make updatedDate optional (default to 0). Add a test to validate that…

… we can parse a known good jwt, this should catch future jwt changes where we break the format. #475
sillsdev · Dec 12, 2023 · 512d938 · 512d938
1 parent 973d890
commit 512d938
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/backend/LexCore/Auth/LexAuthUser.cs b/backend/LexCore/Auth/LexAuthUser.cs
@@ -98,8 +98,9 @@ public LexAuthUser(User user)
 
     [JsonPropertyName(LexAuthConstants.IdClaimType)]
     public required Guid Id { get; set; }
+
     [JsonPropertyName(LexAuthConstants.UpdatedDateClaimType)]
-    public required long UpdatedDate { get; set; }
+    public long UpdatedDate { get; set; }
     [JsonPropertyName(LexAuthConstants.AudienceClaimType)]
     public LexboxAudience Audience { get; set; } = LexboxAudience.LexboxApi;
 

diff --git a/backend/Testing/LexCore/LexAuthUserTests.cs b/backend/Testing/LexCore/LexAuthUserTests.cs
@@ -27,12 +27,12 @@ static LexAuthUserTests()
 
     private readonly LexAuthUser _user = new()
     {
-        Id = Guid.NewGuid(),
+        Id = new Guid("f0db4c5e-9d4b-4121-9dc0-b7070713ae4a"),
         Email = "[email protected]",
         Role = UserRole.user,
         Name = "test",
         UpdatedDate = DateTimeOffset.Now.ToUnixTimeSeconds(),
-        Projects = new[] { new AuthUserProject(ProjectRole.Manager, Guid.NewGuid()) }
+        Projects = new[] { new AuthUserProject(ProjectRole.Manager, new Guid("42f566c0-a4d2-48b5-a1e1-59c82289ff99")) }
     };
 
     private static readonly JwtBearerOptions JwtBearerOptions = new()
@@ -108,13 +108,29 @@ public void CanRoundTripClaimsWhenUsingSecurityTokenDescriptor()
     public void CanRoundTripJwtFromUserThroughLexAuthService()
     {
         var (jwt, _) = _lexAuthService.GenerateJwt(_user);
+
         var tokenHandler = new JwtSecurityTokenHandler();
         var outputJwt = tokenHandler.ReadJwtToken(jwt);
         var principal = new ClaimsPrincipal(new ClaimsIdentity(outputJwt.Claims, "Testing"));
         var newUser = LexAuthUser.FromClaimsPrincipal(principal);
         _user.ShouldBeEquivalentTo(newUser);
     }
 
+    private const string knownGoodJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyYzEyNDA1NyIsInN1YiI6ImYwZGI0YzVlLTlkNGItNDEyMS05ZGMwLWI3MDcwNzEzYWU0YSIsImVtYWlsIjoidGVzdEB0ZXN0LmNvbSIsIm5hbWUiOiJ0ZXN0Iiwicm9sZSI6InVzZXIiLCJwcm9qIjoibTo0MmY1NjZjMGE0ZDI0OGI1YTFlMTU5YzgyMjg5ZmY5OSIsIm5iZiI6MTcwMjM3Mzk2OCwiZXhwIjoxNzAyMzc0MDI4LCJpYXQiOjE3MDIzNzM5NjksImlzcyI6IkxleGJveEFwaSIsImF1ZCI6IkxleGJveEFwaSJ9.YsAkP5oIX4nNkrSNSe-PNMR1pMaJassnNDJ3vmjMYQU";
+
+    [Fact]
+    public void CanParseFromKnownGoodJwt()
+    {
+        var tokenHandler = new JwtSecurityTokenHandler();
+        var outputJwt = tokenHandler.ReadJwtToken(knownGoodJwt);
+        var principal = new ClaimsPrincipal(new ClaimsIdentity(outputJwt.Claims, "Testing"));
+        var newUser = LexAuthUser.FromClaimsPrincipal(principal);
+        newUser.UpdatedDate.ShouldBe(0);
+        //old jwt doesn't have updated date, we're ok with that so we correct the value to make the equivalence work
+        newUser.UpdatedDate = _user.UpdatedDate;
+        _user.ShouldBeEquivalentTo(newUser);
+    }
+
     [Fact]
     public void CheckingJwtLength()
     {