{-# LANGUAGE OverloadedStrings #-} -------------------------------------------------------------------------------- module Spec where -------------------------------------------------------------------------------- import Test.Hspec import Utils import Web.JWT (numericDate, decode) import GoogleSignIn (EncodedJWT(..), DecodedJWT(..), ValidationResult(..)) import qualified GoogleSignIn import qualified Fixtures as F import qualified TestUtils import qualified Data.Time.Clock.POSIX as POSIX -------------------------------------------------------------------------------- main :: IO () main = hspec $ do describe "GoogleSignIn" $ describe "validateJWT" $ do let validateJWT' = GoogleSignIn.validateJWT True it "returns a decode error when an incorrectly encoded JWT is used" $ do validateJWT' (GoogleSignIn.EncodedJWT "rubbish") `shouldReturn` DecodeError it "returns validation error when the aud field doesn't match my client ID" $ do let auds = ["wrong-client-id"] |> fmap TestUtils.unsafeStringOrURI encodedJWT = F.defaultJWTFields { F.overwriteAuds = auds } |> F.googleJWT validateJWT' encodedJWT `shouldReturn` NoMatchingClientIDs auds it "returns validation success when one of the aud fields matches my client ID" $ do let auds = ["wrong-client-id", "771151720060-buofllhed98fgt0j22locma05e7rpngl.apps.googleusercontent.com"] |> fmap TestUtils.unsafeStringOrURI encodedJWT@(EncodedJWT jwt) = F.defaultJWTFields { F.overwriteAuds = auds } |> F.googleJWT decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT validateJWT' encodedJWT `shouldReturn` Valid decodedJWT it "returns validation error when one of the iss field doesn't match accounts.google.com or https://accounts.google.com" $ do let erroneousIssuer = TestUtils.unsafeStringOrURI "not-accounts.google.com" encodedJWT = F.defaultJWTFields { F.overwriteIss = erroneousIssuer } |> F.googleJWT validateJWT' encodedJWT `shouldReturn` WrongIssuer erroneousIssuer it "returns validation success when the iss field matches accounts.google.com or https://accounts.google.com" $ do let erroneousIssuer = TestUtils.unsafeStringOrURI "https://accounts.google.com" encodedJWT@(EncodedJWT jwt) = F.defaultJWTFields { F.overwriteIss = erroneousIssuer } |> F.googleJWT decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT validateJWT' encodedJWT `shouldReturn` Valid decodedJWT it "fails validation when the exp field has expired" $ do let mErroneousExp = numericDate 0 case mErroneousExp of Nothing -> True `shouldBe` False Just erroneousExp -> do let encodedJWT = F.defaultJWTFields { F.overwriteExp = erroneousExp } |> F.googleJWT validateJWT' encodedJWT `shouldReturn` StaleExpiry erroneousExp it "passes validation when the exp field is current" $ do mFreshExp <- POSIX.getPOSIXTime |> fmap (\x -> x * 60 * 60 * 24 * 10) -- 10 days later |> fmap numericDate case mFreshExp of Nothing -> True `shouldBe` False Just freshExp -> do let encodedJWT@(EncodedJWT jwt) = F.defaultJWTFields { F.overwriteExp = freshExp } |> F.googleJWT decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT validateJWT' encodedJWT `shouldReturn` Valid decodedJWT