Skip to content

Regression tests: Lifetime #2839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
iNinja merged 9 commits into from
Oct 3, 2024
Merged

Regression tests: Lifetime #2839

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3070174
Added regression tests for lifetime validation scenarios
iNinja Sep 23, 2024
c4040da
Extracted functionality common to all regression tests to avoid dupli…
iNinja Sep 24, 2024
7eb978a
Merge branch 'dev' into iinglese/regression-tests-lifetime
iNinja Sep 24, 2024
06b8633
Added extra checks to the comparison between results. Added method to…
iNinja Sep 25, 2024
9e6c5aa
Merge branch 'iinglese/regression-tests-lifetime' of https://github.c…
iNinja Sep 25, 2024
6692dce
Update test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenH…
iNinja Sep 27, 2024
327fdaf
Merge branch 'dev' into iinglese/regression-tests-lifetime
iNinja Oct 1, 2024
58dc098
Removed all validations but lifetime from the tests. Removed token si…
iNinja Oct 1, 2024
9d4accb
Merge branch 'dev' into iinglese/regression-tests-lifetime
iNinja Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
175 changes: 175 additions & 0 deletions ...IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

#nullable enable
using System;
using System.Threading.Tasks;
using Microsoft.IdentityModel.TestUtils;
using Microsoft.IdentityModel.Tokens;
using Xunit;

namespace Microsoft.IdentityModel.JsonWebTokens.Tests
{
public partial class JsonWebTokenHandlerValidateTokenAsyncTests
{
[Theory, MemberData(nameof(ValidateTokenAsync_LifetimeTestCases), DisableDiscoveryEnumeration = true)]
public async Task ValidateTokenAsync_Lifetime(ValidateTokenAsyncLifetimeTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Lifetime", theoryData);

string jwtString = CreateToken(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires);

await ValidateAndCompareResults(jwtString, theoryData, context);

TestUtilities.AssertFailIfErrors(context);
}

public static TheoryData<ValidateTokenAsyncLifetimeTheoryData> ValidateTokenAsync_LifetimeTestCases
{
get
{
DateTime now = DateTime.UtcNow;
DateTime nowPlus1Hour = now.AddHours(1);
DateTime nowMinus1Hour = now.AddHours(-1);
DateTime nowPlus3Minutes = now.AddMinutes(3);
DateTime nowMinus3Minutes = now.AddMinutes(-3);

return new TheoryData<ValidateTokenAsyncLifetimeTheoryData>
{
new ValidateTokenAsyncLifetimeTheoryData("Valid_LifetimeIsValid")
{
IssuedAt = now,
NotBefore = nowMinus1Hour,
Expires = nowPlus1Hour,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
},
new ValidateTokenAsyncLifetimeTheoryData("Invalid_TokenHasNoExpiration")
{
IssuedAt = now,
NotBefore = nowMinus1Hour,
Expires = null,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
ExpectedIsValid = false,
ExpectedException = ExpectedException.SecurityTokenNoExpirationException("IDX10225:"),
},
new ValidateTokenAsyncLifetimeTheoryData("Invalid_NotBeforeIsAfterExpires")
{
IssuedAt = nowMinus1Hour,
NotBefore = nowPlus1Hour,
Expires = now,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
ExpectedIsValid = false,
ExpectedException = ExpectedException.SecurityTokenInvalidLifetimeException("IDX10224:"),
},
new ValidateTokenAsyncLifetimeTheoryData("Valid_ExpiredThreeMinutesAgoButSkewIsFiveMinutes")
{
// Default clock skew is 5 minutes.
IssuedAt = nowMinus1Hour,
NotBefore = nowMinus1Hour,
Expires = nowMinus3Minutes,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
},
new ValidateTokenAsyncLifetimeTheoryData("Invalid_ExpiredThreeMinutesAgoButSkewIsTwoMinutes")
{
// We override the clock skew to 2 minutes.
IssuedAt = nowMinus1Hour,
NotBefore = nowMinus1Hour,
Expires = nowMinus3Minutes,
TokenValidationParameters = CreateTokenValidationParameters(TimeSpan.FromMinutes(2)),
ValidationParameters = CreateValidationParameters(TimeSpan.FromMinutes(2)),
ExpectedIsValid = false,
ExpectedException = ExpectedException.SecurityTokenExpiredException("IDX10223:"),
},
new ValidateTokenAsyncLifetimeTheoryData("Valid_ValidInThreeMinutesButSkewIsFiveMinutes")
{
// Default clock skew is 5 minutes.
IssuedAt = nowMinus1Hour,
NotBefore = nowPlus3Minutes,
Expires = nowPlus1Hour,
TokenValidationParameters = CreateTokenValidationParameters(),
ValidationParameters = CreateValidationParameters(),
},
new ValidateTokenAsyncLifetimeTheoryData("Invalid_ValidInThreeMinutesButSkewIsTwoMinutes")
{
// We override the clock skew to 2 minutes.
IssuedAt = nowMinus1Hour,
NotBefore = nowPlus3Minutes,
Expires = nowPlus1Hour,
TokenValidationParameters = CreateTokenValidationParameters(TimeSpan.FromMinutes(2)),
ValidationParameters = CreateValidationParameters(TimeSpan.FromMinutes(2)),
ExpectedIsValid = false,
ExpectedException = ExpectedException.SecurityTokenNotYetValidException("IDX10222:"),
},
};

static TokenValidationParameters CreateTokenValidationParameters(TimeSpan? clockSkew = null)
{
// only validate the lifetime
var tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateLifetime = true,
ValidateTokenReplay = false,
ValidateIssuerSigningKey = false,
RequireSignedTokens = false,
};

if (clockSkew is not null)
tokenValidationParameters.ClockSkew = clockSkew.Value;

return tokenValidationParameters;
}

static ValidationParameters CreateValidationParameters(TimeSpan? clockSkew = null)
{
ValidationParameters validationParameters = new ValidationParameters();

if (clockSkew is not null)
validationParameters.ClockSkew = clockSkew.Value;

// Skip all validations except lifetime
validationParameters.AlgorithmValidator = SkipValidationDelegates.SkipAlgorithmValidation;
validationParameters.AudienceValidator = SkipValidationDelegates.SkipAudienceValidation;
validationParameters.IssuerValidatorAsync = SkipValidationDelegates.SkipIssuerValidation;
validationParameters.IssuerSigningKeyValidator = SkipValidationDelegates.SkipIssuerSigningKeyValidation;
validationParameters.SignatureValidator = SkipValidationDelegates.SkipSignatureValidation;

return validationParameters;
}
}
}

public class ValidateTokenAsyncLifetimeTheoryData : ValidateTokenAsyncBaseTheoryData
{
public ValidateTokenAsyncLifetimeTheoryData(string testId) : base(testId) { }

public DateTime? IssuedAt { get; set; }

public DateTime? NotBefore { get; set; }

public DateTime? Expires { get; set; }
}

private static string CreateToken(DateTime? issuedAt, DateTime? notBefore, DateTime? expires)
{
JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler();
jsonWebTokenHandler.SetDefaultTimesOnTokenCreation = false; // Allow for null values to be passed in to validate.

SecurityTokenDescriptor securityTokenDescriptor = new SecurityTokenDescriptor
{
Subject = Default.ClaimsIdentity,
IssuedAt = issuedAt,
NotBefore = notBefore,
Expires = expires,
};

return jsonWebTokenHandler.CreateToken(securityTokenDescriptor);
}
}
}
#nullable restore