jwt_sessions 2.3.0 → 2.3.1

data/test/units/jwt_sessions/store_adapters/test_memory_store_adapter.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestMemoryStoreAdapter < Minitest::Test
   attr_reader :store
@@ -12,105 +12,105 @@ class TestMemoryStoreAdapter < Minitest::Test
 
   def test_error_on_unknown_option
     assert_raises ArgumentError do
-      JWTSessions::StoreAdapters::MemoryStoreAdapter.new(something: 'something')
+      JWTSessions::StoreAdapters::MemoryStoreAdapter.new(something: "something")
     end
   end
 
   def test_persist_and_fetch_access
-    store.persist_access('uid', 'csrf', Time.now.to_i + 3600)
-    assert_equal({ csrf: 'csrf' }, store.fetch_access('uid'))
+    store.persist_access("uid", "csrf", Time.now.to_i + 3600)
+    assert_equal({ csrf: "csrf" }, store.fetch_access("uid"))
 
-    store.persist_access('uid', 'csrf', Time.now.to_i - 3600)
-    assert_equal({}, store.fetch_access('uid'))
+    store.persist_access("uid", "csrf", Time.now.to_i - 3600)
+    assert_equal({}, store.fetch_access("uid"))
   end
 
   def test_persist_and_fetch_refresh
     expiration = Time.now.to_i + 3600
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: ''
+      namespace: ""
     )
-    refresh = store.fetch_refresh('uid', '')
-    assert_equal 'csrf', refresh[:csrf]
+    refresh = store.fetch_refresh("uid", "")
+    assert_equal "csrf", refresh[:csrf]
 
     expiration = Time.now.to_i - 3600
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: ''
+      namespace: ""
     )
-    refresh = store.fetch_refresh('uid', '')
+    refresh = store.fetch_refresh("uid", "")
     assert_nil refresh[:csrf]
   end
 
   def test_update_refresh
     expiration = Time.now.to_i + 3600
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: ''
+      namespace: ""
     )
     store.update_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf2',
-      namespace: ''
+      access_uid: "access_uid",
+      csrf: "csrf2",
+      namespace: ""
     )
-    refresh = store.fetch_refresh('uid', '')
-    assert_equal 'csrf2', refresh[:csrf]
+    refresh = store.fetch_refresh("uid", "")
+    assert_equal "csrf2", refresh[:csrf]
   end
 
   def test_all_refresh_tokens
     expiration = Time.now.to_i + 3600
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: 'ns'
+      namespace: "ns"
     )
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: 'ns2'
+      namespace: "ns2"
     )
-    refresh_tokens = store.all_refresh_tokens('ns')
+    refresh_tokens = store.all_refresh_tokens("ns")
     assert_equal 1, refresh_tokens.count
   end
 
   def test_destroy_refresh
     expiration = Time.now.to_i + 3600
     store.persist_refresh(
-      uid: 'uid',
+      uid: "uid",
       access_expiration: expiration,
-      access_uid: 'access_uid',
-      csrf: 'csrf',
+      access_uid: "access_uid",
+      csrf: "csrf",
       expiration: expiration,
-      namespace: ''
+      namespace: ""
     )
-    store.destroy_refresh('uid', '')
-    refresh = store.fetch_refresh('uid', '')
+    store.destroy_refresh("uid", "")
+    refresh = store.fetch_refresh("uid", "")
     assert_equal({}, refresh)
   end
 
   def test_destroy_access
-    store.persist_access('uid', 'csrf', Time.now.to_i + 3600)
-    store.destroy_access('uid')
-    assert_equal({}, store.fetch_access('uid'))
+    store.persist_access("uid", "csrf", Time.now.to_i + 3600)
+    store.destroy_access("uid")
+    assert_equal({}, store.fetch_access("uid"))
   end
 end

data/test/units/jwt_sessions/store_adapters/test_redis_store_adapter.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestRedisStoreAdapter < Minitest::Test
   def teardown
@@ -14,8 +14,8 @@ class TestRedisStoreAdapter < Minitest::Test
   def test_error_on_mixed_redis_options
     assert_raises ArgumentError do
       JWTSessions::StoreAdapters::RedisStoreAdapter.new(
-        redis_url: 'redis://127.0.0.1:6379/0',
-        redis_port: '8082'
+        redis_url: "redis://127.0.0.1:6379/0",
+        redis_port: "8082"
       )
     end
   end
@@ -23,53 +23,53 @@ class TestRedisStoreAdapter < Minitest::Test
   def test_error_on_unknown_option
     assert_raises ArgumentError do
       JWTSessions::StoreAdapters::RedisStoreAdapter.new(
-        redis_url: 'redis://127.0.0.1:6379/0',
-        something: 'something'
+        redis_url: "redis://127.0.0.1:6379/0",
+        something: "something"
       )
     end
   end
 
   def test_default_url
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal 'redis://127.0.0.1:6379/0', adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.connection[:id]
   end
 
   def test_url_with_env_var
-    ENV['REDIS_URL'] = 'redis://locallol:2018/'
+    ENV["REDIS_URL"] = "redis://locallol:2018/"
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal 'redis://locallol:2018/0', adapter.storage.connection[:id]
+    assert_equal "redis://locallol:2018/0", adapter.storage.connection[:id]
 
-    ENV.delete('REDIS_URL')
+    ENV.delete("REDIS_URL")
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal 'redis://127.0.0.1:6379/0', adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.1:6379/0", adapter.storage.connection[:id]
   end
 
   def test_configuration_via_host_port_and_db
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(
-      redis_host: '127.0.0.2',
-      redis_port: '6372',
-      redis_db_name: '2'
+      redis_host: "127.0.0.2",
+      redis_port: "6372",
+      redis_db_name: "2"
     )
-    assert_equal 'redis://127.0.0.2:6372/2', adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.connection[:id]
   end
 
   def test_configuration_via_host_port_and_db_in_module
-    JWTSessions.redis_host = '127.0.0.2'
-    JWTSessions.redis_port = '6372'
-    JWTSessions.redis_db_name = '2'
+    JWTSessions.redis_host = "127.0.0.2"
+    JWTSessions.redis_port = "6372"
+    JWTSessions.redis_db_name = "2"
 
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal 'redis://127.0.0.2:6372/2', adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6372/2", adapter.storage.connection[:id]
   end
 
   def test_configuration_via_redis_url
-    adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(redis_url: 'redis://127.0.0.2:6322')
-    assert_equal 'redis://127.0.0.2:6322/0', adapter.storage.connection[:id]
+    adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new(redis_url: "redis://127.0.0.2:6322")
+    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.connection[:id]
   end
 
   def test_configuration_via_redis_url_in_module
-    JWTSessions.redis_url = 'redis://127.0.0.2:6322'
+    JWTSessions.redis_url = "redis://127.0.0.2:6322"
     adapter = JWTSessions::StoreAdapters::RedisStoreAdapter.new
-    assert_equal 'redis://127.0.0.2:6322/0', adapter.storage.connection[:id]
+    assert_equal "redis://127.0.0.2:6322/0", adapter.storage.connection[:id]
   end
 end

data/test/units/jwt_sessions/test_access_token.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestAccessToken < Minitest::Test
    attr_reader :access_token, :uid
 
   def setup
-    JWTSessions.encryption_key = 'secret key'
+    JWTSessions.encryption_key = "secret key"
     @payload = { user_id: 1 }
     @csrf = JWTSessions::CSRFToken.new
     @uid = SecureRandom.uuid

data/test/units/jwt_sessions/test_csrf_token.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestCSRFToken < Minitest::Test
    attr_reader :csrf_token
 
   def setup
-    JWTSessions.encryption_key = '65994c7b523a3232e7aba54d8cbf'
+    JWTSessions.encryption_key = "65994c7b523a3232e7aba54d8cbf"
     @csrf_token = JWTSessions::CSRFToken.new
   end
 
@@ -15,6 +15,6 @@ class TestCSRFToken < Minitest::Test
     assert_equal true, @csrf_token.valid_authenticity_token?(@csrf_token.encoded)
     assert_equal false, @csrf_token.valid_authenticity_token?(nil)
     assert_equal false, @csrf_token.valid_authenticity_token?(123)
-    assert_equal false, @csrf_token.valid_authenticity_token?('123abc')
+    assert_equal false, @csrf_token.valid_authenticity_token?("123abc")
   end
 end

data/test/units/jwt_sessions/test_refresh_token.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestRefreshToken < Minitest::Test
    attr_reader :csrf, :token, :access_uid
 
   def setup
-    JWTSessions.encryption_key = 'secure encryption'
+    JWTSessions.encryption_key = "secure encryption"
     @access_uid = SecureRandom.uuid
     @csrf = JWTSessions::CSRFToken.new
     @token = JWTSessions::RefreshToken.create(@csrf.encoded,

data/test/units/jwt_sessions/test_session.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'minitest/autorun'
-require 'jwt_sessions'
+require "minitest/autorun"
+require "jwt_sessions"
 
 class TestSession < Minitest::Test
   attr_reader :session, :payload, :tokens
@@ -9,42 +9,53 @@ class TestSession < Minitest::Test
   REFRESH_KEYS = %i[access access_expires_at csrf].freeze
 
   def setup
-    JWTSessions.encryption_key = 'encrypted'
-    @payload = { test: 'secret' }
+    JWTSessions.encryption_key = "encrypted"
+    @payload = { test: "secret" }
     @session = JWTSessions::Session.new(payload: payload)
     @tokens = session.login
   end
 
   def teardown
     redis = Redis.new
-    keys = redis.keys('jwt_*')
+    keys = redis.keys("jwt_*")
     keys.each { |k| redis.del(k) }
   end
 
   def test_login
     decoded_access = JWTSessions::Token.decode(tokens[:access]).first
     assert_equal LOGIN_KEYS, tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
+    assert_equal payload[:test], decoded_access["test"]
   end
 
   def test_refresh
     refreshed_tokens = session.refresh(tokens[:refresh])
     decoded_access = JWTSessions::Token.decode(refreshed_tokens[:access]).first
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
+    assert_equal payload[:test], decoded_access["test"]
+  end
+
+  def test_refresh_expired
+    JWTSessions.refresh_exp_time = 0
+    session = JWTSessions::Session.new(payload: payload)
+    tokens = session.login
+    JWTSessions.refresh_exp_time = 604800
+
+    assert_raises JWTSessions::Errors::ClaimsVerification do
+      session.refresh(tokens[:refresh])
+    end
   end
 
   def test_refresh_by_access_payload
     session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
     session.login
-    access1 = session.instance_variable_get('@_access')
+    access1 = session.instance_variable_get("@_access")
     sleep(1)
     refreshed_tokens = session.refresh_by_access_payload
-    access2 = session.instance_variable_get('@_access')
+    access2 = session.instance_variable_get("@_access")
     decoded_access = JWTSessions::Token.decode(refreshed_tokens[:access]).first
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
-    assert_equal session.instance_variable_get('@_refresh').uid, decoded_access['ruid']
+    assert_equal payload[:test], decoded_access["test"]
+    assert_equal session.instance_variable_get("@_refresh").uid, decoded_access["ruid"]
     assert_equal access2.expiration > access1.expiration, true
   end
 
@@ -56,8 +67,8 @@ class TestSession < Minitest::Test
     decoded_access = JWTSessions::Token.decode!(refreshed_tokens[:access]).first
     JWTSessions.access_exp_time = 3600
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
-    assert_equal session.instance_variable_get('@_refresh').uid, decoded_access['ruid']
+    assert_equal payload[:test], decoded_access["test"]
+    assert_equal session.instance_variable_get("@_refresh").uid, decoded_access["ruid"]
   end
 
   def test_refresh_by_access_payload_with_block_expired
@@ -70,8 +81,8 @@ class TestSession < Minitest::Test
     decoded_access = JWTSessions::Token.decode!(refreshed_tokens[:access]).first
     JWTSessions.access_exp_time = 3600
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
-    assert_equal session.instance_variable_get('@_refresh').uid, decoded_access['ruid']
+    assert_equal payload[:test], decoded_access["test"]
+    assert_equal session.instance_variable_get("@_refresh").uid, decoded_access["ruid"]
   end
 
   def test_refresh_by_access_payload_with_block_not_expired
@@ -87,7 +98,7 @@ class TestSession < Minitest::Test
   def test_refresh_by_access_payload_invalid_uid
     session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
     session.login
-    access1 = session.instance_variable_get('@_access')
+    access1 = session.instance_variable_get("@_access")
     # should execute the code block for the cases when access UID within the refresh token
     # does not match access UID from the session payload
     session2 = JWTSessions::Session.new(payload: access1.payload, refresh_by_access_allowed: true)
@@ -148,8 +159,8 @@ class TestSession < Minitest::Test
     end
 
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
-    assert_equal session.instance_variable_get('@_refresh').uid, decoded_access['ruid']
+    assert_equal payload[:test], decoded_access["test"]
+    assert_equal session.instance_variable_get("@_refresh").uid, decoded_access["ruid"]
   end
 
   def test_refresh_with_block_not_expired
@@ -170,7 +181,7 @@ class TestSession < Minitest::Test
     end
     decoded_access = JWTSessions::Token.decode(refreshed_tokens[:access]).first
     assert_equal REFRESH_KEYS, refreshed_tokens.keys.sort
-    assert_equal payload[:test], decoded_access['test']
+    assert_equal payload[:test], decoded_access["test"]
   end
 
   def test_flush_by_token
@@ -210,7 +221,7 @@ class TestSession < Minitest::Test
   end
 
   def test_flush_namespaced
-    namespace = 'test_namespace'
+    namespace = "test_namespace"
     @session1 = JWTSessions::Session.new(payload: payload, namespace: namespace)
     @session2 = JWTSessions::Session.new(payload: payload, namespace: namespace)
     @session1.login
@@ -236,7 +247,7 @@ class TestSession < Minitest::Test
   end
 
   def test_flush_namespaced_access_tokens
-    namespace = 'test_namespace'
+    namespace = "test_namespace"
     @session1 = JWTSessions::Session.new(payload: payload, namespace: namespace)
     @session1.login
     refresh_token = @session1.instance_variable_get(:"@_refresh")
@@ -255,15 +266,15 @@ class TestSession < Minitest::Test
   end
 
   def test_refresh_after_flush_namespaced_access_tokens
-    namespace = 'test_namespace'
+    namespace = "test_namespace"
     session = JWTSessions::Session.new(payload: payload, namespace: namespace, refresh_by_access_allowed: true)
     session.login
 
     session.flush_namespaced_access_tokens
     ruid = session.instance_variable_get(:"@_refresh").uid
     refresh_token = JWTSessions::RefreshToken.find(ruid, JWTSessions.token_store, nil)
-    assert_equal '', refresh_token.access_uid
-    assert_equal '', refresh_token.access_expiration
+    assert_equal "", refresh_token.access_uid
+    assert_equal "", refresh_token.access_expiration
 
     # allows to refresh with un-expired but flushed access token payload
     session.refresh_by_access_payload do