2021-10-20 16:37:05 +00:00
|
|
|
package rpc
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"context"
|
2022-08-17 04:10:11 +00:00
|
|
|
"encoding/hex"
|
2021-10-20 16:37:05 +00:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"testing"
|
2021-10-28 14:24:39 +00:00
|
|
|
"time"
|
2021-10-20 16:37:05 +00:00
|
|
|
|
2022-08-17 04:10:11 +00:00
|
|
|
"github.com/golang-jwt/jwt/v4"
|
2023-03-17 18:52:56 +00:00
|
|
|
"github.com/prysmaticlabs/prysm/v4/testing/require"
|
2021-10-20 16:37:05 +00:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
)
|
|
|
|
|
|
|
|
func setupWalletDir(t testing.TB) string {
|
|
|
|
walletDir := filepath.Join(t.TempDir(), "wallet")
|
|
|
|
require.NoError(t, os.MkdirAll(walletDir, os.ModePerm))
|
|
|
|
return walletDir
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestServer_AuthenticateUsingExistingToken(t *testing.T) {
|
|
|
|
// Initializing for the first time, there is no auth token file in
|
|
|
|
// the wallet directory, so we generate a jwt token and secret from scratch.
|
|
|
|
srv := &Server{}
|
|
|
|
walletDir := setupWalletDir(t)
|
2021-10-26 10:24:09 +00:00
|
|
|
token, err := srv.initializeAuthToken(walletDir)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
require.Equal(t, true, len(srv.jwtSecret) > 0)
|
2021-10-20 16:37:05 +00:00
|
|
|
|
|
|
|
unaryInfo := &grpc.UnaryServerInfo{
|
|
|
|
FullMethod: "Proto.CreateWallet",
|
|
|
|
}
|
|
|
|
unaryHandler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
ctxMD := map[string][]string{
|
|
|
|
"authorization": {"Bearer " + token},
|
|
|
|
}
|
|
|
|
ctx := context.Background()
|
|
|
|
ctx = metadata.NewIncomingContext(ctx, ctxMD)
|
|
|
|
_, err = srv.JWTInterceptor()(ctx, "xyz", unaryInfo, unaryHandler)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
// Next up, we make the same request but reinitialize the server and we should still
|
|
|
|
// pass with the same auth token.
|
|
|
|
srv = &Server{}
|
2021-10-26 10:24:09 +00:00
|
|
|
_, err = srv.initializeAuthToken(walletDir)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
require.Equal(t, true, len(srv.jwtSecret) > 0)
|
2021-10-20 16:37:05 +00:00
|
|
|
_, err = srv.JWTInterceptor()(ctx, "xyz", unaryInfo, unaryHandler)
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
2021-10-28 14:24:39 +00:00
|
|
|
func TestServer_RefreshJWTSecretOnFileChange(t *testing.T) {
|
|
|
|
// Initializing for the first time, there is no auth token file in
|
|
|
|
// the wallet directory, so we generate a jwt token and secret from scratch.
|
|
|
|
srv := &Server{}
|
|
|
|
walletDir := setupWalletDir(t)
|
|
|
|
_, err := srv.initializeAuthToken(walletDir)
|
|
|
|
require.NoError(t, err)
|
|
|
|
currentSecret := srv.jwtSecret
|
|
|
|
require.Equal(t, true, len(currentSecret) > 0)
|
|
|
|
|
|
|
|
authTokenPath := filepath.Join(walletDir, authTokenFileName)
|
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
defer cancel()
|
|
|
|
go srv.refreshAuthTokenFromFileChanges(ctx, authTokenPath)
|
|
|
|
|
2022-03-01 20:34:05 +00:00
|
|
|
// Wait for service to be ready.
|
|
|
|
time.Sleep(time.Millisecond * 250)
|
|
|
|
|
2021-10-28 14:24:39 +00:00
|
|
|
// Update the auth token file with a new secret.
|
|
|
|
require.NoError(t, CreateAuthToken(walletDir, "localhost:7500"))
|
|
|
|
|
|
|
|
// The service should have picked up the file change and set the jwt secret to the new one.
|
|
|
|
time.Sleep(time.Millisecond * 500)
|
|
|
|
newSecret := srv.jwtSecret
|
|
|
|
require.Equal(t, true, len(newSecret) > 0)
|
|
|
|
require.Equal(t, true, !bytes.Equal(currentSecret, newSecret))
|
2022-08-16 16:19:01 +00:00
|
|
|
err = os.Remove(authTokenFileName)
|
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
}
|
|
|
|
|
2021-10-20 16:37:05 +00:00
|
|
|
func Test_initializeAuthToken(t *testing.T) {
|
|
|
|
// Initializing for the first time, there is no auth token file in
|
|
|
|
// the wallet directory, so we generate a jwt token and secret from scratch.
|
|
|
|
srv := &Server{}
|
|
|
|
walletDir := setupWalletDir(t)
|
2021-10-26 10:24:09 +00:00
|
|
|
token, err := srv.initializeAuthToken(walletDir)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
require.Equal(t, true, len(srv.jwtSecret) > 0)
|
2021-10-20 16:37:05 +00:00
|
|
|
|
|
|
|
// Initializing second time, we generate something from the initial file.
|
|
|
|
srv2 := &Server{}
|
2021-10-26 10:24:09 +00:00
|
|
|
token2, err := srv2.initializeAuthToken(walletDir)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
require.Equal(t, true, bytes.Equal(srv.jwtSecret, srv2.jwtSecret))
|
2021-10-20 16:37:05 +00:00
|
|
|
require.Equal(t, token, token2)
|
|
|
|
|
|
|
|
// Deleting the auth token and re-initializing means we create a jwt token
|
|
|
|
// and secret from scratch again.
|
|
|
|
srv3 := &Server{}
|
|
|
|
walletDir = setupWalletDir(t)
|
2021-10-26 10:24:09 +00:00
|
|
|
token3, err := srv3.initializeAuthToken(walletDir)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NoError(t, err)
|
2021-10-28 14:24:39 +00:00
|
|
|
require.Equal(t, true, len(srv.jwtSecret) > 0)
|
2021-10-20 16:37:05 +00:00
|
|
|
require.NotEqual(t, token, token3)
|
|
|
|
}
|
2022-08-17 04:10:11 +00:00
|
|
|
|
|
|
|
// "createTokenString" now uses jwt.RegisteredClaims instead of jwt.StandardClaims (deprecated),
|
2023-05-11 20:45:43 +00:00
|
|
|
// make sure empty jwt.RegisteredClaims and empty jwt.StandardClaims generates the same token.
|
2022-08-17 04:10:11 +00:00
|
|
|
func Test_UseRegisteredClaimInsteadOfStandClaims(t *testing.T) {
|
|
|
|
jwtsecret, err := hex.DecodeString("12345678900123456789abcdeffedcba")
|
|
|
|
require.NoError(t, err)
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{}) // jwt.StandardClaims is deprecated
|
|
|
|
wantedTokenString, err := token.SignedString(jwtsecret)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
gotTokenString, err := createTokenString(jwtsecret)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
if wantedTokenString != gotTokenString {
|
|
|
|
t.Errorf("%s != %s", wantedTokenString, gotTokenString)
|
|
|
|
}
|
|
|
|
}
|