From 67c8eb869471a9e825ec9daf03a39e806b30c83c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=A1=B0=ED=83=9C=ED=98=81?= Date: Thu, 28 Apr 2022 22:20:23 +0900 Subject: [PATCH] Fix Issuer Validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * correct mismatched enum * Add issuer validation tests Co-authored-by: 조태혁 --- src/Paseto/Handlers/PasetoPurposeHandler.cs | 2 +- tests/Paseto.Tests/PasetoValidationTest.cs | 84 +++++++++++++++++++++ 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 tests/Paseto.Tests/PasetoValidationTest.cs diff --git a/src/Paseto/Handlers/PasetoPurposeHandler.cs b/src/Paseto/Handlers/PasetoPurposeHandler.cs index 3b81826..7da50a2 100644 --- a/src/Paseto/Handlers/PasetoPurposeHandler.cs +++ b/src/Paseto/Handlers/PasetoPurposeHandler.cs @@ -85,6 +85,6 @@ protected virtual void ValidateIssuer(PasetoToken token, PasetoTokenValidationPa return; if (token.Payload.HasIssuer()) - new EqualValidator(token.Payload, PasetoRegisteredClaimNames.Audience).Validate(validationParameters.ValidIssuer); + new EqualValidator(token.Payload, PasetoRegisteredClaimNames.Issuer).Validate(validationParameters.ValidIssuer); } } diff --git a/tests/Paseto.Tests/PasetoValidationTest.cs b/tests/Paseto.Tests/PasetoValidationTest.cs new file mode 100644 index 0000000..d6472d2 --- /dev/null +++ b/tests/Paseto.Tests/PasetoValidationTest.cs @@ -0,0 +1,84 @@ +using System.ComponentModel; +using System.Linq; +using FluentAssertions; +using Paseto.Builder; +using Paseto.Cryptography.Key; +using Xunit; + +namespace Paseto.Tests +{ + public sealed class PasetoValidationTest + { + [Theory(DisplayName = "Should succeed on token with valid issuer")] + [InlineData(ProtocolVersion.V3, Purpose.Local)] + [InlineData(ProtocolVersion.V3, Purpose.Public)] + [InlineData(ProtocolVersion.V4, Purpose.Local)] + [InlineData(ProtocolVersion.V4, Purpose.Public)] + public void TokenWithValidIssuerValidationSucceeds(ProtocolVersion version, Purpose purpose) + { + var validationParameters = new PasetoTokenValidationParameters() + { + ValidateIssuer = true, + ValidIssuer = "valid-issuer", + }; + + var (token, decodeKey) = GenerateToken(version, purpose, "valid-issuer"); + var decoded = new PasetoBuilder() + .Use(version, purpose) + .WithKey(decodeKey) + .Decode(token, validationParameters); + + decoded.IsValid.Should().BeTrue(); + } + + [Theory(DisplayName = "Should fail on token with invalid issuer")] + [InlineData(ProtocolVersion.V3, Purpose.Local)] + [InlineData(ProtocolVersion.V3, Purpose.Public)] + [InlineData(ProtocolVersion.V4, Purpose.Local)] + [InlineData(ProtocolVersion.V4, Purpose.Public)] + public void TokenWithInValidIssuerValidationFails(ProtocolVersion version, Purpose purpose) + { + var validationParameters = new PasetoTokenValidationParameters() + { + ValidateIssuer = true, + ValidIssuer = "valid-issuer", + }; + + var (token, decodeKey) = GenerateToken(version, purpose, "invalid-issuer"); + var decoded = new PasetoBuilder() + .Use(version, purpose) + .WithKey(decodeKey) + .Decode(token, validationParameters); + + decoded.IsValid.Should().BeFalse(); + } + + private static (string token, PasetoKey decodeKey) GenerateToken(ProtocolVersion version, Purpose purpose, string issuer) + { + var builder = new PasetoBuilder().Use(version, purpose); + switch (purpose) + { + case Purpose.Local: + { + var key = builder.GenerateSymmetricKey(); + var token = builder + .WithKey(key) + .Issuer(issuer) + .Encode(); + return (token, key); + } + case Purpose.Public: + { + var keyPair = builder.GenerateAsymmetricKeyPair(Enumerable.Repeat((byte)0x00, 32).ToArray()); + var token = builder + .WithKey(keyPair.SecretKey) + .Issuer(issuer) + .Encode(); + return (token, keyPair.PublicKey); + } + default: + throw new InvalidEnumArgumentException(); + } + } + } +} \ No newline at end of file