From 21b44455af0f7d711b5b4695ee5dc276ce52f495 Mon Sep 17 00:00:00 2001 From: Mehrn0ush Date: Sun, 6 Oct 2024 17:21:18 +0330 Subject: [PATCH 1/3] Add JWT_SECRET for testing purpose --- .github/workflows/pr-checks.yml | 1 + src/auth/rbac.rs | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 1d3b1bf..78a8a7f 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -25,6 +25,7 @@ jobs: - name: Run cargo test env: REDIS_URL: redis://localhost:6379 + JWT_SECRET: test_secret run: cargo test format: diff --git a/src/auth/rbac.rs b/src/auth/rbac.rs index b1bf61e..9184f63 100644 --- a/src/auth/rbac.rs +++ b/src/auth/rbac.rs @@ -98,6 +98,7 @@ pub fn extract_roles(token: &str) -> RbacResult> { Ok(token_data.claims.roles) } + #[cfg(test)] mod tests { use super::*; @@ -107,15 +108,16 @@ mod tests { #[derive(Debug, Serialize)] struct TestClaims { sub: String, - exp: i64, // Changed to i64 + exp: i64, roles: Vec, } /// Helper function to generate a JWT token for testing. + fn generate_test_token(claims: TestClaims, secret: &str) -> String { let header = Header::new(Algorithm::HS256); encode(&header, &claims, &EncodingKey::from_secret(secret.as_ref())).unwrap() - } + } #[test] fn test_rbac_check_invalid_token() { @@ -274,4 +276,8 @@ mod tests { assert!(roles.contains(&"admin".to_string())); assert!(roles.contains(&"user".to_string())); } + + + + } From 49ff650324d79c4e00cd29230108aa8b1eac4fe7 Mon Sep 17 00:00:00 2001 From: Mehrn0ush Date: Sun, 6 Oct 2024 17:29:58 +0330 Subject: [PATCH 2/3] fmt --- src/auth/rbac.rs | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/auth/rbac.rs b/src/auth/rbac.rs index 9184f63..2e549f7 100644 --- a/src/auth/rbac.rs +++ b/src/auth/rbac.rs @@ -98,7 +98,6 @@ pub fn extract_roles(token: &str) -> RbacResult> { Ok(token_data.claims.roles) } - #[cfg(test)] mod tests { use super::*; @@ -108,16 +107,16 @@ mod tests { #[derive(Debug, Serialize)] struct TestClaims { sub: String, - exp: i64, + exp: i64, roles: Vec, } /// Helper function to generate a JWT token for testing. - + fn generate_test_token(claims: TestClaims, secret: &str) -> String { let header = Header::new(Algorithm::HS256); encode(&header, &claims, &EncodingKey::from_secret(secret.as_ref())).unwrap() - } + } #[test] fn test_rbac_check_invalid_token() { @@ -276,8 +275,4 @@ mod tests { assert!(roles.contains(&"admin".to_string())); assert!(roles.contains(&"user".to_string())); } - - - - } From 656fe01bf43384d86e323f26408eebdf079eb061 Mon Sep 17 00:00:00 2001 From: Mehrn0ush Date: Mon, 21 Oct 2024 18:31:48 +0330 Subject: [PATCH 3/3] Correct the tests --- Cargo.toml | 3 ++ src/auth/rbac.rs | 84 ++++++++++++++++++++++++++++++++++-------------- 2 files changed, 62 insertions(+), 25 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 45b1f1f..2989c79 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -43,3 +43,6 @@ reqwest = { version= "0.12.8", features = ["json"] } hex = "0.4.3" rsa = "0.9.6" actix-rt = "2.10.0" + +[dev-dependencies] +serial_test = "3.1.1" diff --git a/src/auth/rbac.rs b/src/auth/rbac.rs index 2e549f7..70f5dc2 100644 --- a/src/auth/rbac.rs +++ b/src/auth/rbac.rs @@ -101,7 +101,12 @@ pub fn extract_roles(token: &str) -> RbacResult> { #[cfg(test)] mod tests { use super::*; + use crate::auth::mock::{MockSessionManager, MockUserAuthenticator}; + use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation}; use jsonwebtoken::{encode, EncodingKey, Header}; + use serde::{Deserialize, Serialize}; + use serial_test::serial; + use std::collections::HashSet; use std::env; #[derive(Debug, Serialize)] @@ -118,40 +123,62 @@ mod tests { encode(&header, &claims, &EncodingKey::from_secret(secret.as_ref())).unwrap() } + /// Helper function to set the JWT_SECRET environment variable. + fn set_jwt_secret(secret: &str) { + env::set_var("JWT_SECRET", secret); + } + + /// Helper function to remove the JWT_SECRET environment variable. + fn remove_jwt_secret() { + env::remove_var("JWT_SECRET"); + } + + /// Test that `rbac_check` fails with an invalid token. #[test] + #[serial] fn test_rbac_check_invalid_token() { // Set the JWT_SECRET environment variable for testing - env::set_var("JWT_SECRET", "test_secret"); + set_jwt_secret("test_secret"); let invalid_token = "invalid.token.value"; let result = rbac_check(invalid_token, "admin"); - assert!(matches!(result, Err(RbacError::InvalidToken))); + assert!( + matches!(result, Err(RbacError::InvalidToken)), + "Expected InvalidToken error, but got: {:?}", + result + ); // Clean up - env::remove_var("JWT_SECRET"); + remove_jwt_secret(); } + /// Test that `extract_roles` fails with an invalid token. #[test] + #[serial] fn test_extract_roles_invalid_token() { // Set the JWT_SECRET environment variable for testing - env::set_var("JWT_SECRET", "test_secret"); + set_jwt_secret("test_secret"); let invalid_token = "invalid.token.value"; let result = extract_roles(invalid_token); - assert!(matches!(result, Err(RbacError::InvalidToken))); + assert!( + matches!(result, Err(RbacError::InvalidToken)), + "Expected InvalidToken error, but got: {:?}", + result + ); // Clean up - env::remove_var("JWT_SECRET"); + remove_jwt_secret(); } + /// Test that `rbac_check` correctly identifies an expired token. #[test] + #[serial] fn test_rbac_check_expired_token() { - dotenv::dotenv().ok(); - - // Ensure JWT_SECRET is set in the environment - let jwt_secret = env::var("JWT_SECRET").expect("JWT_SECRET must be set in .env"); + // Set the JWT_SECRET environment variable for testing + set_jwt_secret("test_secret"); // Set the expiration time to a timestamp in the past let past_timestamp = (chrono::Utc::now() - chrono::Duration::seconds(3600)).timestamp(); @@ -164,7 +191,7 @@ mod tests { }; // Generate a test token using the JWT_SECRET - let token = generate_test_token(claims, &jwt_secret); + let token = generate_test_token(claims, "test_secret"); // Perform the RBAC check let result = rbac_check(&token, "admin"); @@ -175,13 +202,17 @@ mod tests { "Expected ExpiredToken, but got: {:?}", result ); + + // Clean up + remove_jwt_secret(); } + + /// Test that `rbac_check` fails when the required role is missing. #[test] + #[serial] fn test_rbac_check_missing_role() { - dotenv::dotenv().ok(); // Load environment variables from .env - - // Ensure JWT_SECRET is set in the environment - let jwt_secret = env::var("JWT_SECRET").expect("JWT_SECRET must be set in .env"); + // Set the JWT_SECRET environment variable for testing + set_jwt_secret("test_secret"); // Define the claims with the role "user" and a valid future expiration time let claims = TestClaims { @@ -191,7 +222,7 @@ mod tests { }; // Generate the test JWT token using the JWT_SECRET - let token = generate_test_token(claims, &jwt_secret); + let token = generate_test_token(claims, "test_secret"); // Run the RBAC check for the "admin" role let result = rbac_check(&token, "admin"); @@ -205,16 +236,17 @@ mod tests { "Expected InsufficientRole, but got: {:?}", result ); + + // Clean up + remove_jwt_secret(); } + /// Test that `rbac_check` succeeds when the required role is present. #[test] + #[serial] fn test_rbac_check_success() { - dotenv::dotenv().ok(); // Load environment variables from .env - - // Retrieve the JWT_SECRET from the environment - let jwt_secret = env::var("JWT_SECRET").expect("JWT_SECRET must be set in .env"); - - println!("JWT Secret being used: {}", jwt_secret); + // Set the JWT_SECRET environment variable for testing + set_jwt_secret("test_secret"); // Create claims with "admin" and "user" roles and a valid future expiration time let claims = TestClaims { @@ -224,17 +256,19 @@ mod tests { }; // Generate the test JWT token using the same secret - let token = generate_test_token(claims, &jwt_secret); - - println!("Generated Token: {}", token); + let token = generate_test_token(claims, "test_secret"); // Perform the RBAC check for the "admin" role let result = rbac_check(&token, "admin"); + // Debugging output to track the result println!("RBAC Check Result: {:?}", result); // Ensure the result is Ok, meaning the role was validated successfully assert!(result.is_ok(), "Expected Ok, but got: {:?}", result); + + // Clean up + remove_jwt_secret(); } #[test]