prysm-pulse/validator/rpc/auth_token_test.go

130 lines
4.3 KiB
Go
Raw Normal View History

package rpc
import (
"bytes"
"context"
"encoding/hex"
"os"
"path/filepath"
"testing"
"time"
"github.com/golang-jwt/jwt/v4"
"github.com/prysmaticlabs/prysm/v4/testing/require"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
)
func setupWalletDir(t testing.TB) string {
walletDir := filepath.Join(t.TempDir(), "wallet")
require.NoError(t, os.MkdirAll(walletDir, os.ModePerm))
return walletDir
}
func TestServer_AuthenticateUsingExistingToken(t *testing.T) {
// Initializing for the first time, there is no auth token file in
// the wallet directory, so we generate a jwt token and secret from scratch.
srv := &Server{}
walletDir := setupWalletDir(t)
token, err := srv.initializeAuthToken(walletDir)
require.NoError(t, err)
require.Equal(t, true, len(srv.jwtSecret) > 0)
unaryInfo := &grpc.UnaryServerInfo{
FullMethod: "Proto.CreateWallet",
}
unaryHandler := func(ctx context.Context, req interface{}) (interface{}, error) {
return nil, nil
}
ctxMD := map[string][]string{
"authorization": {"Bearer " + token},
}
ctx := context.Background()
ctx = metadata.NewIncomingContext(ctx, ctxMD)
_, err = srv.JWTInterceptor()(ctx, "xyz", unaryInfo, unaryHandler)
require.NoError(t, err)
// Next up, we make the same request but reinitialize the server and we should still
// pass with the same auth token.
srv = &Server{}
_, err = srv.initializeAuthToken(walletDir)
require.NoError(t, err)
require.Equal(t, true, len(srv.jwtSecret) > 0)
_, err = srv.JWTInterceptor()(ctx, "xyz", unaryInfo, unaryHandler)
require.NoError(t, err)
}
func TestServer_RefreshJWTSecretOnFileChange(t *testing.T) {
// Initializing for the first time, there is no auth token file in
// the wallet directory, so we generate a jwt token and secret from scratch.
srv := &Server{}
walletDir := setupWalletDir(t)
_, err := srv.initializeAuthToken(walletDir)
require.NoError(t, err)
currentSecret := srv.jwtSecret
require.Equal(t, true, len(currentSecret) > 0)
authTokenPath := filepath.Join(walletDir, authTokenFileName)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
go srv.refreshAuthTokenFromFileChanges(ctx, authTokenPath)
// Wait for service to be ready.
time.Sleep(time.Millisecond * 250)
// Update the auth token file with a new secret.
require.NoError(t, CreateAuthToken(walletDir, "localhost:7500"))
// The service should have picked up the file change and set the jwt secret to the new one.
time.Sleep(time.Millisecond * 500)
newSecret := srv.jwtSecret
require.Equal(t, true, len(newSecret) > 0)
require.Equal(t, true, !bytes.Equal(currentSecret, newSecret))
Improve beacon chain coverage Part 1 (#11080) * first node test * adding in configuration flags for code coverage * adding line to remove file on unit test * adding new test for compressed field trie but is currently broken * changing limit on trie * adding new trie length coverage * adding in test for empty copy of trie * adding more trie tests * adding new field trie * adding more field trie tests * adding clarity to chunking equation * fixing linting * clarifying function for limit * updating native state settings to improve ease of future unit tests * improving unit test * fixing unit tests * adding more tests and fixing linting * adding more coverage and removing unused file * increasing node coverage * adding new test for checking config for booleans * fixing db test * fixing linting * adding signing root test * fixing linting * removing accidently created beacondata * switching not non native state * reverting back to proto use for spec test * reverting back to proto for some tests * turning off native state on some tests * switching more to proto state * rolling back disablenativestate * switching to native state in the state-native package for tests * fixing linting * fixing deepsource complaint * fixing some tests to native state and removing some unused flag checks * convert to native state * fixing linting * issues are being triggered by deleting the db this way so reverting change in hopes of changing this * rolling back testing util * rolling back some tests from native state * rolling back db deletion * test switching native state off after test runs * fixing hasher test * fixing altair and bellatrix hashers for native state * Update beacon-chain/node/node_test.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update validator/rpc/auth_token_test.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * fixing imports * adding altair proof test Co-authored-by: Radosław Kapka <rkapka@wp.pl>
2022-08-16 16:19:01 +00:00
err = os.Remove(authTokenFileName)
require.NoError(t, err)
}
func Test_initializeAuthToken(t *testing.T) {
// Initializing for the first time, there is no auth token file in
// the wallet directory, so we generate a jwt token and secret from scratch.
srv := &Server{}
walletDir := setupWalletDir(t)
token, err := srv.initializeAuthToken(walletDir)
require.NoError(t, err)
require.Equal(t, true, len(srv.jwtSecret) > 0)
// Initializing second time, we generate something from the initial file.
srv2 := &Server{}
token2, err := srv2.initializeAuthToken(walletDir)
require.NoError(t, err)
require.Equal(t, true, bytes.Equal(srv.jwtSecret, srv2.jwtSecret))
require.Equal(t, token, token2)
// Deleting the auth token and re-initializing means we create a jwt token
// and secret from scratch again.
srv3 := &Server{}
walletDir = setupWalletDir(t)
token3, err := srv3.initializeAuthToken(walletDir)
require.NoError(t, err)
require.Equal(t, true, len(srv.jwtSecret) > 0)
require.NotEqual(t, token, token3)
}
// "createTokenString" now uses jwt.RegisteredClaims instead of jwt.StandardClaims (deprecated),
// make sure emtpy jwt.RegisteredClaims and empty jwt.StandardClaims generates the same token.
func Test_UseRegisteredClaimInsteadOfStandClaims(t *testing.T) {
jwtsecret, err := hex.DecodeString("12345678900123456789abcdeffedcba")
require.NoError(t, err)
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{}) // jwt.StandardClaims is deprecated
wantedTokenString, err := token.SignedString(jwtsecret)
require.NoError(t, err)
gotTokenString, err := createTokenString(jwtsecret)
require.NoError(t, err)
if wantedTokenString != gotTokenString {
t.Errorf("%s != %s", wantedTokenString, gotTokenString)
}
}