use serde_json::json;
use serde_json::value::Value;
#[cfg(feature = "matching")]
use regex::Regex;
use jsonwebtokens as jwt;
use jwt::{Algorithm, AlgorithmID, Verifier};
mod common;
use common::get_time;
#[test]
fn string_equals() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
"my_claim": "foo"
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_equals("my_claim", "foo")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn string_equals_failure() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
"my_claim": "foo"
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_equals("my_claim", "food")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn string_equals_missing() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_equals("my_claim", "foo")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
fn string_matches() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
"my_claim": "foo"
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_matches("my_claim", Regex::new("[fo]+").unwrap())
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
#[should_panic(expected = "MalformedToken")]
fn string_matches_failure() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
"my_claim": "foo"
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_matches("my_claim", Regex::new("[bar]+").unwrap())
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
#[should_panic(expected = "MalformedToken")]
fn string_matches_missing() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({
"aud": "test",
"exp": get_time() + 10000,
});
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.audience("test")
.string_matches("my_claim", Regex::new("[bar]+").unwrap())
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn string_equals_wrong_type() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_equals("my_claim", "1234")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn closure_verify_u64_claim() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.claim_callback("my_claim", |v| v.is_u64() && v.as_u64().unwrap() == 1234)
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn closure_fail_verify_u64_claim() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": "1234" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.claim_callback("my_claim", |v| v.is_u64() && v.as_u64().unwrap() == 1234)
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_integer_iat() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "iat": "1575057015" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_integer_exp() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "exp": "1575057015" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_integer_nbf() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "nbf": "1575057015" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_string_iss() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "iss": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_string_or_array_aud() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn string_or_array_aud() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": "ACME" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
let claims = json!({ "aud": ["ACME", "ACME2"] });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_string_array_aud() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": ["ACME", "ACME2", 123] });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_string_sub() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "sub": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn iss_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "iss": "ACME" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().issuer("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn iss_not_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "iss": "ACMEv2" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().issuer("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn aud_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": "ACME" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().audience("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn aud_equal_with_array() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": ["ACME", "ACME2"] });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().audience("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn aud_not_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "aud": "ACMEv2" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().audience("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn sub_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "sub": "ACME" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().subject("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn sub_not_equal() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "sub": "ACMEv2" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create().subject("ACME").build().unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn equals_one_of() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": "value0" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_equals_one_of("my_claim", &["value0", "value1"])
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn equals_one_of_failure() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": "value0" });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_equals_one_of("my_claim", &["value1", "value2"])
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn equals_one_of_wrong_type() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": 1234 });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_equals_one_of("my_claim", &["1234"])
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
fn matches_one_of() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims0 = json!({ "my_claim": "value0" });
let token0 = jwt::encode(&header, &claims0, &alg).unwrap();
let claims1 = json!({ "my_claim": "other3" });
let token1 = jwt::encode(&header, &claims1, &alg).unwrap();
let verifier = Verifier::create()
.string_matches_one_of(
"my_claim",
&[
Regex::new("value[0123]").unwrap(),
Regex::new("other[0123]").unwrap(),
],
)
.build()
.unwrap();
let _claims0: Value = verifier.verify(token0, &alg).unwrap();
let _claims1: Value = verifier.verify(token1, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
#[should_panic(expected = "MalformedToken")]
fn matches_one_of_failure() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": "value4" });
let token = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_matches_one_of(
"my_claim",
&[
Regex::new("value[0123]").unwrap(),
Regex::new("other[0123]").unwrap(),
],
)
.build()
.unwrap();
let _claims: Value = verifier.verify(token, &alg).unwrap();
}
#[cfg(feature = "matching")]
#[test]
#[should_panic(expected = "MalformedToken")]
fn matches_one_of_missing() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "iss": "ACME" });
let token = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_matches_one_of(
"my_claim",
&[
Regex::new("value[0123]").unwrap(),
Regex::new("other[0123]").unwrap(),
],
)
.build()
.unwrap();
let _claims: Value = verifier.verify(token, &alg).unwrap();
}
#[test]
#[should_panic(expected = "MalformedToken")]
fn non_string_array_contains() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": ["value1", "value2", 123] });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_or_array_contains("my_claim", "value1")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}
#[test]
fn string_array_contains() {
let alg = Algorithm::new_hmac(AlgorithmID::HS256, "secret").unwrap();
let header = json!({ "alg": "HS256" });
let claims = json!({ "my_claim": ["value1", "value2", "value3"] });
let token_str = jwt::encode(&header, &claims, &alg).unwrap();
let verifier = Verifier::create()
.string_or_array_contains("my_claim", "value2")
.build()
.unwrap();
let _claims: Value = verifier.verify(token_str, &alg).unwrap();
}