHHo6t6mJunPrFR9JKXFCc0obwz5N-pxFLOc.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9",
 
       
    97 			      "payload": "{\"data\":\"this is a secret message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
    98 			      "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}",
 
       
    99 			      "implicit-assertion": "{\"test-vector\":\"3-E-7\"}"
 
       
   100 			    },
 
       
   101 			    {
 
       
   102 			      "name": "3-E-8",
 
       
   103 			      "expect-fail": false,
 
       
   104 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
   105 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
   106 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJmZHSSKYR6AnPYJV6gpHtx6dLakIG_AOPhu8vKexNyrv5_1qoom6_NaPGecoiz6fR8.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9",
 
       
   107 			      "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
   108 			      "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}",
 
       
   109 			      "implicit-assertion": "{\"test-vector\":\"3-E-8\"}"
 
       
   110 			    },
 
       
   111 			    {
 
       
   112 			      "name": "3-E-9",
 
       
   113 			      "expect-fail": false,
 
       
   114 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
   115 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
   116 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0X-4P3EcxGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlk1nli0_wijTH_vCuRwckEDc82QWK8-lG2fT9wQF271sgbVRVPjm0LwMQZkvvamqU.YXJiaXRyYXJ5LXN0cmluZy10aGF0LWlzbid0LWpzb24",
 
       
   117 			      "payload": "{\"data\":\"this is a hidden message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}",
 
       
   118 			      "footer": "arbitrary-string-that-isn't-json",
 
       
   119 			      "implicit-assertion": "{\"test-vector\":\"3-E-9\"}"
 
       
   120 			    },
 
       
   121 			    {
 
       
   122 			      "name": "3-F-3",
 
       
   123 			      "expect-fail": true,
 
       
   124 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
   125 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
   126 			      "token": "v4.local.1JgN1UG8TFAYS49qsx8rxlwh-9E4ONUm3slJXYi5EibmzxpF0Q-du6gakjuyKCBX8TvnSLOKqCPu8Yh3WSa5yJWigPy33z9XZTJF2HQ9wlLDPtVn_Mu1pPxkTU50ZaBKblJBufRA.YXJiaXRyYXJ5LXN0cmluZy10aGF0LWlzbid0LWpzb24",
 
       
   127 			      "payload": null,
 
       
   128 			      "footer": "arbitrary-string-that-isn't-json",
 
       
   129 			      "implicit-assertion": "{\"test-vector\":\"3-F-3\"}"
 
       
   130 			    },
 
       
   131 			    {
 
       
   132 			      "name": "3-F-4",
 
       
   133 			      "expect-fail": true,
 
       
   134 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
   135 			      "nonce": "0000000000000000000000000000000000000000000000000000000000000000",
 
       
   136 			      "token": "v3.local.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbfcIURX_0pVZVU1mAESUzrKZAsRm2EsD6yBoZYn6cpVZNzSJOhSDN-sRaWjfLU-yn9OJH1J_B8GKtOQ9gSQlb8yk9Iza7teRdkiR89ZFyvPPsVjjFiepFUVcMa-LP18zV77f_crJrVXWa5PDNRkCSeHfBBeh",
 
       
   137 			      "payload": null,
 
       
   138 			      "footer": "",
 
       
   139 			      "implicit-assertion": ""
 
       
   140 			    },
 
       
   141 			    {
 
       
   142 			      "name": "3-F-5",
 
       
   143 			      "expect-fail": true,
 
       
   144 			      "nonce": "26f7553354482a1d91d4784627854b8da6b8042a7966523c2b404e8dbbe7f7f2",
 
       
   145 			      "key": "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f",
 
       
   146 			      "token": "v3.local.JvdVM1RIKh2R1HhGJ4VLjaa4BCp5ZlI8K0BOjbvn9_LwY78vQnDait-Q-sjhF88dG2B0ROIIykcrGHn8wzPbTrqObHhyoKpjy3cwZQzLdiwRsdEK5SDvl02_HjWKJW2oqGMOQJlkYSIbXOgVuIQL65UMdW9WcjOpmqvjqD40NNzed-XPqn1T3w-bJvitYpUJL_rmihc=.eyJraWQiOiJVYmtLOFk2aXY0R1poRnA2VHgzSVdMV0xmTlhTRXZKY2RUM3pkUjY1WVp4byJ9",
 
       
   147 			      "payload": null,
 
       
   148 			      "footer": "{\"kid\":\"UbkK8Y6iv4GZhFp6Tx3IWLWLfNXSEvJcdT3zdR65YZxo\"}",
 
       
   149 			      "implicit-assertion": ""
 
       
   150 			}
 
       
   151 			]]=];
 
       
   152 		for name, test in pairs(test_cases) do
 
       
   153 			it("test case "..name, test);
 
       
   154 		end
 
       
   155 
       
   156 		describe("basic sign/verify", function ()
 
       
   157 			local key = paseto.v3_local.new_key();
 
       
   158 			local sign, verify = paseto.v3_local.init(key);
 
       
   159 
       
   160 			local key2 = paseto.v3_local.new_key();
 
       
   161 			local sign2, verify2 = paseto.v3_local.init(key2);
 
       
   162 
       
   163 			it("works", function ()
 
       
   164 				local payload = { foo = "hello world", b = { 1, 2, 3 } };
 
       
   165 
       
   166 				local tok = sign(payload);
 
       
   167 				assert.same(payload, verify(tok));
 
       
   168 				assert.is_nil(verify2(tok));
 
       
   169 			end);
 
       
   170 
       
   171 			it("rejects tokens if implicit assertion fails", function ()
 
       
   172 				local payload = { foo = "hello world", b = { 1, 2, 3 } };
 
       
   173 				local tok = sign(payload, nil, "my-custom-assertion");
 
       
   174 				assert.is_nil(verify(tok, nil, "my-incorrect-assertion"));
 
       
   175 				assert.is_nil(verify(tok, nil, nil));
 
       
   176 				assert.same(payload, verify(tok, nil, "my-custom-assertion"));
 
       
   177 			end);
 
       
   178 		end);
 
       
   179 	end);
 
    27 
   180 
    28 	describe("v4.public", function ()
 
   181 	describe("v4.public", function ()
 
       
   182 		local function parse_test_cases(json_test_cases)
 
       
   183 			local input_cases = json.decode(json_test_cases);
 
       
   184 			local output_cases = {};
 
       
   185 			for _, case in ipairs(input_cases) do
 
       
   186 				assert.is_string(case.name, "Bad test case: expected name");
 
       
   187 				assert.is_nil(output_cases[case.name], "Bad test case: duplicate name");
 
       
   188 				output_cases[case.name] = function ()
 
       
   189 					local verify_key = paseto.v4_public.import_public_key(case["public-key-pem"]);
 
       
   190 					local payload, err = paseto.v4_public.verify(case.token, verify_key, case.footer, case["implicit-assertion"]);
 
       
   191 					if case["expect-fail"] then
 
       
   192 						assert.is_nil(payload);
 
       
   193 					else
 
       
   194 						assert.is_nil(err);
 
       
   195 						assert.same(json.decode(case.payload), payload);
 
       
   196 					end
 
       
   197 				end;
 
       
   198 			end
 
       
   199 			return output_cases;
 
       
   200 		end
 
       
   201 
    29 		local test_cases = parse_test_cases [=[[
 
   202 		local test_cases = parse_test_cases [=[[
 
    30 			{
 
   203 			{
 
    31 			"name": "4-S-1",
 
   204 			"name": "4-S-1",
 
    32 			"expect-fail": false,
 
   205 			"expect-fail": false,
 
    33 			"public-key": "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2",
 
   206 			"public-key": "1eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2",
prosody