defmodule Api.SessionTest do
use Api.ModelCase
alias Api.Session
alias Api.Services.Sessions.Sign
import Joken
@signature hs256(Application.get_env(:api, :auth_signature))
test "Valid JWT" do
{:ok, %Session{user_token: user_token}} = %Session{
email: Faker.Internet.email,
type: "User"
}
|> Session.changeset(%{})
|> Repo.insert
assert user_token != nil
assert %Joken.Token{claims: claims} = Sign.verify(:user, user_token)
assert claims["type"] == "User"
end
test "Invalid JWT" do
{:ok, session = %Session{user_token: _}} = %Session{
email: Faker.Internet.email,
type: "User",
user_token: "DUMMY123"
}
|> Session.changeset(%{})
|> Repo.insert
assert session.user_token != "DUMMY123"
assert session.user_token != nil
end
test "Valid, seeded JWT" do
token = Sign.generate(:user)
{:ok, session = %Session{user_token: _}} = %Session{
email: Faker.Internet.email,
type: "User",
user_token: token
}
|> Session.changeset(%{})
|> Repo.insert
assert session.user_token == token
end
test "Expired JWT" do
issued_at = Joken.current_time - (24 * 60 * 60)
token = %{type: "User"}
|> token
|> with_iat(issued_at)
|> with_exp(issued_at + 60) # Expires after 1 minute
|> with_signer(@signature)
|> sign
|> Map.fetch!(:token)
joken_token = Sign.verify(:user, token)
assert %Joken.Token{claims: claims} = joken_token
assert claims["exp"] < Joken.current_time
assert claims["iat"] < Joken.current_time
assert claims["iat"] < claims["exp"]
end
end