[actions] test with expired token

neicnordic · Jan 17, 2023 · 78c41af · 78c41af
1 parent 2d6e6ae
commit 78c41af
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/dev_utils/keys/sign_jwt.sh b/dev_utils/keys/sign_jwt.sh
@@ -39,7 +39,7 @@ sign() {
         algo=${1:-RS256}
         algo=${algo^^}
         header=$(build_header "$algo") || return
-        payload=${3:-$test_payload}
+        payload=${4:-$test_payload}
         signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)"
         case $algo in
         RS*) sig=$(printf %s "$signed_content" | rs_sign "${algo#RS}" "$secret" | b64enc) ;;
@@ -53,7 +53,7 @@ sign() {
 }
 
 iat=$(date +%s)
-exp=$(date --date=tomorrow +%s)
+exp=$(date --date="${3:-tomorrow}" +%s)
 
 test_payload='{
   "at_hash": "J_fA458SPsXFV6lJQL1l-w",

diff --git a/tests/tests.sh b/tests/tests.sh
@@ -121,4 +121,12 @@ echo "Trying to change the access logging for a bucket"
 s3cmd -c proxyS3 accesslog s3://dummy/ 2>&1 | grep -q "$nobucket"
 check_output_status "$?"
 
+token="$(bash keys/sign_jwt.sh ES256 /keys/jwt.key yesterday)"
+sed -i "s/^access_token=.*/access_token=$token/" proxyS3
+
+# Test access with expired token
+echo "Test access with expired token"
+s3cmd -c proxyS3 ls s3://dummy/README.md 2>&1 | grep -q "$unauthorized"
+check_output_status "$?"
+
 echo "All tests have passed"