A new hope

Author: Adrián Quintás

.formatter.exs

@@ -0,0 +1,4 @@
+# Used by "mix format"
+[
+  inputs: ["mix.exs", "{config,lib,test}/**/*.{ex,exs}"]
+]

.gitignore

@@ -0,0 +1,26 @@
+# The directory Mix will write compiled artifacts to.
+/_build/
+
+# If you run "mix test --cover", coverage assets end up here.
+/cover/
+
+# The directory Mix downloads your dependencies sources to.
+/deps/
+
+# Where 3rd-party dependencies like ExDoc output generated docs.
+/doc/
+
+# Ignore .fetch files in case you like to edit your project deps locally.
+/.fetch
+
+# If the VM crashes, it generates a dump, let's ignore it too.
+erl_crash.dump
+
+# Also ignore archive artifacts (built via "mix archive.build").
+*.ez
+
+# Ignore package tarball (built via "mix hex.build").
+jwt_test_utils-*.tar
+
+# Apple stuff
+**/.DS_Store

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Orbit technologies
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,47 @@
+# JwtTestUtils
+
+[![Coverage Status](https://coveralls.io/repos/github/heyorbit/elixir-jwt-utils/badge.svg?branch=master)](https://coveralls.io/github/heyorbit/elixir-jwt-utils?branch=master)
+[![Hex version](https://img.shields.io/hexpm/v/sippet.svg "Hex version")](https://hex.pm/packages/server_utils)
+[![Hex Docs](https://img.shields.io/badge/hex-docs-9768d1.svg)](https://hexdocs.pm/server_utils)
+[![Build Status](https://travis-ci.org/heyorbit/elixir-jwt-utils.svg?branch=master)](https://travis-ci.org/heyorbit/elixir-jwt-utils)
+[![Deps Status](https://beta.hexfaktor.org/badge/all/github/heyorbit/elixir-jwt-utils.svg)](https://beta.hexfaktor.org/github/heyorbit/elixir-jwt-utils)
+
+# ServerUtils
+
+This project has several module utils to handle common tasks in a server, like authorization params parsing.
+
+Features:
+
+  * Phoenix plug to validate JWT header
+  * Phoenix plug to parse a pagination request
+  * Simple integer parsing
+  * Page query params parser
+  * JWT claims parser
+  * Wrapped Logger with Sentry integration
+
+## Installation
+
+Add to dependencies
+
+```elixir
+def deps do
+  [{:server_utils, "~> 0.1.3"}]
+end
+```
+
+```bash
+mix deps.get
+```
+
+## Configuration
+
+Configure default pagination params
+
+```
+config :server_utils,
+  page_size_key: "page_size",
+  page_number_key: "page_number",
+  max_page_size: 25,
+  page_size: 10,
+  page_number: 1
+```

config/config.exs

@@ -0,0 +1,30 @@
+# This file is responsible for configuring your application
+# and its dependencies with the aid of the Mix.Config module.
+use Mix.Config
+
+# This configuration is loaded before any dependency and is restricted
+# to this project. If another project depends on this project, this
+# file won't be loaded nor affect the parent project. For this reason,
+# if you want to provide default values for your application for
+# 3rd-party users, it should be done in your "mix.exs" file.
+
+# You can configure your application as:
+#
+#     config :jwt_test_utils, key: :value
+#
+# and access this configuration in your application as:
+#
+#     Application.get_env(:jwt_test_utils, :key)
+#
+# You can also configure a 3rd-party app:
+#
+#     config :logger, level: :info
+#
+
+# It is also possible to import configuration files, relative to this
+# directory. For example, you can emulate configuration per environment
+# by uncommenting the line below and defining dev.exs, test.exs and such.
+# Configuration from the imported file will override the ones defined
+# here (which is why it is important to import them last).
+#
+#     import_config "#{Mix.env}.exs"

lib/auth_conn_case.ex

@@ -0,0 +1,26 @@
+defmodule JwtTestUtils.AuthConnCase do
+  @moduledoc """
+  Module to provide authed conn using JWT
+  """
+
+  use ExUnit.CaseTemplate
+
+  using do
+    quote do
+      @fake_user_id "user@fake.is"
+      @auth_header "authorization"
+
+      @doc """
+      Returns a Plug.Conn with a injected header with a JWT token injected.
+
+      By default returns always the same token in the "authorization" header.
+      """
+      @spec get_claim(String.t(), String.t()) :: {Plug.Conn.t()}
+      def build_authed_conn(user_id \\ @fake_user_id, auth_header \\ @auth_header) do
+        jwt = JwtMocker.generate_json_token(user_id)
+        conn = Plug.Adapters.Test.Conn.conn(%Conn{}, :get, "/", nil)
+        Plug.Conn.put_req_header(conn, auth_header, jwt)
+      end
+    end
+  end
+end

lib/jwt_mocker.ex

@@ -0,0 +1,48 @@
+defmodule JwtTestUtils.JwtMocker do
+  @moduledoc """
+  Module to generate and validate a JWT token
+  """
+
+  import Joken
+
+  @secret_key "secret_key"
+  def secret_key, do: @secret_key
+
+  @doc """
+  Generate a JWT token given a username.
+
+  ## Examples
+
+      iex> JwtTestUtils.JwtMocker.generate_json_token("a_username")
+      "ees45nj3453jkbgbrk3jtvnvjkwn254ioj5iogf4nnj42gn24jkgnt35353ella2375zp1m4me"
+  """
+  @spec generate_json_token(String.t(), Integer.t()) :: String.t()
+  def generate_json_token(username, exp \\ 0) do
+    %{username: username, exp: exp}
+    |> token()
+    |> with_signer(hs256(@secret_key))
+    |> sign()
+    |> get_compact()
+  end
+
+  @doc """
+  Validates a JWT token for the given username.
+
+  ## Examples
+
+      iex> JwtTestUtils.JwtMocker.validate_token("ees45nj3453jkbgbrk3jtvnvjkwn254ioj5iogf4nnj42gn24jkgnt35353ella2375zp1m4me", "a_username")
+      :ok
+
+      iex> JwtTestUtils.JwtMocker.validate_token("", "a_username")
+      :error
+  """
+  @spec validate_token(String.t(), String.t(), Integer.t()) :: :ok | :error
+  def validate_token(jwt, username, exp \\ 0) do
+    jwt
+    |> token()
+    |> with_validation("username", &(&1 == username))
+    |> with_validation("exp", &(&1 == exp))
+    |> verify!(hs256(@secret_key))
+    |> elem(0)
+  end
+end

mix.exs

@@ -0,0 +1,54 @@
+defmodule JwtTestUtils.MixProject do
+  use Mix.Project
+
+  def project do
+    [
+      app: :jwt_test_utils,
+      version: "0.1.0",
+      elixir: "~> 1.6",
+      start_permanent: Mix.env() == :prod,
+      deps: deps(),
+      package: package(),
+      description: description(),
+      test_coverage: [tool: ExCoveralls],
+      preferred_cli_env: [
+        coveralls: :test,
+        "coveralls.detail": :test,
+        "coveralls.post": :test,
+        "coveralls.html": :test
+      ]
+    ]
+  end
+
+  # Run "mix help compile.app" to learn about applications.
+  def application do
+    [
+      extra_applications: [:logger]
+    ]
+  end
+
+  defp package do
+    [
+      name: "jwt_test_utils",
+      files: ["lib", "mix.exs", "README*", "LICENSE*"],
+      maintainers: ["Adrián Quintás"],
+      licenses: ["MIT"],
+      links: %{"GitHub" => "https://github.com/heyorbit/elixir-jwt-test-utils"}
+    ]
+  end
+
+  defp description do
+    "Test utils for app based JWT authentication"
+  end
+
+  # Run "mix help deps" to learn about dependencies.
+  defp deps do
+    [
+      {:ex_doc, "~> 0.16", only: :dev, runtime: false},
+      {:excoveralls, "~> 0.8", only: :test},
+      {:plug, "~> 1.4"},
+      {:poison, "~> 3.1"},
+      {:joken, "~> 1.5"}
+    ]
+  end
+end

mix.lock

@@ -0,0 +1,20 @@
+%{
+  "base64url": {:hex, :base64url, "0.0.1", "36a90125f5948e3afd7be97662a1504b934dd5dac78451ca6e9abf85a10286be", [:rebar], [], "hexpm"},
+  "certifi": {:hex, :certifi, "2.0.0", "a0c0e475107135f76b8c1d5bc7efb33cd3815cb3cf3dea7aefdd174dabead064", [:rebar3], [], "hexpm"},
+  "earmark": {:hex, :earmark, "1.2.4", "99b637c62a4d65a20a9fb674b8cffb8baa771c04605a80c911c4418c69b75439", [:mix], [], "hexpm"},
+  "ex_doc": {:hex, :ex_doc, "0.18.3", "f4b0e4a2ec6f333dccf761838a4b253d75e11f714b85ae271c9ae361367897b7", [:mix], [{:earmark, "~> 1.1", [hex: :earmark, repo: "hexpm", optional: false]}], "hexpm"},
+  "excoveralls": {:hex, :excoveralls, "0.8.1", "0bbf67f22c7dbf7503981d21a5eef5db8bbc3cb86e70d3798e8c802c74fa5e27", [:mix], [{:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: false]}, {:hackney, ">= 0.12.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
+  "exjsx": {:hex, :exjsx, "4.0.0", "60548841e0212df401e38e63c0078ec57b33e7ea49b032c796ccad8cde794b5c", [:mix], [{:jsx, "~> 2.8.0", [hex: :jsx, repo: "hexpm", optional: false]}], "hexpm"},
+  "hackney": {:hex, :hackney, "1.11.0", "4951ee019df102492dabba66a09e305f61919a8a183a7860236c0fde586134b6", [:rebar3], [{:certifi, "2.0.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "5.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"},
+  "idna": {:hex, :idna, "5.1.0", "d72b4effeb324ad5da3cab1767cb16b17939004e789d8c0ad5b70f3cea20c89a", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},
+  "joken": {:hex, :joken, "1.5.0", "42a0953e80bd933fc98a0874e156771f78bf0e92abe6c3a9c22feb6da28efb0b", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}, {:poison, "~> 1.5 or ~> 2.0 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"},
+  "jose": {:hex, :jose, "1.8.4", "7946d1e5c03a76ac9ef42a6e6a20001d35987afd68c2107bcd8f01a84e75aa73", [:mix, :rebar3], [{:base64url, "~> 0.0.1", [hex: :base64url, repo: "hexpm", optional: false]}], "hexpm"},
+  "jsx": {:hex, :jsx, "2.8.3", "a05252d381885240744d955fbe3cf810504eb2567164824e19303ea59eef62cf", [:mix, :rebar3], [], "hexpm"},
+  "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm"},
+  "mime": {:hex, :mime, "1.2.0", "78adaa84832b3680de06f88f0997e3ead3b451a440d183d688085be2d709b534", [:mix], [], "hexpm"},
+  "mimerl": {:hex, :mimerl, "1.0.2", "993f9b0e084083405ed8252b99460c4f0563e41729ab42d9074fd5e52439be88", [:rebar3], [], "hexpm"},
+  "plug": {:hex, :plug, "1.4.5", "7b13869283fff6b8b21b84b8735326cc012c5eef8607095dc6ee24bd0a273d8e", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1", [hex: :cowboy, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}], "hexpm"},
+  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
+  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.1", "28a4d65b7f59893bc2c7de786dec1e1555bd742d336043fe644ae956c3497fbe", [:make, :rebar], [], "hexpm"},
+  "unicode_util_compat": {:hex, :unicode_util_compat, "0.3.1", "a1f612a7b512638634a603c8f401892afbf99b8ce93a45041f8aaca99cadb85e", [:rebar3], [], "hexpm"},
+}

test/jwt_mocker_test.exs

@@ -0,0 +1,31 @@
+defmodule JwtTestUtils.JwtMockerTest do
+  use ExUnit.Case
+
+  import Joken
+
+  alias JwtTestUtils.JwtMocker
+
+  @moduletag :unit
+
+  test "Given a username and a jwt when generate a nested jwt then a new jwt is returned" do
+    generated_jwt = JwtMocker.generate_json_token("fake_user")
+
+    is_jwt_valid =
+      generated_jwt
+      |> token()
+      |> with_validation("username", &(&1 == "fake_user"))
+      |> verify!(hs256(JwtMocker.secret_key()))
+      |> elem(0)
+
+    assert :ok == is_jwt_valid
+  end
+
+  test "Given a valid nested jwt when validate it then a ok is returned" do
+    is_jwt_valid =
+      "fake_user"
+      |> JwtMocker.generate_json_token()
+      |> JwtMocker.validate_token("fake_user")
+
+    assert :ok == is_jwt_valid
+  end
+end