Implement JWT dynamic keys test

2024-09-30 09:18:14 +13:00 · 2024-05-29 09:33:39 +00:00 · 2024-05-29 09:33:39 +00:00 · 49b2bcf462
commit 49b2bcf462
parent b0317fb19d
2 changed files with 55 additions and 1 deletions
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@ -216,7 +216,7 @@ App::init()
            if($keyType === API_KEY_DYNAMIC) {
                // Dynamic key

-                $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 900, 10);
+                $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 3600, 0);

                try {
                    $payload = $jwtObj->decode($authKey);
--- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
@ -2743,6 +2743,60 @@ class ProjectsConsoleClientTest extends Scope
        $this->assertEmpty($response['body']);
    }

+    // JWT Keys
+
+    /**
+     * @depends testCreateProject
+     */
+    public function testJWTKey($data): void
+    {
+        $id = $data['projectId'] ?? '';
+
+        // Create JWT key
+        $response = $this->client->call(Client::METHOD_POST, '/projects/' . $id . '/jwts', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'duration' => 5,
+            'scopes' => ['users.read'],
+        ]);
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+        $this->assertNotEmpty($response['body']['jwt']);
+
+        $jwt = $response['body']['jwt'];
+
+        // Ensure JWT key works
+        $response = $this->client->call(Client::METHOD_GET, '/users', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $id,
+            'x-appwrite-key' => $jwt,
+        ]);
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $this->assertArrayHasKey('users', $response['body']);
+
+        // Ensure JWT key respect scopes
+        $response = $this->client->call(Client::METHOD_GET, '/functions', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $id,
+            'x-appwrite-key' => $jwt,
+        ]);
+
+        $this->assertEquals(401, $response['headers']['status-code']);
+
+        // Ensure JWT key expires
+        \sleep(10);
+
+        $response = $this->client->call(Client::METHOD_GET, '/users', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $id,
+            'x-appwrite-key' => $jwt,
+        ]);
+
+        $this->assertEquals(401, $response['headers']['status-code']);
+    }
+
    // Platforms

    /**