diff options
| author | William Carroll <wpcarro@gmail.com> | 2020-08-08T12·44+0100 |
|---|---|---|
| committer | William Carroll <wpcarro@gmail.com> | 2020-08-08T12·44+0100 |
| commit | d34b146702476f46bcca7d362e56f46227863f1b (patch) | |
| tree | 6ad489c4509172780f578df9d66602a1c6a6272f /website/sandbox/learnpianochords/src/server/Spec.hs | |
| parent | 926d8e643e9ffb7d5f5608793d35381742675073 (diff) | |
Tests valid and invalid JWTs for the "aud" field
Test that when the JWT contains the client ID for my Google app, the JWT is valid, and when it doesn't, it's invalid.
Diffstat (limited to 'website/sandbox/learnpianochords/src/server/Spec.hs')
| -rw-r--r-- | website/sandbox/learnpianochords/src/server/Spec.hs | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/website/sandbox/learnpianochords/src/server/Spec.hs b/website/sandbox/learnpianochords/src/server/Spec.hs index 1f9b9bb4bf..6c683cbbf2 100644 --- a/website/sandbox/learnpianochords/src/server/Spec.hs +++ b/website/sandbox/learnpianochords/src/server/Spec.hs @@ -3,27 +3,29 @@ module Spec where -------------------------------------------------------------------------------- import Test.Hspec -import Web.JWT import Utils +import GoogleSignIn (ValidationResult(..)) import qualified GoogleSignIn import qualified Fixtures as F +import qualified TestUtils -------------------------------------------------------------------------------- main :: IO () main = hspec $ do - describe "GoogleSignIn" $ do + describe "GoogleSignIn" $ describe "jwtIsValid" $ do - it "returns false when the signature is invalid" $ do - let mJWT = F.defaultJWTFields { F.overwriteSigner = hmacSecret "wrong" } - |> F.googleJWT - case mJWT of - Nothing -> True `shouldBe` False - Just jwt -> GoogleSignIn.jwtIsValid jwt `shouldReturn` False + let jwtIsValid' = GoogleSignIn.jwtIsValid True + it "returns validation error when the aud field doesn't match my client ID" $ do + let auds = ["wrong-client-id"] + |> fmap TestUtils.unsafeStringOrURI + encodedJWT = F.defaultJWTFields { F.overwriteAuds = auds } + |> F.googleJWT + jwtIsValid' encodedJWT `shouldReturn` NoMatchingClientIDs auds - it "returns false when the aud field doesn't match my client ID" $ do - let mJWT = F.defaultJWTFields { F.overwriteAud = stringOrURI "wrong" } - |> F.googleJWT - case mJWT of - Nothing -> True `shouldBe` False - Just jwt -> GoogleSignIn.jwtIsValid jwt `shouldReturn` False + it "returns validation success when one of the aud fields matches my client ID" $ do + let auds = ["wrong-client-id", "771151720060-buofllhed98fgt0j22locma05e7rpngl.apps.googleusercontent.com"] + |> fmap TestUtils.unsafeStringOrURI + encodedJWT = F.defaultJWTFields { F.overwriteAuds = auds } + |> F.googleJWT + jwtIsValid' encodedJWT `shouldReturn` Valid |