时间戳

首页 > 解决方案 > 创建 JWT 以测试受 Auth0 保护的 API

unit-testing - 创建 JWT 以测试受 Auth0 保护的 API

问题描述

我正在尝试通过单元测试来覆盖受 Auth0 保护的 API。写了以下:

'use strict';

const createJWKSMock = require('mock-jwks').default;

const startAuthServer = jwksServer => {
  const jwks = createJWKSMock(jwksServer);
  jwks.start();
  return jwks;
};

const getToken = jwks => {
  const token = jwks.token({
    iss: `https://${process.env.AUTH0_DOMAIN}/`,
    sub: 'testprovider|12345678',
    aud: [
      `${process.env.AUTH0_AUDIENCE}`,
      `https://${process.env.AUTH0_DOMAIN}/userinfo`
    ],
    iat: 1635891021,
    exp: 1635977421,
    azp: 'AndI...3oF',
    scope: 'openid profile email'
  });
  return token;
};

const stopAuthServer = jwks => {
  jwks.stop();
};

describe('/promoter/event/:id', () => {
  let server, token, jwks;
  beforeAll(() => {});

  beforeEach(async () => {
    jest.clearAllMocks();

    jwks = startAuthServer(`https://${process.env.AUTH0_DOMAIN}`);
    token = getToken(jwks);

    server = require('../../../');

    await server.ready();
  });

  afterEach(async () => {
    stopAuthServer(jwks);
  });

  it('GET for a non-exising event returns 404', async () => {
    const mockSelect = jest.fn();
    mockSelect
      .mockResolvedValueOnce({
        rowCount: 1,
        rows: [{ row_to_json: { id: 1 } }]
      })
      .mockResolvedValueOnce({
        rowCount: 0,
        rows: []
      });

    server.pg.query = mockSelect;
    // const token = `eyJhb...u5WYA`;

    const response = await server.inject({
      method: 'GET',
      url: '/promoter/event/25',
      headers: { Authorization: `Bearer ${token}` }
    });

    expect(response.statusCode).toEqual(404);
  });
});

如果我使用getToken使用 Auth0 插件生成的令牌运行代码,则不会让令牌通过,我得到500.

如果我使用/取消注释Auth0测试返回的令牌通过。因此,很明显问题出在令牌上。

我解码了这两个令牌 - 由发行的Auth0和由制造的mock-jwks,我注意到的唯一区别是由制造的令牌中的标头mock-jwks缺少typ属性。

制作的Auth0看起来像:

{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "Mk...OQ"
}

而那些产生的mock-jwks看起来像:

{
  "alg": "RS256",
  "kid": "Mk...OQ"
}

在内部,我的服务器fastify-auth0-verify用于验证令牌。

我还尝试使用nock以下方式模拟身份验证服务器:

nock(`https://${process.env.AUTH0_DOMAIN}`)
  .get('/.well-known/jwks.json')
  .reply(200, nockReply);

它也不起作用。调用永远不会到达它,而且,NodeJS 会打印一个警告:

Jest did not exit one second after the test run has completed.

This usually means that there are asynchronous operations that weren't stopped in your tests. Consider running Jest with `--detectOpenHandles` to troubleshoot this issue.

如果我禁用mock-jwks, /tests 退出无论有没有Jest都很好。nocknock

建议?

标签: unit-testingjwtauth0fastify-jwt

解决方案

推荐阅读