RubyGems - soar_authentication_token - Versions diffs - 4.0.1 → 5.0.0 - Mend

soar_authentication_token 4.0.1 → 5.0.0

Files changed (19) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/README.md +8 -8
data/bin/rotate-configs +23 -0
data/docker-compose.yml +2 -1
data/lib/soar_authentication_token.rb +1 -0
data/lib/soar_authentication_token/config_rotator.rb +119 -0
data/lib/soar_authentication_token/providers/jwt_token_generator.rb +4 -6
data/lib/soar_authentication_token/providers/jwt_token_validator.rb +24 -26
data/lib/soar_authentication_token/token_validator.rb +1 -1
data/lib/soar_authentication_token/version.rb +1 -1
data/spec/config_rotator_spec.rb +283 -0
data/spec/jwt_token_validator_spec.rb +291 -0
data/spec/rack_middleware_spec.rb +3 -3
data/spec/remote_token_validator_spec.rb +78 -0
data/spec/static_token_validator_spec.rb +104 -0
data/spec/token_generator_spec.rb +9 -5
data/spec/token_validator_spec.rb +1 -272
metadata +13 -2

data/spec/token_generator_spec.rb CHANGED Viewed

@@ -9,20 +9,24 @@ describe SoarAuthenticationToken::TokenGenerator do
   before :each do
     @generator_configuration_local = {
-      'provider' => 'JwtTokenGenerator',
+      'provider' => 'SoarAuthenticationToken::JwtTokenGenerator',
       'private_key' => @private_key
     }
     @validator_configuration_local = {
-      'provider' => 'JwtTokenValidator',
-      'public_key' => @public_key
+      'provider' => 'SoarAuthenticationToken::JwtTokenValidator',
+      'keys' => {
+        'keyA' => {
+          'public_key' => @public_key
+        }
+      }
     }
     @configuration_remote_generator = {
-      'provider' => 'RemoteTokenGenerator',
+      'provider' => 'SoarAuthenticationToken::RemoteTokenGenerator',
       'generator-url' => 'http://authentication-token-generator-service:9393/generate',
       'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
     }
     @configuration_remote_validator = {
-      'provider' => 'RemoteTokenValidator',
+      'provider' => 'SoarAuthenticationToken::RemoteTokenValidator',
       'validator-url' => 'http://authentication-token-validator-service:9393/validate',
     }

data/spec/token_validator_spec.rb CHANGED Viewed

@@ -3,282 +3,11 @@ require 'yaml'
 describe SoarAuthenticationToken::TokenValidator do
   subject { SoarAuthenticationToken::TokenValidator }
-  before :all do
-    @test_store = AuthTokenStoreProvider::StubClient.new
-    keypair_generator = SoarAuthenticationToken::KeypairGenerator.new
-    @valid_private_key,   @valid_public_key   = keypair_generator.generate
-    @invalid_private_key, @invalid_public_key = keypair_generator.generate
-    @test_identifier = 'a@b.co.za'
-    @local_valid_generator_configuration = {
-      'provider' => 'JwtTokenGenerator',
-      'private_key' => @valid_private_key
-    }
-    @local_invalid_generator_configuration = {
-      'provider' => 'JwtTokenGenerator',
-      'private_key' => @invalid_private_key
-    }
-    @token_for_client_service_1         = 'some_secret_token_string_1111'
-    @token_for_client_service_2         = 'some_secret_token_string_2222'
-    @token_for_client_service_3_expired = 'some_secret_token_string_3333_expired'
-    @token_for_client_service_3_unknown = 'some_secret_token_string_3333_unknown'
-    current_time = Time.now
-    @static_validator_configuration = {
-      'provider' => 'StaticTokenValidator',
-      'static_tokens' => [
-        {
-          'token'                    => 'some_secret_token_string_1111',
-          'authenticated_identifier' => 'calling_client_service_1',
-          'token_issue_time'         =>  current_time.utc.iso8601(3),
-          'token_expiry_time'        => (current_time + 100).utc.iso8601(3)
-        },
-        {
-          'token'                    => 'some_secret_token_string_2222',
-          'authenticated_identifier' => 'calling_client_service_2',
-          'token_issue_time'         =>  current_time.utc.iso8601(3),
-          'token_expiry_time'        => (current_time + 100).utc.iso8601(3)
-        },
-        {
-          'token'                    => 'some_secret_token_string_3333_expired',
-          'authenticated_identifier' => 'calling_client_service_3',
-          'token_issue_time'         => (current_time - 100).utc.iso8601(3),
-          'token_expiry_time'        => (current_time - 50).utc.iso8601(3)
-        }
-      ]
-    }
-    @local_validator_configuration = {
-      'provider' => 'JwtTokenValidator',
-      'public_key' => @valid_public_key
-    }
-    @remote_generator_configuration = {
-      'provider' => 'RemoteTokenGenerator',
-      'generator-url' => 'http://authentication-token-generator-service:9393/generate',
-      'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
-    }
-    @remote_validator_configuration = {
-      'provider' => 'RemoteTokenValidator',
-      'validator-url' => 'http://authentication-token-validator-service:9393/validate',
-      'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service'
-    }
-    @local_valid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_valid_generator_configuration)
-    @local_valid_generator.inject_store_provider(@test_store)
-    @local_invalid_generator = SoarAuthenticationToken::TokenGenerator.new(@local_invalid_generator_configuration)
-    @local_invalid_generator.inject_store_provider(@test_store)
-    @remote_generator = SoarAuthenticationToken::TokenGenerator.new(@remote_generator_configuration)
-  end
-  before :each do
-    @iut_local  = SoarAuthenticationToken::TokenValidator.new(@local_validator_configuration)
-    @iut_local.inject_store_provider(@test_store)
-    @iut_remote = SoarAuthenticationToken::TokenValidator.new(@remote_validator_configuration)
-    @iut_static = SoarAuthenticationToken::TokenValidator.new(@static_validator_configuration)
-  end
-  after :each do
-  end
   it 'has a version number' do
     expect(SoarAuthenticationToken::VERSION).not_to be nil
   end
-  describe "#validate" do
-    context "given that the validator is configured for local validation" do
-      context 'given valid token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'provide the token meta' do
-          expect(token_meta['authenticated_identifier']).to eq @test_identifier
-        end
-        it 'provide a message indicating that the token is valid' do
-          expect(message).to match /Valid token for/
-        end
-      end
-      context 'given expired token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          allow(Time).to receive(:now).and_return(Time.now+one_year_in_seconds)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Expired token/
-        end
-      end
-      context 'given unknown token (not in store)' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_valid_generator.generate(authenticated_identifier: @test_identifier)
-          @test_store.instance_variable_set("@store", []) #clear store
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate that token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Unknown token/
-        end
-      end
-      context 'given invalid token (garbage or different key)' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_local.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provide a message indicating that the token is invalid' do
-          expect(message).to match /Token decode\/verification failure/
-        end
-      end
-    end
+  #TODO testing to ensure that it can instantiate the providers, but otherwise there is not much here to test.
-    context "given that the validator is configured for remote validation" do
-      context 'given valid token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @remote_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_remote.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'should indicate valid if the token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'should provide the authenticated_identifier if the token is valid' do
-          expect(token_meta['authenticated_identifier']).to eq @test_identifier
-        end
-      end
-      context 'given invalid (generalized) token' do
-        let!(:token_validation_result) {
-          token, token_generator_meta = @local_invalid_generator.generate(authenticated_identifier: @test_identifier)
-          @iut_remote.validate(authentication_token: token)
-        }
-        let!(:token_validity) { token_validation_result[0] }
-        let!(:token_meta)     { token_validation_result[1] }
-        let!(:message)        { token_validation_result[2] }
-        it 'indicate token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'does not provide the token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'provides a message indicating the token is invalid' do
-          expect(message).to match /Token decode\/verification failure/
-        end
-      end
-    end
-    context "given that the validator is configured for static tokens" do
-      let(:iut) { subject.new(@static_validator_configuration) }
-      context "given a token that is in the list of static tokens and not expired" do
-        let(:response)       { iut.validate(authentication_token: @token_for_client_service_1) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with true indicating token is valid' do
-          expect(token_validity).to eq true
-        end
-        it 'should respond with token meta' do
-          expect(token_meta).to_not eq nil
-        end
-        it 'should respond with a message indicating that the token is valid' do
-          expect(message).to eq 'Valid token for <calling_client_service_1>'
-        end
-      end
-      context "the token is in the list of static tokens and expired" do
-        let(:response)       { @iut_static.validate(authentication_token: @token_for_client_service_3_expired) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with false indicating token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'should respond with nil token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'should respond with a message indicating that the token is expired' do
-          expect(message).to match /Expired token/
-        end
-      end
-      context "given a token that is not in the list of static tokens" do
-        let(:response)       { @iut_static.validate(authentication_token: @token_for_client_service_3_unknown) }
-        let(:token_validity) { response[0] }
-        let(:token_meta)     { response[1] }
-        let(:message)        { response[2] }
-        it 'should respond with false indicating token is invalid' do
-          expect(token_validity).to eq false
-        end
-        it 'should respond with no token meta' do
-          expect(token_meta).to eq nil
-        end
-        it 'should respond with a message indicating that the token is valid' do
-          expect(message).to match /Unknown static token/
-        end
-      end
-    end
-  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: soar_authentication_token
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 5.0.0
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-02-09 00:00:00.000000000 Z
+date: 2017-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: soar_xt
@@ -202,6 +202,7 @@ email:
 executables:
 - console
 - keypair-generator
+- rotate-configs
 - setup
 extensions: []
 extra_rdoc_files: []
@@ -218,10 +219,12 @@ files:
 - Rakefile
 - bin/console
 - bin/keypair-generator
+- bin/rotate-configs
 - bin/setup
 - docker-compose-isolated.yml
 - docker-compose.yml
 - lib/soar_authentication_token.rb
+- lib/soar_authentication_token/config_rotator.rb
 - lib/soar_authentication_token/keypair_generator.rb
 - lib/soar_authentication_token/providers/jwt_token_generator.rb
 - lib/soar_authentication_token/providers/jwt_token_validator.rb
@@ -239,9 +242,13 @@ files:
 - sanity/Gemfile
 - sanity/sanity.rb
 - soar_authentication_token.gemspec
+- spec/config_rotator_spec.rb
+- spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
 - spec/rack_middleware_spec.rb
+- spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
+- spec/static_token_validator_spec.rb
 - spec/token_generator_spec.rb
 - spec/token_validator_spec.rb
 homepage: https://gitlab.host-h.net/hetznerZA/authentication-token-service
@@ -269,8 +276,12 @@ signing_key:
 specification_version: 4
 summary: Client library for Hetzner's authentication token service
 test_files:
+- spec/config_rotator_spec.rb
+- spec/jwt_token_validator_spec.rb
 - spec/keypair_generator_spec.rb
 - spec/rack_middleware_spec.rb
+- spec/remote_token_validator_spec.rb
 - spec/spec_helper.rb
+- spec/static_token_validator_spec.rb
 - spec/token_generator_spec.rb
 - spec/token_validator_spec.rb