From d91b81e50f3b0d85542a77e1c0aea37bb18e3542 Mon Sep 17 00:00:00 2001
From: Oscar Krause <oscar.krause@collinwebdesigns.de>
Date: Wed, 28 Dec 2022 14:30:54 +0100
Subject: [PATCH] improved tests

---
 test/main.py | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 44 insertions(+), 3 deletions(-)

diff --git a/test/main.py b/test/main.py
index 22c1c6b..01b0a7e 100644
--- a/test/main.py
+++ b/test/main.py
@@ -1,9 +1,18 @@
+from base64 import b64encode as b64enc
+from hashlib import sha256
+from calendar import timegm
+from datetime import datetime
+from os.path import dirname, join
 from uuid import uuid4
 
-from jose import jwt
+from dateutil.relativedelta import relativedelta
+from jose import jwt, jwk
+from jose.constants import ALGORITHMS
 from starlette.testclient import TestClient
 import sys
 
+from app.util import generate_key, load_key
+
 # add relative path to use packages as they were in the app/ dir
 sys.path.append('../')
 sys.path.append('../app')
@@ -13,6 +22,16 @@ from app import main
 client = TestClient(main.app)
 
 ORIGIN_REF = str(uuid4())
+SECRET = "HelloWorld"
+
+# INSTANCE_KEY_RSA = generate_key()
+# INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
+
+INSTANCE_KEY_RSA = load_key(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
+INSTANCE_KEY_PUB = load_key(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
+
+jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
+jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
 
 
 def test_index():
@@ -54,7 +73,7 @@ def test_auth_v1_origin():
 
 def test_auth_v1_code():
     payload = {
-        "code_challenge": "0wmaiAMAlTIDyz4Fgt2/j0tXnGv72TYbbLs4ISRCZlY",
+        "code_challenge": b64enc(sha256(SECRET.encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'),
         "origin_ref": ORIGIN_REF,
     }
 
@@ -66,7 +85,29 @@ def test_auth_v1_code():
 
 
 def test_auth_v1_token():
-    pass
+    cur_time = datetime.utcnow()
+    access_expires_on = cur_time + relativedelta(hours=1)
+
+    payload = {
+        "iat": timegm(cur_time.timetuple()),
+        "exp": timegm(access_expires_on.timetuple()),
+        "challenge": b64enc(sha256(SECRET.encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'),
+        "origin_ref": ORIGIN_REF,
+        "key_ref": "00000000-0000-0000-0000-000000000000",
+        "kid": "00000000-0000-0000-0000-000000000000"
+    }
+    payload = {
+        "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')},
+                                algorithm=ALGORITHMS.RS256),
+        "code_verifier": SECRET,
+    }
+
+    response = client.post('/auth/v1/token', json=payload)
+    assert response.status_code == 200
+
+    token = response.json()['auth_token']
+    payload = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
+    assert payload['origin_ref'] == ORIGIN_REF
 
 
 def test_leasing_v1_lessor():