diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55378e5c70..c7d611624b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]
+### Fixed
+- Fix bug of cache not working in authn jwt. [ONYX-11330](https://ca-il-jira.il.cyber-ark.com:8443/browse/ONYX-11330)
+
## [1.13.0] - 2021-07-29
### Added
diff --git a/app/domain/authentication/authn_jwt/signing_key/create_signing_key_factory.rb b/app/domain/authentication/authn_jwt/signing_key/create_signing_key_provider.rb
similarity index 95%
rename from app/domain/authentication/authn_jwt/signing_key/create_signing_key_factory.rb
rename to app/domain/authentication/authn_jwt/signing_key/create_signing_key_provider.rb
index ac0f0e4850..08d95b3f46 100644
--- a/app/domain/authentication/authn_jwt/signing_key/create_signing_key_factory.rb
+++ b/app/domain/authentication/authn_jwt/signing_key/create_signing_key_provider.rb
@@ -2,7 +2,7 @@ module Authentication
module AuthnJwt
module SigningKey
# Factory that returns the interface implementation of FetchSigningKey
- CreateSigningKeyFactory ||= CommandClass.new(
+ CreateSigningKeyProvider ||= CommandClass.new(
dependencies: {
fetch_provider_uri_signing_key_class: Authentication::AuthnJwt::SigningKey::FetchProviderUriSigningKey,
fetch_jwks_uri_signing_key_class: Authentication::AuthnJwt::SigningKey::FetchJwksUriSigningKey,
@@ -13,12 +13,12 @@ module SigningKey
def call
@logger.debug(LogMessages::Authentication::AuthnJwt::SelectingSigningKeyInterface.new)
validate_key_configuration
- create_signing_key
+ create_signing_key_provider
end
private
- def create_signing_key
+ def create_signing_key_provider
if provider_uri_has_valid_configuration?
@logger.info(
LogMessages::Authentication::AuthnJwt::SelectedSigningKeyInterface.new(PROVIDER_URI_INTERFACE_NAME)
diff --git a/app/domain/authentication/authn_jwt/signing_key/fetch_cached_signing_key.rb b/app/domain/authentication/authn_jwt/signing_key/fetch_cached_signing_key.rb
index 2d916585aa..8596e29ac6 100644
--- a/app/domain/authentication/authn_jwt/signing_key/fetch_cached_signing_key.rb
+++ b/app/domain/authentication/authn_jwt/signing_key/fetch_cached_signing_key.rb
@@ -6,20 +6,18 @@ module SigningKey
# fetch_signing_key it is extreme case that error need to be raised so it can be investigated so reek will ignore
# this.
# :reek:InstanceVariableAssumption
- class FetchCachedSigningKey
- def initialize(logger: Rails.logger)
- @logger = logger
- end
-
- def call(signing_key_interface:)
- @signing_key_interface = signing_key_interface
+ FetchCachedSigningKey = CommandClass.new(
+ dependencies: {},
+ inputs: %i[signing_key_provider]
+ ) do
+ def call
fetch_signing_key
end
private
def fetch_signing_key
- @signing_key_interface.fetch_signing_key
+ @signing_key_provider.fetch_signing_key
end
end
end
diff --git a/app/domain/authentication/authn_jwt/validate_and_decode/validate_and_decode_token.rb b/app/domain/authentication/authn_jwt/validate_and_decode/validate_and_decode_token.rb
index b177a36072..5ac7365995 100644
--- a/app/domain/authentication/authn_jwt/validate_and_decode/validate_and_decode_token.rb
+++ b/app/domain/authentication/authn_jwt/validate_and_decode/validate_and_decode_token.rb
@@ -7,7 +7,7 @@ module ValidateAndDecode
# for the 2nd validation
ValidateAndDecodeToken ||= CommandClass.new(
dependencies: {
- fetch_signing_key_from_cache: ::Util::ConcurrencyLimitedCache.new(
+ fetch_signing_key: ::Util::ConcurrencyLimitedCache.new(
::Util::RateLimitedCache.new(
::Authentication::AuthnJwt::SigningKey::FetchCachedSigningKey.new,
refreshes_per_interval: CACHE_REFRESHES_PER_INTERVAL,
@@ -20,7 +20,7 @@ module ValidateAndDecode
verify_and_decode_token: ::Authentication::Jwt::VerifyAndDecodeToken.new,
fetch_jwt_claims_to_validate: ::Authentication::AuthnJwt::ValidateAndDecode::FetchJwtClaimsToValidate.new,
get_verification_option_by_jwt_claim: ::Authentication::AuthnJwt::ValidateAndDecode::GetVerificationOptionByJwtClaim.new,
- signing_key_interface_factory: ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new,
+ create_signing_key_provider: ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new,
logger: Rails.logger
},
inputs: %i[authentication_parameters]
@@ -31,7 +31,6 @@ module ValidateAndDecode
def call
@logger.debug(LogMessages::Authentication::AuthnJwt::ValidatingToken.new)
validate_token_exists
- fetch_signing_key_interface
fetch_signing_key
validate_signature
fetch_jwt_claims_to_validate
@@ -43,9 +42,8 @@ def call
private
- # Don't do memoization here because otherwise interface won't change between different requests
- def fetch_signing_key_interface
- @signing_key_interface = @signing_key_interface_factory.call(
+ def signing_key_provider
+ @signing_key_provider ||= @create_signing_key_provider.call(
authentication_parameters: @authentication_parameters
)
end
@@ -55,10 +53,10 @@ def validate_token_exists
end
def fetch_signing_key(force_read: false)
- @jwks = @fetch_signing_key_from_cache.call(
+ @jwks = @fetch_signing_key.call(
refresh: force_read,
- cache_key: @signing_key_interface.signing_key_uri,
- signing_key_interface: @signing_key_interface
+ cache_key: signing_key_provider.signing_key_uri,
+ signing_key_provider: signing_key_provider
)
@logger.debug(LogMessages::Authentication::AuthnJwt::SigningKeysFetchedFromCache.new)
end
diff --git a/app/domain/authentication/authn_jwt/validate_status.rb b/app/domain/authentication/authn_jwt/validate_status.rb
index e9ca7a07f9..8fe377a756 100644
--- a/app/domain/authentication/authn_jwt/validate_status.rb
+++ b/app/domain/authentication/authn_jwt/validate_status.rb
@@ -3,7 +3,7 @@ module AuthnJwt
ValidateStatus = CommandClass.new(
dependencies: {
- fetch_signing_key_from_cache: ::Util::ConcurrencyLimitedCache.new(
+ fetch_signing_key: ::Util::ConcurrencyLimitedCache.new(
::Util::RateLimitedCache.new(
::Authentication::AuthnJwt::SigningKey::FetchCachedSigningKey.new,
refreshes_per_interval: CACHE_REFRESHES_PER_INTERVAL,
@@ -13,7 +13,7 @@ module AuthnJwt
max_concurrent_requests: CACHE_MAX_CONCURRENT_REQUESTS,
logger: Rails.logger
),
- create_signing_key_interface: Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new,
+ create_signing_key_provider: Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new,
fetch_issuer_value: Authentication::AuthnJwt::ValidateAndDecode::FetchIssuerValue.new,
fetch_audience_value: Authentication::AuthnJwt::ValidateAndDecode::FetchAudienceValue.new,
fetch_enforced_claims: Authentication::AuthnJwt::RestrictionValidation::FetchEnforcedClaims.new,
@@ -144,15 +144,15 @@ def webservice
end
def validate_signing_key
- @fetch_signing_key_from_cache.call(
- cache_key: signing_key_interface.signing_key_uri,
- signing_key_interface: signing_key_interface
+ @fetch_signing_key.call(
+ cache_key: signing_key_provider.signing_key_uri,
+ signing_key_provider: signing_key_provider
)
@logger.debug(LogMessages::Authentication::AuthnJwt::ValidatedSigningKeyConfiguration.new)
end
- def signing_key_interface
- @signing_key_interface ||= @create_signing_key_interface.call(
+ def signing_key_provider
+ @signing_key_provider ||= @create_signing_key_provider.call(
authentication_parameters: authentication_parameters
)
end
diff --git a/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb b/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb
index b75e2b547d..ba0cb9f257 100644
--- a/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb
+++ b/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb
@@ -82,12 +82,6 @@ def identity_provider
)
end
- def fetch_singing_key_interface
- @fetch_singing_key_interface ||= create_signing_key_interface.call(
- authentication_parameters: @authentication_parameters
- )
- end
-
def create_identity_provider
@logger.debug(LogMessages::Authentication::AuthnJwt::CreateJwtIdentityProviderInstance.new)
@create_identity_provider ||= @create_identity_provider
@@ -95,16 +89,6 @@ def create_identity_provider
@create_identity_provider
end
- def fetch_signing_key_interface
- @fetch_signing_key_interface ||= create_signing_key_interface.call(
- authentication_parameters: @authentication_parameters
- )
- end
-
- def create_signing_key_interface
- @create_signing_key_interface ||= Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new
- end
-
def restrictions_from_annotations
@restrictions_from_annotations ||= Authentication::ResourceRestrictions::GetServiceSpecificRestrictionFromAnnotation.new
end
diff --git a/app/domain/util/concurrency_limited_cache.rb b/app/domain/util/concurrency_limited_cache.rb
index ffc2676323..6fbff88d3c 100644
--- a/app/domain/util/concurrency_limited_cache.rb
+++ b/app/domain/util/concurrency_limited_cache.rb
@@ -25,7 +25,7 @@ def initialize(
# not in case before the flow runs and it can cause unexpected behaviour so reek will ignore this.
# reek:DuplicateMethodCall
def call(**args)
- cache_key = cached_key(args)
+ cache_key = cache_key(args)
@concurrency_mutex.synchronize do
if @concurrent_requests >= @max_concurrent_requests
@logger.debug(
@@ -72,13 +72,18 @@ def decrease_concurrent_requests
end
end
- def cached_key(args)
- cache_key = args.key?(:cache_key) ? args.fetch(:cache_key) : args
- @logger.debug(
- LogMessages::Util::ConcurrencyLimitedCacheKeyRetrieved.new(
- cache_key
+ # Function returning cache key to store/retrieve in the cache
+ def cache_key(args)
+ if args.key?(:cache_key)
+ cache_key = args.fetch(:cache_key)
+ @logger.debug(
+ LogMessages::Util::ConcurrencyLimitedCacheKeyRetrieved.new(
+ cache_key
+ )
)
- )
+ else
+ cache_key = args
+ end
cache_key
end
end
diff --git a/app/domain/util/rate_limited_cache.rb b/app/domain/util/rate_limited_cache.rb
index 4e43919278..befa064dae 100644
--- a/app/domain/util/rate_limited_cache.rb
+++ b/app/domain/util/rate_limited_cache.rb
@@ -72,14 +72,14 @@ def cached_key(args)
if args.key?(:cache_key)
cache_key = args.fetch(:cache_key)
args.delete(:cache_key)
- cache_key
- end
- cache_key = args
- @logger.debug(
- LogMessages::Util::RateLimitedCacheKeyRetrieved.new(
- cache_key
+ @logger.debug(
+ LogMessages::Util::RateLimitedCacheKeyRetrieved.new(
+ cache_key
+ )
)
- )
+ else
+ cache_key = args
+ end
cache_key
end
diff --git a/cucumber/authenticators_jwt/features/authn_jwt_fetch_signing_key.feature b/cucumber/authenticators_jwt/features/authn_jwt_fetch_signing_key.feature
index 79a49b3b58..700ef18fda 100644
--- a/cucumber/authenticators_jwt/features/authn_jwt_fetch_signing_key.feature
+++ b/cucumber/authenticators_jwt/features/authn_jwt_fetch_signing_key.feature
@@ -3,6 +3,7 @@ Feature: JWT Authenticator - Fetch signing key
In this feature we define a JWT authenticator with various signing key
configurations.
+ @sanity
Scenario: ONYX-8702: provider-uri is configured with valid value
Given I load a policy:
"""
@@ -88,59 +89,6 @@ Feature: JWT Authenticator - Fetch signing key
CONJ00011E Failed to discover Identity Provider (Provider URI: 'unknown-host.com')
"""
- Scenario: ONYX-8703: jwks uri configured with correct value
- Given I load a policy:
- """
- - !policy
- id: conjur/authn-jwt/raw
- body:
- - !webservice
-
- - !variable
- id: jwks-uri
-
- - !variable
- id: token-app-property
-
- - !group hosts
-
- - !permit
- role: !group hosts
- privilege: [ read, authenticate ]
- resource: !webservice
-
- - !host
- id: myapp
- annotations:
- authn-jwt/raw/project-id: myproject
-
- - !grant
- role: !group conjur/authn-jwt/raw/hosts
- member: !host myapp
- """
- And I am the super-user
- And I initialize remote JWKS endpoint with file "authn-jwt-fetch-signing-key" and alg "RS256"
- And I successfully set authn-jwt "jwks-uri" variable value to "http://jwks_py:8090/authn-jwt-fetch-signing-key/RS256" in service "raw"
- And I have a "variable" resource called "test-variable"
- And I successfully set authn-jwt "token-app-property" variable to value "host"
- And I permit host "myapp" to "execute" it
- And I add the secret value "test-secret" to the resource "cucumber:variable:test-variable"
- And I am using file "authn-jwt-fetch-signing-key" and alg "RS256" for remotely issue token:
- """
- {
- "host":"myapp",
- "project-id": "myproject"
- }
- """
- And I save my place in the log file
- When I authenticate via authn-jwt with the JWT token
- Then host "myapp" has been authorized by Conjur
- And I successfully GET "/secrets/cucumber/variable/test-variable" with authorized user
- And The following appears in the log after my savepoint:
- """
- cucumber:host:myapp successfully authenticated with authenticator authn-jwt service cucumber:webservice:conjur/authn-jwt/raw
- """
-
Scenario: ONYX-8705: jwks uri configured with bad value
Given I load a policy:
"""
diff --git a/spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_factory_spec.rb b/spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_provider_spec.rb
similarity index 97%
rename from spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_factory_spec.rb
rename to spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_provider_spec.rb
index 3eed59f336..0ee8609153 100644
--- a/spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_factory_spec.rb
+++ b/spec/app/domain/authentication/authn-jwt/signing_key/create_signing_key_provider_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe('Authentication::AuthnJwt::SigningKey::CreateSigningKeyInterface') do
+RSpec.describe('Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider') do
let(:authenticator_name) { 'authn-jwt' }
let(:service_id) { "my-service" }
@@ -70,11 +70,11 @@
# )( ) _ ( )__) )( )__) \__ \ )( \__ \
# (__) (_) (_)(____) (__) (____)(___/ (__) (___/
- context "CreateSigningKeyInterface " do
+ context "CreateSigningKeyProvider " do
context "'jwks-uri' and 'provider-uri' exist" do
subject do
- ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new(
+ ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new(
fetch_provider_uri_signing_key_class: mocked_fetch_exists_provider_uri,
fetch_jwks_uri_signing_key_class: mocked_fetch_exists_jwks_uri,
logger: mocked_logger
@@ -91,7 +91,7 @@
context "'jwks-uri' and 'provider-uri' does not exist" do
subject do
- ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new(
+ ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new(
fetch_provider_uri_signing_key_class: mocked_fetch_non_exists_provider_uri,
fetch_jwks_uri_signing_key_class: mocked_fetch_non_exists_jwks_uri,
logger: mocked_logger
@@ -108,7 +108,7 @@
context "'jwks-uri' exits and 'provider-uri' does not exists" do
subject do
- ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new(
+ ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new(
fetch_provider_uri_signing_key_class: mocked_fetch_non_exists_provider_uri,
fetch_jwks_uri_signing_key_class: mocked_fetch_exists_jwks_uri,
logger: mocked_logger
@@ -125,7 +125,7 @@
context "'jwks-uri' does not exists and 'provider-uri' exist" do
subject do
- ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyFactory.new(
+ ::Authentication::AuthnJwt::SigningKey::CreateSigningKeyProvider.new(
fetch_provider_uri_signing_key_class: mocked_fetch_exists_provider_uri,
fetch_jwks_uri_signing_key_class: mocked_fetch_non_exists_jwks_uri,
logger: mocked_logger
diff --git a/spec/app/domain/authentication/authn-jwt/validate_and_decode/validate_and_decode_token_spec.rb b/spec/app/domain/authentication/authn-jwt/validate_and_decode/validate_and_decode_token_spec.rb
index 9642918ed4..67e25cec4a 100644
--- a/spec/app/domain/authentication/authn-jwt/validate_and_decode/validate_and_decode_token_spec.rb
+++ b/spec/app/domain/authentication/authn-jwt/validate_and_decode/validate_and_decode_token_spec.rb
@@ -45,16 +45,16 @@
)
}
- let(:mocked_signing_key_interface_factory_valid) { double("MockedSigningKeyInterfaceFactoryValid") }
- let(:mocked_signing_key_interface_factory_invalid) { double("MockedSigningKeyInterfaceFactoryInvalid") }
- let(:mocked_signing_key_interface_factory_failed) { double("MockedSigningKeyInterfaceFactoryFailed") }
+ let(:mocked_create_signing_key_provider_valid) { double("MockedSigningKeyInterfaceFactoryValid") }
+ let(:mocked_create_signing_key_provider_invalid) { double("MockedSigningKeyInterfaceFactoryInvalid") }
+ let(:mocked_create_signing_key_provider_failed) { double("MockedSigningKeyInterfaceFactoryFailed") }
- let(:signing_key_interface_factory_error) { "signing key interface factory error" }
+ let(:create_signing_key_provider_error) { "signing key interface factory error" }
- let(:mocked_fetch_signing_key_interface_valid) { double("MockedSigningKeyInterfaceValid") }
- let(:mocked_fetch_signing_key_interface_failed) { double("MockedSigningKeyInterfaceFailed") }
+ let(:mocked_fetch_signing_key_provider_valid) { double("MockedSigningKeyInterfaceValid") }
+ let(:mocked_fetch_signing_key_provider_failed) { double("MockedSigningKeyInterfaceFailed") }
- let(:fetch_signing_key_interface_error) { "fetch signing key interface error" }
+ let(:fetch_signing_key_provider_error) { "fetch signing key interface error" }
let(:mocked_fetch_signing_key_failed_on_1st_time) { double("MockedFetchSigningKeyInvalid") }
let(:mocked_fetch_signing_key_failed_on_2nd_time) { double("MockedFetchSigningKeyInvalid") }
@@ -136,31 +136,31 @@ def valid_decoded_token(claims)
let(:mocked_verify_and_decode_token_succeed_to_validate_claims_when_keys_updated) { double("MockedVerifyAndDecodeTokenSucceedToValidateClaims") }
before(:each) do
- allow(mocked_fetch_signing_key_interface_valid).to(
+ allow(mocked_fetch_signing_key_provider_valid).to(
receive(:signing_key_uri).and_return(valid_signing_key_uri)
)
- allow(mocked_signing_key_interface_factory_valid).to(
- receive(:call).and_return(mocked_fetch_signing_key_interface_valid)
+ allow(mocked_create_signing_key_provider_valid).to(
+ receive(:call).and_return(mocked_fetch_signing_key_provider_valid)
)
- allow(mocked_fetch_signing_key_interface_failed).to(
- receive(:signing_key_uri).and_raise(fetch_signing_key_interface_error)
+ allow(mocked_fetch_signing_key_provider_failed).to(
+ receive(:signing_key_uri).and_raise(fetch_signing_key_provider_error)
)
- allow(mocked_signing_key_interface_factory_invalid).to(
- receive(:call).and_return(mocked_fetch_signing_key_interface_failed)
+ allow(mocked_create_signing_key_provider_invalid).to(
+ receive(:call).and_return(mocked_fetch_signing_key_provider_failed)
)
- allow(mocked_signing_key_interface_factory_failed).to(
- receive(:call).and_raise(signing_key_interface_factory_error)
+ allow(mocked_create_signing_key_provider_failed).to(
+ receive(:call).and_raise(create_signing_key_provider_error)
)
allow(mocked_fetch_signing_key_failed_on_1st_time).to(
receive(:call).with(
refresh: false,
cache_key: anything(),
- signing_key_interface: anything()
+ signing_key_provider: anything()
).and_raise(fetch_signing_key_1st_time_error)
)
@@ -168,7 +168,7 @@ def valid_decoded_token(claims)
receive(:call).with(
refresh: false,
cache_key: anything(),
- signing_key_interface: anything()
+ signing_key_provider: anything()
).and_return(jwks_from_2nd_call)
)
@@ -176,7 +176,7 @@ def valid_decoded_token(claims)
receive(:call).with(
refresh: true,
cache_key: anything(),
- signing_key_interface: anything()
+ signing_key_provider: anything()
).and_raise(fetch_signing_key_2nd_time_error)
)
@@ -188,7 +188,7 @@ def valid_decoded_token(claims)
receive(:call).with(
refresh: false,
cache_key: anything(),
- signing_key_interface: anything()
+ signing_key_provider: anything()
).and_return(jwks_from_1st_call)
)
@@ -196,7 +196,7 @@ def valid_decoded_token(claims)
receive(:call).with(
refresh: true,
cache_key: anything(),
- signing_key_interface: anything()
+ signing_key_provider: anything()
).and_return(jwks_from_2nd_call)
)
@@ -345,38 +345,38 @@ def valid_decoded_token(claims)
context "When error is during signing key factory call" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_failed_on_1st_time,
- signing_key_interface_factory: mocked_signing_key_interface_factory_failed
+ fetch_signing_key: mocked_fetch_signing_key_failed_on_1st_time,
+ create_signing_key_provider: mocked_create_signing_key_provider_failed
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
end
it "raises an error" do
- expect { subject }.to raise_error(signing_key_interface_factory_error)
+ expect { subject }.to raise_error(create_signing_key_provider_error)
end
end
context "When error is during signing_key_uri call" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_failed_on_1st_time,
- signing_key_interface_factory: mocked_signing_key_interface_factory_invalid
+ fetch_signing_key: mocked_fetch_signing_key_failed_on_1st_time,
+ create_signing_key_provider: mocked_create_signing_key_provider_invalid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
end
it "raises an error" do
- expect { subject }.to raise_error(fetch_signing_key_interface_error)
+ expect { subject }.to raise_error(fetch_signing_key_provider_error)
end
end
context "When error is during fetching from cache" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_failed_on_1st_time,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ fetch_signing_key: mocked_fetch_signing_key_failed_on_1st_time,
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -393,9 +393,9 @@ def valid_decoded_token(claims)
context "and failed to fetch keys from provider" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_failed_on_2nd_time,
+ fetch_signing_key: mocked_fetch_signing_key_failed_on_2nd_time,
verify_and_decode_token: mocked_verify_and_decode_token_invalid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -409,9 +409,9 @@ def valid_decoded_token(claims)
context "and succeed to fetch keys from provider" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_invalid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -427,11 +427,11 @@ def valid_decoded_token(claims)
context "and keys are not updated" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_2nd_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_valid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -445,11 +445,11 @@ def valid_decoded_token(claims)
context "and keys are updated" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_1st_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_valid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -467,10 +467,10 @@ def valid_decoded_token(claims)
context "and failed to fetch enforced claims" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_1st_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_invalid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -485,10 +485,10 @@ def valid_decoded_token(claims)
context "with empty claims list to validate" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_1st_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_with_empty_claims,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -502,10 +502,10 @@ def valid_decoded_token(claims)
context "with mandatory claims which do not exist in token" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_1st_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_with_not_exist_claims_in_token,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -519,11 +519,11 @@ def valid_decoded_token(claims)
context "and failed to get verification options" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_on_1st_time,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_invalid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -544,11 +544,11 @@ def valid_decoded_token(claims)
context "and failed to validate claims" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_failed_to_validate_claims,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_valid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -563,11 +563,11 @@ def valid_decoded_token(claims)
context "and keys are not updated" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_to_validate_claims_when_keys_not_updated,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_valid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
@@ -581,11 +581,11 @@ def valid_decoded_token(claims)
context "and keys are updated" do
subject do
::Authentication::AuthnJwt::ValidateAndDecode::ValidateAndDecodeToken.new(
- fetch_signing_key_from_cache: mocked_fetch_signing_key_always_succeed,
+ fetch_signing_key: mocked_fetch_signing_key_always_succeed,
verify_and_decode_token: mocked_verify_and_decode_token_succeed_to_validate_claims_when_keys_updated,
fetch_jwt_claims_to_validate: mocked_fetch_jwt_claims_to_validate_valid,
get_verification_option_by_jwt_claim: mocked_get_verification_option_by_jwt_claim_valid,
- signing_key_interface_factory: mocked_signing_key_interface_factory_valid
+ create_signing_key_provider: mocked_create_signing_key_provider_valid
).call(
authentication_parameters: authentication_parameters_with_valid_token
)
diff --git a/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb b/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb
index 25e6fa434c..12f701855e 100644
--- a/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb
+++ b/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb
@@ -23,8 +23,8 @@
}
let(:mocked_logger) { double("Mocked logger") }
- let(:mocked_valid_create_signing_key_interface) { double("Mocked valid create signing key interface") }
- let(:mocked_invalid_create_signing_key_interface) { double("Mocked invalid create signing key interface") }
+ let(:mocked_valid_create_signing_key_provider) { double("Mocked valid create signing key interface") }
+ let(:mocked_invalid_create_signing_key_provider) { double("Mocked invalid create signing key interface") }
let(:mocked_valid_fetch_issuer_value) { double("Mocked valid fetch issuer value") }
let(:mocked_invalid_fetch_issuer_value) { double("Mocked invalid fetch issuer value") }
let(:mocked_invalid_fetch_audience_value) { double("Mocked invalid audience issuer value") }
@@ -54,24 +54,24 @@
let(:user_cant_access_webservice_error) { "User cant access webservice" }
let(:webservice_does_not_exist_error) { "Webservice does not exist" }
let(:account_does_not_exist_error) { "Account does not exist" }
- let(:mocked_valid_signing_key_interface) { double("Mocked valid signing key interface") }
- let(:mocked_valid_fetch_signing_key_from_cache) { double("Mocked valid fetch signing key interface") }
+ let(:mocked_valid_signing_key_provider) { double("Mocked valid signing key interface") }
+ let(:mocked_valid_fetch_signing_key) { double("Mocked valid fetch signing key interface") }
before(:each) do
- allow(mocked_valid_create_signing_key_interface).to(
- receive(:call).and_return(mocked_valid_signing_key_interface)
+ allow(mocked_valid_create_signing_key_provider).to(
+ receive(:call).and_return(mocked_valid_signing_key_provider)
)
- allow(mocked_valid_signing_key_interface).to(
+ allow(mocked_valid_signing_key_provider).to(
receive(:signing_key_uri).and_return(valid_signing_key_uri)
)
- allow(mocked_valid_fetch_signing_key_from_cache).to(
+ allow(mocked_valid_fetch_signing_key).to(
receive(:call).and_return(valid_signing_key)
)
- allow(mocked_invalid_create_signing_key_interface).to(
+ allow(mocked_invalid_create_signing_key_provider).to(
receive(:call).and_raise(create_signing_key_configuration_is_invalid_error)
)
@@ -166,8 +166,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -191,8 +191,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -215,8 +215,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -239,8 +239,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -263,8 +263,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_invalid_validate_webservice_is_whitelisted,
@@ -299,8 +299,8 @@
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -324,8 +324,8 @@
context "signing key secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_invalid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_invalid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -347,8 +347,8 @@
context "issuer secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_invalid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,
@@ -370,8 +370,8 @@
context "audience secret is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_audience_value: mocked_invalid_fetch_audience_value,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
@@ -394,8 +394,8 @@
context "enforced claims is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_enforced_claims: mocked_invalid_fetch_enforced_claims,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
@@ -418,8 +418,8 @@
context "mapping claims is not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
fetch_mapping_claims: mocked_invalid_fetch_mapping_claims,
identity_from_decoded_token_provider_class: mocked_valid_identity_from_decoded_token_provider,
@@ -442,8 +442,8 @@
context "identity secrets are not configured properly" do
subject do
::Authentication::AuthnJwt::ValidateStatus.new(
- fetch_signing_key_from_cache: mocked_valid_fetch_signing_key_from_cache,
- create_signing_key_interface: mocked_valid_create_signing_key_interface,
+ fetch_signing_key: mocked_valid_fetch_signing_key,
+ create_signing_key_provider: mocked_valid_create_signing_key_provider,
fetch_issuer_value: mocked_valid_fetch_issuer_value,
identity_from_decoded_token_provider_class: mocked_invalid_identity_from_decoded_token_provider,
validate_webservice_is_whitelisted: mocked_valid_validate_webservice_is_whitelisted,