Skip to content

Merge branch 'dh/workflows' into dh/jwtbearer #8

Merge branch 'dh/workflows' into dh/jwtbearer

Merge branch 'dh/workflows' into dh/jwtbearer #8

GitHub Actions / Test results succeeded Oct 23, 2024 in 0s

81 passed, 0 failed and 0 skipped

Tests passed successfully

✅ test/AspNetCore.Authentication.JwtBearer.Tests/TestResults/Tests.trx

81 tests were completed in 18s with 81 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
Duende.AspNetCore.Authentication.JwtBearer.DPoP.AccessTokenCnfTests 14✅ 1s
Duende.AspNetCore.Authentication.JwtBearer.DPoP.FreshnessTests 33✅ 146ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.HeaderTests 15✅ 180ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.PayloadTests 9✅ 844ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.ReplayTests 7✅ 18ms
Duende.AspNetCore.Authentication.JwtBearer.DPoPIntegrationTests 3✅ 8s

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.AccessTokenCnfTests

✅ cnf_missing_jkt_should_fail
✅ empty_cnf_value_should_fail
✅ mismatched_jkt_should_fail
✅ missing_cnf_should_fail
✅ non_json_object_cnf_should_fail(cnf: "[]")
✅ non_json_object_cnf_should_fail(cnf: "[\"asdf\"]")
✅ non_json_object_cnf_should_fail(cnf: "[123]")
✅ non_json_object_cnf_should_fail(cnf: "0")
✅ non_json_object_cnf_should_fail(cnf: "1")
✅ non_json_object_cnf_should_fail(cnf: "3.14159")
✅ non_json_object_cnf_should_fail(cnf: "false")
✅ non_json_object_cnf_should_fail(cnf: "not-a-json-object")
✅ non_json_object_cnf_should_fail(cnf: "null")
✅ non_json_object_cnf_should_fail(cnf: "true")

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.FreshnessTests

✅ can_retrieve_issued_at_unix_time_from_nonce
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088799, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088800, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088801, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088899, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088900, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088901, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088789, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088790, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088791, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088799, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088800, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088801, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088899, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088900, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088901, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088909, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088910, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088911, expected: True)
✅ expired_nonce_returns_use_dpop_nonce_with_server_issued_nonce
✅ expired_proofs_set_errors
✅ invalid_nonce_is_treated_as_zero
✅ invalid_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "garbage")
✅ invalid_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "null")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: " ")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: null)
✅ nonce_contains_data_protected_issued_at_unix_time
✅ unexpired_proofs_do_not_set_errors
✅ use_client_or_server_clock_skew_depending_on_validation_mode(clientClockSkew: 0, serverClockSkew: 10, mode: Nonce)
✅ use_client_or_server_clock_skew_depending_on_validation_mode(clientClockSkew: 10, serverClockSkew: 0, mode: IssuedAt)
✅ validate_iat_when_ValidateIat_flag_is_set
✅ validate_nonce_when_ValidateNonce_flag_is_set

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.HeaderTests

✅ disallowed_algorithms_fail(alg: "HS256")
✅ disallowed_algorithms_fail(alg: "HS384")
✅ disallowed_algorithms_fail(alg: "HS512")
✅ disallowed_algorithms_fail(alg: "none")
✅ malformed_proof_tokens_fail
✅ proof_tokens_with_incorrect_typ_header_fail
✅ valid_algorithms_succeed(alg: "ES256")
✅ valid_algorithms_succeed(alg: "ES384")
✅ valid_algorithms_succeed(alg: "ES512")
✅ valid_algorithms_succeed(alg: "PS256")
✅ valid_algorithms_succeed(alg: "PS384")
✅ valid_algorithms_succeed(alg: "PS512")
✅ valid_algorithms_succeed(alg: "RS256")
✅ valid_algorithms_succeed(alg: "RS384")
✅ valid_algorithms_succeed(alg: "RS512")

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.PayloadTests

✅ ValidatePayload_AthMismatch
✅ ValidatePayload_Expired
✅ ValidatePayload_MissingAth
✅ ValidatePayload_MissingHtm
✅ ValidatePayload_MissingHtu
✅ ValidatePayload_MissingIat
✅ ValidatePayload_MissingJti
✅ ValidatePayload_MissingPayload
✅ ValidatePayload_Success

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.ReplayTests

✅ ValidatePayload_ReplayFailure
✅ ValidateReplayAsync_AddsToCacheWhenTokenIdNotAlreadyInCache(validateIat: False, validateNonce: True, clientClockSkew: 0, serverClockSkew: 10)
✅ ValidateReplayAsync_AddsToCacheWhenTokenIdNotAlreadyInCache(validateIat: True, validateNonce: False, clientClockSkew: 10, serverClockSkew: 0)
✅ ValidateReplayAsync_AddsToCacheWhenTokenIdNotAlreadyInCache(validateIat: True, validateNonce: True, clientClockSkew: 10, serverClockSkew: 20)
✅ ValidateReplayAsync_AddsToCacheWhenTokenIdNotAlreadyInCache(validateIat: True, validateNonce: True, clientClockSkew: 20, serverClockSkew: 10)
✅ ValidateReplayAsync_AddsToCacheWhenTokenIdNotAlreadyInCache(validateIat: True, validateNonce: True, clientClockSkew: 20, serverClockSkew: 20)
✅ ValidateReplayAsync_FailsWhenTokenIdAlreadyInCache

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoPIntegrationTests

✅ DPoPOnly_BearerTokenFails
✅ DPoPOnly_NoTokenFails
✅ DPoPOnly_ValidTokenSucceeds