RubyGems - soar_authentication_token - Versions diffs - 4.0.1 → 5.0.0 - Mend

soar_authentication_token 4.0.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/README.md +8 -8
data/bin/rotate-configs +23 -0
data/docker-compose.yml +2 -1
data/lib/soar_authentication_token.rb +1 -0
data/lib/soar_authentication_token/config_rotator.rb +119 -0
data/lib/soar_authentication_token/providers/jwt_token_generator.rb +4 -6
data/lib/soar_authentication_token/providers/jwt_token_validator.rb +24 -26
data/lib/soar_authentication_token/token_validator.rb +1 -1
data/lib/soar_authentication_token/version.rb +1 -1
data/spec/config_rotator_spec.rb +283 -0
data/spec/jwt_token_validator_spec.rb +291 -0
data/spec/rack_middleware_spec.rb +3 -3
data/spec/remote_token_validator_spec.rb +78 -0
data/spec/static_token_validator_spec.rb +104 -0
data/spec/token_generator_spec.rb +9 -5
data/spec/token_validator_spec.rb +1 -272
metadata +13 -2

data/spec/token_generator_spec.rb CHANGED Viewed

@@ -9,20 +9,24 @@ describe SoarAuthenticationToken::TokenGenerator do
   before :each do
     @generator_configuration_local = {
-      'provider' => 'JwtTokenGenerator',
+      'provider' => 'SoarAuthenticationToken::JwtTokenGenerator',
       'private_key' => @private_key
     }
     @validator_configuration_local = {
-      'provider' => 'JwtTokenValidator',
-      'public_key' => @public_key
+      'provider' => 'SoarAuthenticationToken::JwtTokenValidator',
+      'keys' => {
+        'keyA' => {
+          'public_key' => @public_key
+        }
+      }
     }
     @configuration_remote_generator = {
-      'provider' => 'RemoteTokenGenerator',
+      'provider' => 'SoarAuthenticationToken::RemoteTokenGenerator',
       'generator-url' => 'http://authentication-token-generator-service:9393/generate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
     @configuration_remote_validator = {
-      'provider' => 'RemoteTokenValidator',
+      'provider' => 'SoarAuthenticationToken::RemoteTokenValidator',
       'validator-url' => 'http://authentication-token-validator-service:9393/validate',
     }

data/spec/token_validator_spec.rb CHANGED Viewed

@@ -3,282 +3,11 @@ require 'yaml'
 describe SoarAuthenticationToken::TokenValidator do
   subject { SoarAuthenticationToken::TokenValidator }
-  before :all do
-    @test_store = AuthTokenStoreProvider::StubClient.new
-    keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
-    @valid_private_key,   @valid_public_key   = keypair_generator.generate
-    @invalid_private_key, @invalid_public_key = keypair_generator.generate
-    @test_identifier = 'a@b.co.za'
-    @local_valid_generator_configuration = {
-      'provider' => 'JwtTokenGenerator',
-      'private_key' => @valid_private_key
-    }
-    @local_invalid_generator_configuration = {
-      'provider' => 'JwtTokenGenerator',
-      'private_key' => @invalid_private_key
-    }
-    @token_for_client_service_1         = 'some_secret_token_string_1111'
-    @token_for_client_service_2         = 'some_secret_token_string_2222'
-    @token_for_client_service_3_expired = 'some_secret_token_string_3333_expired'
-    @token_for_client_service_3_unknown = 'some_secret_token_string_3333_unknown'
-    current_time = Time.now
-    @static_validator_configuration = {
-      'provider' => 'StaticTokenValidator',
-      'static_tokens' => [
-        {
-          'token'                    => 'some_secret_token_string_1111',
-          'authenticated_identifier' => 'calling_client_service_1',
-          'token_issue_time'         =>  current_time.utc.iso8601(3),
-          'token_expiry_time'        => (current_time + 100).utc.iso8601(3)
-        },
-        {
-          'token'                    => 'some_secret_token_string_2222',
-          'authenticated_identifier' => 'calling_client_service_2',
-          'token_issue_time'         =>  current_time.utc.iso8601(3),
-          'token_expiry_time'        => (current_time + 100).utc.iso8601(3)
-        },
-        {
-          'token'                    => 'some_secret_token_string_3333_expired',
-          'authenticated_identifier' => 'calling_client_service_3',
-          'token_issue_time'         => (current_time - 100).utc.iso8601(3),
-          'token_expiry_time'        => (current_time - 50).utc.iso8601(3)
-        }
-      ]
-    }
-    @local_validator_configuration = {
-      'provider' => 'JwtTokenValidator',
-      'public_key' => @valid_public_key
-    }
-    @remote_generator_configuration = {
-      'provider' => 'RemoteTokenGenerator',
-      'generator-url' => 'http://authentication-token-generator-service:9393/generate',
-      'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
-    }
-    @remote_validator_configuration = {
-      'provider' => 'RemoteTokenValidator',
-      'validator-url' => 'http://authentication-token-validator-service:9393/validate',
-      'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
-    }
-    @local_valid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_valid_generator_configuration)
-    @local_valid_generator.inject_store_provider(@test_store)
-    @local_invalid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_invalid_generator_configuration)
-    @local_invalid_generator.inject_store_provider(@test_store)
-    @remote_generator = SoarAuthenticationToken::TokenGenerator.new(@remote_generator_configuration)
-  end
-  before :each do
-    @iut_local  = SoarAuthenticationToken::TokenValidator.new(@local_validator_configuration)
-    @iut_local.inject_store_provider(@test_store)
-    @iut_remote = SoarAuthenticationToken::TokenValidator.new(@remote_validator_configuration)
-    @iut_static = SoarAuthenticationToken::TokenValidator.new(@static_validator_configuration)
-  end
-  after :each do
-  end
   it 'has a version number' do
     expect(SoarAuthenticationToken::VERSION).not_to be nil
   end
-  describe "#validate" do
-    context "given that the validator is configured for local validation" do
-      context 'given valid token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'provide the token meta' do
-          expect(token_meta['authenticated_identifier']).to eq @test_identifier
-        end
-        it 'provide a message indicating that the token is valid' do
-          expect(message).to match /Valid token for/
-        end
-      end
-      context 'given expired token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          allow(Time).to receive(:now).and_return(Time.now+one_year_in_seconds)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Expired token/
-        end
-      end
-      context 'given unknown token (not in store)' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          @test_store.instance_variable_set("@store", []) #clear store
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate that token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Unknown token/
-        end
-      end
-      context 'given invalid token (garbage or different key)' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Token decode\/verification failure/
-        end
-      end
-    end
+  #TODO testing to ensure that it can instantiate the providers, but otherwise there is not much here to test.
-    context "given that the validator is configured for remote validation" do
-      context 'given valid token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_remote.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'should indicate valid if the token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'should provide the authenticated_identifier if the token is valid' do
-          expect(token_meta['authenticated_identifier']).to eq @test_identifier
-        end
-      end
-      context 'given invalid (generalized) token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_remote.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provides a message indicating the token is invalid' do
-          expect(message).to match /Token decode\/verification failure/
-        end
-      end
-    end
-    context "given that the validator is configured for static tokens" do
-      let(:iut) { subject.new(@static_validator_configuration) }
-      context "given a token that is in the list of static tokens and not expired" do
-        let(:response)       { iut.validate(authentication_token: @token_for_client_service_1) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with true indicating token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'should respond with token meta' do
-          expect(token_meta).to_not eq nil
-        end
-        it 'should respond with a message indicating that the token is valid' do
-          expect(message).to eq 'Valid token for <calling_client_service_1>'
-        end
-      end
-      context "the token is in the list of static tokens and expired" do
-        let(:response)       { @iut_static.validate(authentication_token: @token_for_client_service_3_expired) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with false indicating token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'should respond with nil token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'should respond with a message indicating that the token is expired' do
-          expect(message).to match /Expired token/
-        end
-      end
-      context "given a token that is not in the list of static tokens" do
-        let(:response)       { @iut_static.validate(authentication_token: @token_for_client_service_3_unknown) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with false indicating token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'should respond with no token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'should respond with a message indicating that the token is valid' do
-          expect(message).to match /Unknown static token/
-        end
-      end
-    end
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: soar_authentication_token
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 5.0.0
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-02-09 00:00:00.000000000 Z
+date: 2017-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: soar_xt
@@ -202,6 +202,7 @@ email:
 executables:
 - console
 - keypair-generator
+- rotate-configs
 - setup
 extensions: []
 extra_rdoc_files: []
@@ -218,10 +219,12 @@ files:
 - Rakefile
 - bin/console
 - bin/keypair-generator
+- bin/rotate-configs
 - bin/setup
 - docker-compose-isolated.yml
 - docker-compose.yml
 - lib/soar_authentication_token.rb
+- lib/soar_authentication_token/config_rotator.rb
 - lib/soar_authentication_token/keypair_generator.rb
 - lib/soar_authentication_token/providers/jwt_token_generator.rb
 - lib/soar_authentication_token/providers/jwt_token_validator.rb
@@ -239,9 +242,13 @@ files:
 - sanity/Gemfile
 - sanity/sanity.rb
 - soar_authentication_token.gemspec
+- spec/config_rotator_spec.rb
+- spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
 - spec/rack_middleware_spec.rb
+- spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
+- spec/static_token_validator_spec.rb
 - spec/token_generator_spec.rb
 - spec/token_validator_spec.rb
 homepage: https://gitlab.host-h.net/hetznerZA/authentication-token-service
@@ -269,8 +276,12 @@ signing_key:
 specification_version: 4
 summary: Client library for Hetzner's authentication token service
 test_files:
+- spec/config_rotator_spec.rb
+- spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
 - spec/rack_middleware_spec.rb
+- spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
+- spec/static_token_validator_spec.rb
 - spec/token_generator_spec.rb
 - spec/token_validator_spec.rb