diff --git a/test/JsonWebTokens.Tests/JsonWebTokenTests.cs b/test/JsonWebTokens.Tests/JsonWebTokenTests.cs index 544ff64..10f37e2 100644 --- a/test/JsonWebTokens.Tests/JsonWebTokenTests.cs +++ b/test/JsonWebTokens.Tests/JsonWebTokenTests.cs @@ -6,6 +6,8 @@ namespace Jwt.Tests { public class JsonWebTokenTests { + private static readonly DateTime UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc); + [Fact] public void EncodeHs256Token_Returns_ExpectedToken() { @@ -25,6 +27,56 @@ public void EncodeHs256Token_Returns_ExpectedToken() Assert.Equal("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkxIjoxLCJrZXkyIjoidGhlLXZhbHVlIn0.z4nWl_itwSsz1SbxEZkxCmm9MMkIKanFvgGz_gsWIJo", token); } + [Fact] + public void InvalidSignature_ThrowsException() + { + // Arrange + var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkxIjoxLCJrZXkyIjoidGhlLXZhbHVlIn0.nope"; + + // Act & Assert + var ex = Assert.Throws(() => JsonWebToken.Decode(token, "SOME_SECRET_KEY")); + Assert.Equal("Invalid JWT signature.", ex.Message); + } + + [Fact] + public void InvalidKey_ThrowsException() + { + // Arrange + var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkxIjoxLCJrZXkyIjoidGhlLXZhbHVlIn0.z4nWl_itwSsz1SbxEZkxCmm9MMkIKanFvgGz_gsWIJo"; + + // Act & Assert + var ex = Assert.Throws(() => JsonWebToken.Decode(token, "invalid_key")); + Assert.Equal("Invalid JWT signature.", ex.Message); + } + + [Fact] + public void InvalidSignature_WithoutVerify_ReturnsPayload() + { + // Arrange + var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkxIjoxLCJrZXkyIjoidGhlLXZhbHVlIn0.nope"; + + // Act + var jwt = JsonWebToken.DecodeToObject(token, "SOME_SECRET_KEY", verify: false); + + // Assert + Assert.Equal(1L, jwt["key1"]); + Assert.Equal("the-value", jwt["key2"]); + } + + [Fact] + public void InvalidKey_WithoutVerify_ReturnsPayload() + { + // Arrange + var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkxIjoxLCJrZXkyIjoidGhlLXZhbHVlIn0.z4nWl_itwSsz1SbxEZkxCmm9MMkIKanFvgGz_gsWIJo"; + + // Act + var jwt = JsonWebToken.DecodeToObject(token, "blah", verify: false); + + // Assert + Assert.Equal(1L, jwt["key1"]); + Assert.Equal("the-value", jwt["key2"]); + } + [Fact] public void DecodeHS256_Verifies_Correctly() { @@ -102,5 +154,54 @@ public void DecodeHS512_Verifies_Correctly() Assert.Equal(1L, jwt["key1"]); Assert.Equal("the-value", jwt["key2"]); } + + [Fact] + public void TokenWithExpiration_EncodesAndDecodes() + { + // Arrange + var payload = new Dictionary() + { + { "exp", Math.Round((DateTime.UtcNow.AddHours(1) - UnixEpoch).TotalSeconds) } + }; + var secretKey = "SOME_SECRET_KEY"; + + // Act + var token = JsonWebToken.Encode(payload, secretKey, JwtHashAlgorithm.HS256); + var decoded = JsonWebToken.DecodeToObject(token, secretKey); + Assert.True(decoded.ContainsKey("exp")); + } + + [Fact] + public void ExpiredNowToken_ThrowsException() + { + // Arrange + var payload = new Dictionary() + { + // A timestamp of now is considered as expired + { "exp", Math.Round((DateTime.UtcNow - UnixEpoch).TotalSeconds) } + }; + var secretKey = "SOME_SECRET_KEY"; + + // Act + var token = JsonWebToken.Encode(payload, secretKey, JwtHashAlgorithm.HS256); + var ex = Assert.Throws(() => JsonWebToken.DecodeToObject(token, secretKey)); + Assert.Equal("Token has expired.", ex.Message); + } + + [Fact] + public void ExpiredToken_ThrowsException() + { + // Arrange + var payload = new Dictionary() + { + { "exp", Math.Round((DateTime.UtcNow.AddSeconds(-1) - UnixEpoch).TotalSeconds) } + }; + var secretKey = "SOME_SECRET_KEY"; + + // Act + var token = JsonWebToken.Encode(payload, secretKey, JwtHashAlgorithm.HS256); + var ex = Assert.Throws(() => JsonWebToken.DecodeToObject(token, secretKey)); + Assert.Equal("Token has expired.", ex.Message); + } } }