Skip to content

Commit

Permalink
Fix Issuer Validation
Browse files Browse the repository at this point in the history 
* correct mismatched enum

* Add issuer validation tests

Co-authored-by: 조태혁 <[email protected]>
  • Loading branch information
@lyra95
lyra95 and 조태혁 authored Apr 28, 2022
1 parent a1ccb29 commit 67c8eb8
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/Paseto/Handlers/PasetoPurposeHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,6 @@ protected virtual void ValidateIssuer(PasetoToken token, PasetoTokenValidationPa
return;

if (token.Payload.HasIssuer())
new EqualValidator(token.Payload, PasetoRegisteredClaimNames.Audience).Validate(validationParameters.ValidIssuer);
new EqualValidator(token.Payload, PasetoRegisteredClaimNames.Issuer).Validate(validationParameters.ValidIssuer);
}
}
84 changes: 84 additions & 0 deletions tests/Paseto.Tests/PasetoValidationTest.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
using System.ComponentModel;
using System.Linq;
using FluentAssertions;
using Paseto.Builder;
using Paseto.Cryptography.Key;
using Xunit;

namespace Paseto.Tests
{
public sealed class PasetoValidationTest
{
[Theory(DisplayName = "Should succeed on token with valid issuer")]
[InlineData(ProtocolVersion.V3, Purpose.Local)]
[InlineData(ProtocolVersion.V3, Purpose.Public)]
[InlineData(ProtocolVersion.V4, Purpose.Local)]
[InlineData(ProtocolVersion.V4, Purpose.Public)]
public void TokenWithValidIssuerValidationSucceeds(ProtocolVersion version, Purpose purpose)
{
var validationParameters = new PasetoTokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "valid-issuer",
};

var (token, decodeKey) = GenerateToken(version, purpose, "valid-issuer");
var decoded = new PasetoBuilder()
.Use(version, purpose)
.WithKey(decodeKey)
.Decode(token, validationParameters);

decoded.IsValid.Should().BeTrue();
}

[Theory(DisplayName = "Should fail on token with invalid issuer")]
[InlineData(ProtocolVersion.V3, Purpose.Local)]
[InlineData(ProtocolVersion.V3, Purpose.Public)]
[InlineData(ProtocolVersion.V4, Purpose.Local)]
[InlineData(ProtocolVersion.V4, Purpose.Public)]
public void TokenWithInValidIssuerValidationFails(ProtocolVersion version, Purpose purpose)
{
var validationParameters = new PasetoTokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = "valid-issuer",
};

var (token, decodeKey) = GenerateToken(version, purpose, "invalid-issuer");
var decoded = new PasetoBuilder()
.Use(version, purpose)
.WithKey(decodeKey)
.Decode(token, validationParameters);

decoded.IsValid.Should().BeFalse();
}

private static (string token, PasetoKey decodeKey) GenerateToken(ProtocolVersion version, Purpose purpose, string issuer)
{
var builder = new PasetoBuilder().Use(version, purpose);
switch (purpose)
{
case Purpose.Local:
{
var key = builder.GenerateSymmetricKey();
var token = builder
.WithKey(key)
.Issuer(issuer)
.Encode();
return (token, key);
}
case Purpose.Public:
{
var keyPair = builder.GenerateAsymmetricKeyPair(Enumerable.Repeat((byte)0x00, 32).ToArray());
var token = builder
.WithKey(keyPair.SecretKey)
.Issuer(issuer)
.Encode();
return (token, keyPair.PublicKey);
}
default:
throw new InvalidEnumArgumentException();
}
}
}
}

0 comments on commit 67c8eb8

Please sign in to comment.