2022-10-13 18:43:59 +03:00
|
|
|
import os
|
2019-12-03 23:56:59 +03:00
|
|
|
import pytest
|
2022-10-13 18:43:59 +03:00
|
|
|
import requests
|
|
|
|
|
import threading
|
|
|
|
|
from time import perf_counter, sleep
|
2022-10-27 14:47:48 +03:00
|
|
|
from conftest import extract_server_address_from
|
2022-10-13 18:43:59 +03:00
|
|
|
|
|
|
|
|
import jwk_server
|
|
|
|
|
import ports
|
|
|
|
|
|
|
|
|
|
pytestmark = [
|
|
|
|
|
pytest.mark.admin_secret
|
|
|
|
|
]
|
2019-12-03 23:56:59 +03:00
|
|
|
|
2022-10-13 18:43:59 +03:00
|
|
|
@pytest.fixture(scope='class')
|
|
|
|
|
@pytest.mark.early
|
|
|
|
|
def jwk_server_url(request: pytest.FixtureRequest, hge_fixture_env: dict[str, str]):
|
|
|
|
|
path_marker = request.node.get_closest_marker('jwk_path')
|
|
|
|
|
assert path_marker is not None, 'The test must set the `jwk_path` marker.'
|
|
|
|
|
path: str = path_marker.args[0]
|
2019-12-03 23:56:59 +03:00
|
|
|
|
2022-10-13 18:43:59 +03:00
|
|
|
# If the JWK server was started outside, just set the environment variable
|
|
|
|
|
# so that the test is skipped if the value is wrong.
|
|
|
|
|
env_var = os.getenv('JWK_SERVER_URL')
|
|
|
|
|
if env_var:
|
|
|
|
|
hge_fixture_env['HASURA_GRAPHQL_JWT_SECRET'] = '{"jwk_url": "' + env_var + path + '"}'
|
|
|
|
|
return env_var
|
2019-12-03 23:56:59 +03:00
|
|
|
|
2022-10-27 14:47:48 +03:00
|
|
|
server_address = extract_server_address_from('JWK_SERVER_URL')
|
|
|
|
|
server = jwk_server.create_server(server_address)
|
2022-10-13 18:43:59 +03:00
|
|
|
thread = threading.Thread(target=server.serve_forever)
|
|
|
|
|
thread.start()
|
|
|
|
|
request.addfinalizer(server.shutdown)
|
2022-10-27 14:47:48 +03:00
|
|
|
|
|
|
|
|
host = server.server_address[0]
|
2022-10-13 18:43:59 +03:00
|
|
|
port = server.server_address[1]
|
|
|
|
|
ports.wait_for_port(port)
|
2022-10-27 14:47:48 +03:00
|
|
|
url = f'http://{host}:{port}'
|
|
|
|
|
print(f'{jwk_server_url.__name__} server started on {url}')
|
2022-10-13 18:43:59 +03:00
|
|
|
hge_fixture_env['HASURA_GRAPHQL_JWT_SECRET'] = '{"jwk_url": "' + url + path + '"}'
|
|
|
|
|
return url
|
|
|
|
|
|
|
|
|
|
def wait_until_request_count_reaches(num_requests: int, state_key: str, timeout_secs: int, jwk_server_url: str) -> float:
|
2022-02-07 12:12:06 +03:00
|
|
|
start_time = perf_counter()
|
2022-10-13 18:43:59 +03:00
|
|
|
requests.post(jwk_server_url + '/reset-state')
|
2022-02-07 12:12:06 +03:00
|
|
|
request_count = 0
|
|
|
|
|
time_elapsed = 0
|
|
|
|
|
|
|
|
|
|
while request_count < num_requests:
|
|
|
|
|
time_elapsed = perf_counter() - start_time
|
2022-10-13 18:43:59 +03:00
|
|
|
if time_elapsed > timeout_secs:
|
2022-02-07 12:12:06 +03:00
|
|
|
raise Exception(f'Waited {time_elapsed} seconds for {state_key} JWK requests to reach {num_requests}. Only received {request_count}.')
|
|
|
|
|
|
|
|
|
|
sleep(0.2)
|
2022-10-13 18:43:59 +03:00
|
|
|
state = requests.get(jwk_server_url + '/state').json()
|
2022-02-07 12:12:06 +03:00
|
|
|
request_count = state[state_key]
|
|
|
|
|
|
|
|
|
|
return time_elapsed
|
|
|
|
|
|
2022-10-13 18:43:59 +03:00
|
|
|
@pytest.mark.jwk_path('/jwk-cache-control?max-age=3')
|
|
|
|
|
def test_cache_control_header_max_age(jwk_server_url: str):
|
|
|
|
|
# The test uses max-age=3, so we are expecting one request
|
|
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=1, state_key='cache-control', timeout_secs=6, jwk_server_url=jwk_server_url)
|
|
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
|
|
|
|
|
|
|
|
|
@pytest.mark.jwk_path('/jwk-cache-control?max-age=3&must-revalidate=true')
|
|
|
|
|
def test_cache_control_header_max_age_must_revalidate(jwk_server_url: str):
|
|
|
|
|
# The test uses max-age=3, so we are expecting one request
|
|
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=1, state_key='cache-control', timeout_secs=6, jwk_server_url=jwk_server_url)
|
2022-02-07 12:12:06 +03:00
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
2022-01-28 03:17:53 +03:00
|
|
|
|
2022-10-13 18:43:59 +03:00
|
|
|
@pytest.mark.jwk_path('/jwk-cache-control?must-revalidate=true')
|
|
|
|
|
def test_cache_control_header_must_revalidate(jwk_server_url: str):
|
|
|
|
|
# HGE should refresh the JWK once a second, so we are expecting three requests in at least two seconds
|
|
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=3, state_key='cache-control', timeout_secs=10, jwk_server_url=jwk_server_url)
|
|
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
|
|
|
|
assert(time_elapsed >= 2)
|
|
|
|
|
|
|
|
|
|
@pytest.mark.jwk_path('/jwk-cache-control?no-cache=true&public=true')
|
|
|
|
|
def test_cache_control_header_no_cache_public(jwk_server_url: str):
|
|
|
|
|
# HGE should refresh the JWK once a second, so we are expecting three requests in at least two seconds
|
|
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=3, state_key='cache-control', timeout_secs=10, jwk_server_url=jwk_server_url)
|
|
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
|
|
|
|
assert(time_elapsed >= 2)
|
|
|
|
|
|
|
|
|
|
@pytest.mark.jwk_path('/jwk-cache-control?no-store=true&max-age=3')
|
|
|
|
|
def test_cache_control_header_no_store_max_age(jwk_server_url: str):
|
2022-02-07 12:12:06 +03:00
|
|
|
# HGE should refresh the JWK once a second, so we are expecting three requests in at least two seconds
|
2022-10-13 18:43:59 +03:00
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=3, state_key='cache-control', timeout_secs=10, jwk_server_url=jwk_server_url)
|
2022-02-07 12:12:06 +03:00
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
|
|
|
|
assert(time_elapsed >= 2)
|
2019-12-03 23:56:59 +03:00
|
|
|
|
2022-10-13 18:43:59 +03:00
|
|
|
@pytest.mark.jwk_path('/jwk-expires?seconds=3')
|
|
|
|
|
def test_expires_header(jwk_server_url: str):
|
|
|
|
|
# The test uses a three second jwk expiry so we are expecting one request
|
|
|
|
|
time_elapsed = wait_until_request_count_reaches(num_requests=1, state_key='expires', timeout_secs=6, jwk_server_url=jwk_server_url)
|
2022-02-07 12:12:06 +03:00
|
|
|
print(f"time_elapsed: {time_elapsed}")
|
