Consume GoogleSignIn.validateJWT

TL;DR: - Consume GoogleSignIn.validateJWT in the Handler for /verify - Rename validation fn to validateJWT - Prefer Text to String type
2020-08-08 17:55:19 +01:00 · 2020-08-08 17:55:19 +01:00 · e8f35f0d10
commit e8f35f0d10
parent 8a7a3b29a9
4 changed files with 60 additions and 26 deletions
--- a/website/sandbox/learnpianochords/src/server/Spec.hs
+++ b/website/sandbox/learnpianochords/src/server/Spec.hs
@ -4,8 +4,8 @@ module Spec where
 --------------------------------------------------------------------------------
 import Test.Hspec
 import Utils
-import Web.JWT (numericDate)
-import GoogleSignIn (ValidationResult(..))
+import Web.JWT (numericDate, decode)
+import GoogleSignIn (EncodedJWT(..), DecodedJWT(..), ValidationResult(..))

 import qualified GoogleSignIn
 import qualified Fixtures as F
@ -16,36 +16,40 @@ import qualified Data.Time.Clock.POSIX as POSIX
 main :: IO ()
 main = hspec $ do
  describe "GoogleSignIn" $
-    describe "jwtIsValid" $ do
-      let jwtIsValid' = GoogleSignIn.jwtIsValid True
+    describe "validateJWT" $ do
+      let validateJWT' = GoogleSignIn.validateJWT True
      it "returns a decode error when an incorrectly encoded JWT is used" $ do
-        jwtIsValid' (GoogleSignIn.EncodedJWT "rubbish") `shouldReturn` DecodeError
+        validateJWT' (GoogleSignIn.EncodedJWT "rubbish") `shouldReturn` DecodeError

      it "returns validation error when the aud field doesn't match my client ID" $ do
        let auds = ["wrong-client-id"]
                   |> fmap TestUtils.unsafeStringOrURI
            encodedJWT = F.defaultJWTFields { F.overwriteAuds = auds }
                         |> F.googleJWT
-        jwtIsValid' encodedJWT `shouldReturn` NoMatchingClientIDs auds
+        validateJWT' encodedJWT `shouldReturn` NoMatchingClientIDs auds

      it "returns validation success when one of the aud fields matches my client ID" $ do
        let auds = ["wrong-client-id", "771151720060-buofllhed98fgt0j22locma05e7rpngl.apps.googleusercontent.com"]
                   |> fmap TestUtils.unsafeStringOrURI
-            encodedJWT = F.defaultJWTFields { F.overwriteAuds = auds }
-                         |> F.googleJWT
-        jwtIsValid' encodedJWT `shouldReturn` Valid
+            encodedJWT@(EncodedJWT jwt) =
+              F.defaultJWTFields { F.overwriteAuds = auds }
+              |> F.googleJWT
+            decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT
+        validateJWT' encodedJWT `shouldReturn` Valid decodedJWT

      it "returns validation error when one of the iss field doesn't match accounts.google.com or https://accounts.google.com" $ do
        let erroneousIssuer = TestUtils.unsafeStringOrURI "not-accounts.google.com"
            encodedJWT = F.defaultJWTFields { F.overwriteIss = erroneousIssuer }
                         |> F.googleJWT
-        jwtIsValid' encodedJWT `shouldReturn` WrongIssuer erroneousIssuer
+        validateJWT' encodedJWT `shouldReturn` WrongIssuer erroneousIssuer

      it "returns validation success when the iss field matches accounts.google.com or https://accounts.google.com" $ do
        let erroneousIssuer = TestUtils.unsafeStringOrURI "https://accounts.google.com"
-            encodedJWT = F.defaultJWTFields { F.overwriteIss = erroneousIssuer }
-                         |> F.googleJWT
-        jwtIsValid' encodedJWT `shouldReturn` Valid
+            encodedJWT@(EncodedJWT jwt) =
+              F.defaultJWTFields { F.overwriteIss = erroneousIssuer }
+              |> F.googleJWT
+            decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT
+        validateJWT' encodedJWT `shouldReturn` Valid decodedJWT

      it "fails validation when the exp field has expired" $ do
        let mErroneousExp = numericDate 0
@ -54,7 +58,7 @@ main = hspec $ do
          Just erroneousExp -> do
            let encodedJWT = F.defaultJWTFields { F.overwriteExp = erroneousExp }
                             |> F.googleJWT
-            jwtIsValid' encodedJWT `shouldReturn` StaleExpiry erroneousExp
+            validateJWT' encodedJWT `shouldReturn` StaleExpiry erroneousExp

      it "passes validation when the exp field is current" $ do
        mFreshExp <- POSIX.getPOSIXTime
@ -63,6 +67,8 @@ main = hspec $ do
        case mFreshExp of
          Nothing -> True `shouldBe` False
          Just freshExp -> do
-            let encodedJWT = F.defaultJWTFields { F.overwriteExp = freshExp }
-                             |> F.googleJWT
-            jwtIsValid' encodedJWT `shouldReturn` Valid
+            let encodedJWT@(EncodedJWT jwt) =
+                  F.defaultJWTFields { F.overwriteExp = freshExp }
+                  |> F.googleJWT
+                decodedJWT = jwt |> decode |> TestUtils.unsafeJust |> DecodedJWT
+            validateJWT' encodedJWT `shouldReturn` Valid decodedJWT