First steps for JWT refresh

2025-11-12 00:15:44 +01:00 · 2018-11-29 08:01:25 +01:00
parent 0664303854
commit c85c0229c1
8 changed files with 241 additions and 48 deletions
--- a/scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenRefresherTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenRefresherTest.java
@@ -0,0 +1,86 @@
+package sonia.scm.security;
+
+import com.github.sdorra.shiro.ShiroRule;
+import com.github.sdorra.shiro.SubjectAware;
+import org.assertj.core.api.Assertions;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.Collections;
+import java.util.Optional;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@SubjectAware(
+  username = "user",
+  password = "secret",
+  configuration = "classpath:sonia/scm/repository/shiro.ini"
+)
+@RunWith(MockitoJUnitRunner.class)
+public class JwtAccessTokenRefresherTest {
+
+  @Rule
+  public ShiroRule shiro = new ShiroRule();
+
+  @Mock
+  private SecureKeyResolver keyResolver;
+  @Mock
+  private JwtAccessTokenRefreshStrategy refreshStrategy;
+  private JwtAccessTokenBuilderFactory builderFactory;
+  private JwtAccessTokenRefresher refresher;
+  private JwtAccessTokenBuilder tokenBuilder;
+
+  @Before
+  public void initKeyResolver() {
+    byte[] bytes = new byte[256];
+    new Random().nextBytes(bytes);
+    SecureKey secureKey = new SecureKey(bytes, System.currentTimeMillis());
+    when(keyResolver.getSecureKey(any())).thenReturn(secureKey);
+
+    builderFactory = new JwtAccessTokenBuilderFactory(new DefaultKeyGenerator(), keyResolver, Collections.emptySet());
+    refresher = new JwtAccessTokenRefresher(builderFactory, refreshStrategy);
+    tokenBuilder = builderFactory.create();
+  }
+
+  @Test
+  public void shouldNotRefreshTokenWithDisabledRefresh() {
+    JwtAccessToken oldToken = tokenBuilder
+      .refreshableFor(0, TimeUnit.MINUTES)
+      .build();
+
+    Optional<JwtAccessToken> refreshedToken = refresher.refresh(oldToken);
+
+    Assertions.assertThat(refreshedToken).isEmpty();
+  }
+
+  @Test
+  public void shouldNotRefreshTokenWhenStrategyDoesNotSaySo() {
+    JwtAccessToken oldToken = tokenBuilder
+      .refreshableFor(10, TimeUnit.MINUTES)
+      .build();
+    when(refreshStrategy.shouldBeRefreshed(oldToken)).thenReturn(false);
+
+    Optional<JwtAccessToken> refreshedToken = refresher.refresh(oldToken);
+
+    Assertions.assertThat(refreshedToken).isEmpty();
+  }
+
+  @Test
+  public void shouldRefreshTokenWithEnabledRefresh() {
+    JwtAccessToken oldToken = tokenBuilder
+      .refreshableFor(1, TimeUnit.MINUTES)
+      .build();
+    when(refreshStrategy.shouldBeRefreshed(oldToken)).thenReturn(true);
+
+    Optional<JwtAccessToken> refreshedToken = refresher.refresh(oldToken);
+
+    Assertions.assertThat(refreshedToken).isNotEmpty();
+  }
+}