rustauth-core 0.2.0

Core types and primitives for RustAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

use serde::{Deserialize, Serialize};

use rustauth_core::crypto::{symmetric_decode_jwt, symmetric_encode_jwt, SecretConfig};

#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
struct Claims {
    subject: String,
}

#[test]
fn symmetric_jwe_round_trips_with_string_secret() -> Result<(), Box<dyn std::error::Error>> {
    let claims = Claims {
        subject: "user_123".to_owned(),
    };

    let token = symmetric_encode_jwt(&claims, "secret-a-at-least-32-chars-long!!", 300)?;
    let decoded = symmetric_decode_jwt::<Claims, _>(&token, "secret-a-at-least-32-chars-long!!")?;

    assert_eq!(decoded, Some(claims));
    Ok(())
}

#[test]
fn symmetric_jwe_decodes_with_rotated_secret_config() -> Result<(), Box<dyn std::error::Error>> {
    let claims = Claims {
        subject: "user_123".to_owned(),
    };
    let old_config = SecretConfig::new([(1, "secret-a-at-least-32-chars-long!!")]);
    let rotated_config = SecretConfig::new([
        (2, "secret-b-at-least-32-chars-long!!"),
        (1, "secret-a-at-least-32-chars-long!!"),
    ]);

    let token = symmetric_encode_jwt(&claims, &old_config, 300)?;
    let decoded = symmetric_decode_jwt::<Claims, _>(&token, &rotated_config)?;

    assert_eq!(decoded, Some(claims));
    Ok(())
}

#[test]
fn symmetric_jwe_decodes_with_legacy_secret() -> Result<(), Box<dyn std::error::Error>> {
    let claims = Claims {
        subject: "user_123".to_owned(),
    };
    let rotated_config = SecretConfig::new([(2, "secret-b-at-least-32-chars-long!!")])
        .with_legacy_secret("secret-a-at-least-32-chars-long!!");

    let token = symmetric_encode_jwt(&claims, "secret-a-at-least-32-chars-long!!", 300)?;
    let decoded = symmetric_decode_jwt::<Claims, _>(&token, &rotated_config)?;

    assert_eq!(decoded, Some(claims));
    Ok(())
}

#[test]
fn symmetric_jwe_rejects_mismatched_kid_without_fallback() -> Result<(), Box<dyn std::error::Error>>
{
    let claims = Claims {
        subject: "user_123".to_owned(),
    };
    let old_config = SecretConfig::new([(1, "secret-a-at-least-32-chars-long!!")]);
    let wrong_config = SecretConfig::new([(2, "secret-b-at-least-32-chars-long!!")]);

    let token = symmetric_encode_jwt(&claims, &old_config, 300)?;
    let decoded = symmetric_decode_jwt::<Claims, _>(&token, &wrong_config)?;

    assert_eq!(decoded, None);
    Ok(())
}

#[test]
fn symmetric_jwe_accepts_tokens_inside_clock_tolerance() -> Result<(), Box<dyn std::error::Error>> {
    let claims = Claims {
        subject: "user_123".to_owned(),
    };

    let token = symmetric_encode_jwt(&claims, "secret-a-at-least-32-chars-long!!", 0)?;
    let decoded = symmetric_decode_jwt::<Claims, _>(&token, "secret-a-at-least-32-chars-long!!")?;

    assert_eq!(decoded, Some(claims));
    Ok(())
}