Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/jwt_authenticatable_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/jwt_authenticatable_spec.rb')
-rw-r--r--spec/lib/gitlab/jwt_authenticatable_spec.rb36
1 files changed, 34 insertions, 2 deletions
diff --git a/spec/lib/gitlab/jwt_authenticatable_spec.rb b/spec/lib/gitlab/jwt_authenticatable_spec.rb
index 98c87ef627a..eea93c4e3fe 100644
--- a/spec/lib/gitlab/jwt_authenticatable_spec.rb
+++ b/spec/lib/gitlab/jwt_authenticatable_spec.rb
@@ -148,9 +148,9 @@ RSpec.describe Gitlab::JwtAuthenticatable, feature_category: :system_access do
it 'returns decoded payload if issuer is correct' do
encoded_message = JWT.encode(payload, test_class.secret, 'HS256')
- payload = test_class.decode_jwt(encoded_message, issuer: 'test_issuer')
+ decoded_payload = test_class.decode_jwt(encoded_message, issuer: 'test_issuer')
- expect(payload[0]).to match a_hash_including('iss' => 'test_issuer')
+ expect(decoded_payload[0]).to match a_hash_including('iss' => 'test_issuer')
end
it 'raises an error when the issuer is incorrect' do
@@ -159,6 +159,38 @@ RSpec.describe Gitlab::JwtAuthenticatable, feature_category: :system_access do
expect { test_class.decode_jwt(encoded_message, issuer: 'test_issuer') }.to raise_error(JWT::DecodeError)
end
+
+ it 'raises an error when the issuer is nil' do
+ payload['iss'] = nil
+ encoded_message = JWT.encode(payload, test_class.secret, 'HS256')
+
+ expect { test_class.decode_jwt(encoded_message, issuer: 'test_issuer') }.to raise_error(JWT::DecodeError)
+ end
+ end
+
+ context 'audience option' do
+ let(:payload) { { 'aud' => 'test_audience' } }
+
+ it 'returns decoded payload if audience is correct' do
+ encoded_message = JWT.encode(payload, test_class.secret, 'HS256')
+ decoded_payload = test_class.decode_jwt(encoded_message, audience: 'test_audience')
+
+ expect(decoded_payload[0]).to match a_hash_including('aud' => 'test_audience')
+ end
+
+ it 'raises an error when the audience is incorrect' do
+ payload['aud'] = 'somebody else'
+ encoded_message = JWT.encode(payload, test_class.secret, 'HS256')
+
+ expect { test_class.decode_jwt(encoded_message, audience: 'test_audience') }.to raise_error(JWT::DecodeError)
+ end
+
+ it 'raises an error when the audience is nil' do
+ payload['aud'] = nil
+ encoded_message = JWT.encode(payload, test_class.secret, 'HS256')
+
+ expect { test_class.decode_jwt(encoded_message, audience: 'test_audience') }.to raise_error(JWT::DecodeError)
+ end
end
context 'iat_after option' do
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 13:34:01 +0300