首頁 探索 說明
登入
contracts
/
denet-node-server
2
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 9f7e1fbb40
分支列表 標籤列表
denet-node-s...
/
node_modules
/
fernet
/
test
/
decode_test.js

decode_test.js 4.6 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. //for browser compatibility
    2. 

  2. if (!chai) var chai = require('chai');
    3. 

  3. if (!sinon) var sinon = require("sinon");
    4. 

  4. if (!sinonChai) var sinonChai = require("sinon-chai");
    5. 

  5. if (!fernet) var fernet = require('../fernet');
    6. 

  6. 

  7. var assert = chai.assert
    8. 

  8. chai.use(sinonChai);
    9. 

  9. 

  10. var testData = {
    11. 

  11.   "token": "gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==",
    12. 

  12.   "now": "1985-10-26T01:20:00-07:00",
    13. 

  13.   "iv": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
    14. 

  14.   "src": "hello",
    15. 

  15.   "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4="
    16. 

  16. }
    17. 

  17. 

  18. var unacceptableClockSkewTestData = {
    19. 

  19.   "token": "gAAAAAAdwStRAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAnja1xKYyhd-Y6mSkTOyTGJmw2Xc2a6kBd-iX9b_qXQcw==",
    20. 

  20.   "now": "1985-10-26T01:20:01-07:00",
    21. 

  21.   "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4="
    22. 

  22. }
    23. 

  23. 

  24. 

  25. suite('fernet.Token.prototype.decode', function () {
    26. 

  26.   var _fernet = new fernet({ ttl: 0 })
    27. 

  27.   var secret = new fernet.Secret(testData.secret);
    28. 

  28. 

  29.   test("decode()", function () {
    30. 

  30.     var token = new _fernet.Token({
    31. 

  31.       secret: secret,
    32. 

  32.       token: testData.token
    33. 

  33.     })
    34. 

  34. 

  35.     assert.equal("hello", token.decode())
    36. 

  36.     assert.equal("hello", token.toString())
    37. 

  37.   })
    38. 

  38. 

  39.   test("decode(token)", function () {
    40. 

  40.     var token = new _fernet.Token({ secret: secret })
    41. 

  41.     assert.equal("hello", token.decode(testData.token))
    42. 

  42.     assert.equal("hello", token.toString())
    43. 

  43.   })
    44. 

  44. 

  45.   test("decode(token) with top-level secret", function () {
    46. 

  46.     var f = new fernet({ secret: testData.secret, ttl: 0 })
    47. 

  47.     var token = new f.Token()
    48. 

  48.     assert.equal("hello", token.decode(testData.token))
    49. 

  49.     assert.equal("hello", token.toString())
    50. 

  50.   })
    51. 

  51. 

  52.   test('recovers version', function () {
    53. 

  53.     var token = new _fernet.Token({
    54. 

  54.       secret: secret,
    55. 

  55.       token: testData.token,
    56. 

  56.       version: 1
    57. 

  57.     })
    58. 

  58.     assert.equal(token.version, 1);
    59. 

  59.     token.decode();
    60. 

  60.     assert.equal(token.version, 128);
    61. 

  61.   })
    62. 

  62. 

  63.   test('recovers time', function () {
    64. 

  64.     var token = new _fernet.Token({
    65. 

  65.       secret: secret,
    66. 

  66.       token: testData.token
    67. 

  67.     })
    68. 

  68.     token.decode();
    69. 

  69.     var now = new Date(Date.parse(testData.now));
    70. 

  70.     assert.equal(token.time.toUTCString(), now.toUTCString());
    71. 

  71.   })
    72. 

  72. 

  73.   test('recovers iv', function () {
    74. 

  74.     var token = new _fernet.Token({
    75. 

  75.       secret: secret,
    76. 

  76.       token: testData.token
    77. 

  77.     })
    78. 

  78.     token.decode();
    79. 

  79.     var ivHex = fernet.ArrayToHex(testData.iv);
    80. 

  80.     assert.equal(token.ivHex, ivHex);
    81. 

  81.   })
    82. 

  82. 

  83.   test('recovers hmac', function () {
    84. 

  84.     var token = new _fernet.Token({
    85. 

  85.       secret: secret,
    86. 

  86.       token: testData.token
    87. 

  87.     })
    88. 

  88.     token.decode();
    89. 

  89.     var computedHmac = fernet.createHmac(secret.signingKey, fernet.timeBytes(token.time), token.iv, token.cipherText);
    90. 

  90.     assert.equal(token.hmacHex, computedHmac.toString(fernet.Hex));
    91. 

  91.   })
    92. 

  92. 

  93.   test('inherits parent TTL', function () {
    94. 

  94.     var f = new fernet({ ttl: 1 });
    95. 

  95.     var token = new f.Token({
    96. 

  96.       secret: secret,
    97. 

  97.       token: testData.token,
    98. 

  98.     })
    99. 

  99. 

  100.     assert.throws(function () {
    101. 

  101.       token.decode();
    102. 

  102.     }, Error, 'Invalid Token: TTL');
    103. 

  103.   })
    104. 

  104. 

  105.   test('raises new Error("Invalid Token: TTL") on invalid ttl', function () {
    106. 

  106.     var token = new fernet.Token({
    107. 

  107.       secret: secret,
    108. 

  108.       token: testData.token,
    109. 

  109.       ttl: 1
    110. 

  110.     })
    111. 

  111. 

  112.     assert.throws(function () {
    113. 

  113.       token.decode();
    114. 

  114.     }, Error, 'Invalid Token: TTL');
    115. 

  115.   })
    116. 

  116. 

  117.   test('raises new Error("Invalid version") on wrong version byte', function () {
    118. 

  118.     var tokenHex = fernet.decode64toHex(testData.token);
    119. 

  119.     var versionOffset = fernet.hexBits(8);
    120. 

  120.     var dirtyToken = '01' + tokenHex.slice(versionOffset);
    121. 

  121.     var tokenWords = fernet.Hex.parse(dirtyToken);
    122. 

  122.     var token = fernet.urlsafe(tokenWords.toString(fernet.Base64));
    123. 

  123.     var t = new _fernet.Token({ secret: secret })
    124. 

  124. 

  125.     assert.throws(function () {
    126. 

  126.       t.decode(token);
    127. 

  127.     }, Error, 'Invalid version');
    128. 

  128.   })
    129. 

  129. 

  130.   test('raises new Error("Invalid Token: HMAC") on wrong Hmac', function () {
    131. 

  131.     var s = testData.token;
    132. 

  132.     var i = s.length - 5;
    133. 

  133.     var mutation = String.fromCharCode(s.charCodeAt(i) + 1);
    134. 

  134.     var dirtyHmacString = s.slice(0, i) + mutation + s.slice(i + 1);
    135. 

  135.     var token = new _fernet.Token({
    136. 

  136.       secret: secret,
    137. 

  137.       token: dirtyHmacString
    138. 

  138.     })
    139. 

  139. 

  140.     assert.throws(function () {
    141. 

  141.       token.decode();
    142. 

  142.     }, Error, 'Invalid Token: HMAC');
    143. 

  143.   })
    144. 

  144. 

  145.   test('raises new Error("far-future timestamp") on unacceptable clock skew', function () {
    146. 

  146.     var token = new fernet.Token({
    147. 

  147.       secret: new fernet.Secret(unacceptableClockSkewTestData.secret),
    148. 

  148.       token: unacceptableClockSkewTestData.token,
    149. 

  149.       ttl: 1
    150. 

  150.     })
    151. 

  151. 

  152.     clock = sinon.useFakeTimers(new Date(Date.parse(unacceptableClockSkewTestData.now)).getTime());
    153. 

  153. 

  154.     assert.throws(function () {
    155. 

  155.       token.decode();
    156. 

  156.     }, Error, 'far-future timestamp');
    157. 

  157. 

  158.     clock.restore();
    159. 

  159. 

  160.   })
    161. 

  161. })
    162.