这是indexloc提供的服务,不要输入任何密码
Skip to content

add additional tests for testing claims_namespace_path in JWT tokens #4481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Apr 21, 2020
Merged

add additional tests for testing claims_namespace_path in JWT tokens #4481

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
6244a62
add additional tests for testing claims_namespace_path in JWT tokens
codingkarthik Apr 20, 2020
64f5258
Merge branch 'master' into additional_claims_namespace_path_tests
codingkarthik Apr 20, 2020
73d387d
modify the JWT tests
codingkarthik Apr 20, 2020
e24df73
combine the claims_namespace_path tests together in test-server.sh
codingkarthik Apr 20, 2020
3bd8e4c
change the order of the claims_namespace_path tests
codingkarthik Apr 20, 2020
71753f6
change the order of the claims_namespace_path tests
codingkarthik Apr 20, 2020
d4578be
Merge branch 'master' into additional_claims_namespace_path_tests
codingkarthik Apr 21, 2020
3559759
Merge branch 'master' into additional_claims_namespace_path_tests
codingkarthik Apr 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion .circleci/test-server.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,32 @@ unset HASURA_GRAPHQL_JWT_SECRET
echo -e "\n$(time_elapsed): <########## TEST GRAPHQL-ENGINE WITH ADMIN SECRET AND JWT (with claims_namespace_path) #####################################>\n"
TEST_TYPE="jwt-with-claims-namespace-path"

export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jwt_public.key)" '{ type: "RS512", key: $key , claims_namespace_path: "$.hasuraClaims"}')"
# hasura claims at one level of nesting
export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jwt_public.key)" '{ type: "RS512", key: $key , claims_namespace_path: "$.hasura_claims"}')"

run_hge_with_args serve
wait_for_port 8080

pytest -n 1 -vv --hge-urls "$HGE_URL" --pg-urls "$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-jwt-key-file="$OUTPUT_FOLDER/ssl/jwt_private.key" --hge-jwt-conf="$HASURA_GRAPHQL_JWT_SECRET" test_jwt.py

kill_hge_servers

unset HASURA_GRAPHQL_JWT_SECRET

# hasura claims at two levels of nesting with claims_namespace_path containing special character
export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jwt_public.key)" '{ type: "RS512", key: $key , claims_namespace_path: "$.hasura['\''claims%'\'']"}')"

run_hge_with_args serve
wait_for_port 8080

pytest -n 1 -vv --hge-urls "$HGE_URL" --pg-urls "$HASURA_GRAPHQL_DATABASE_URL" --hge-key="$HASURA_GRAPHQL_ADMIN_SECRET" --hge-jwt-key-file="$OUTPUT_FOLDER/ssl/jwt_private.key" --hge-jwt-conf="$HASURA_GRAPHQL_JWT_SECRET" test_jwt.py

kill_hge_servers

unset HASURA_GRAPHQL_JWT_SECRET

# hasura claims at the root of the JWT token
export HASURA_GRAPHQL_JWT_SECRET="$(jq -n --arg key "$(cat $OUTPUT_FOLDER/ssl/jwt_public.key)" '{ type: "RS512", key: $key , claims_namespace_path: "$"}')"

run_hge_with_args serve
wait_for_port 8080
Expand Down
1 change: 0 additions & 1 deletion server/src-lib/Data/Parser/JSONPath.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,4 +54,3 @@ bracketElement = do
pure result

charOrEscape delimiter = (char '\\' *> anyChar) <|> notChar delimiter

22 changes: 13 additions & 9 deletions server/tests-py/validate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,18 +122,22 @@ def test_forbidden_webhook(hge_ctx, conf):
'request id': resp_hdrs.get('x-request-id')
})


def mk_claims_with_namespace_path(claims,hasura_claims,namespace_path):
if namespace_path is None:
claims['https://hasura.io/jwt/claims'] = hasura_claims
elif namespace_path == "$.hasuraClaims":
claims['hasuraClaims'] = hasura_claims
else:
raise Exception(
if namespace_path is None:
claims['https://hasura.io/jwt/claims'] = hasura_claims
elif namespace_path == "$":
claims.update(hasura_claims)
elif namespace_path == "$.hasura_claims":
claims['hasura_claims'] = hasura_claims
elif namespace_path == "$.hasura['claims%']":
claims['hasura'] = {}
claims['hasura']['claims%'] = hasura_claims
else:
raise Exception(
'''claims_namespace_path should not be anything
other than $.hasuraClaims for testing. The
other than $.hasura_claims, $.hasura['claims%'] or $ for testing. The
value of claims_namespace_path was {}'''.format(namespace_path))
return claims
return claims

# Returns the response received and a bool indicating whether the test passed
# or not (this will always be True unless we are `--accepting`)
Expand Down