Verify expired tokens are invalid; bump token validity to 30 days.
parent
71fc5ab4c1
commit
70d2809ae2
|
@ -1,7 +1,7 @@
|
|||
class SessionToken
|
||||
HOST = Rails.application.routes.default_url_options[:host]
|
||||
PORT = Rails.application.routes.default_url_options[:port]
|
||||
EXPIRY = 4.days
|
||||
EXPIRY = 40.days
|
||||
PRIVATE_KEY = KeyGen.current
|
||||
PUBLIC_KEY = KeyGen.current.public_key
|
||||
ALG = 'RS256'
|
||||
|
|
|
@ -32,4 +32,11 @@ describe SessionToken do
|
|||
it 'issues a token to a user' do
|
||||
SessionToken.issue_to(user, iat: 000, exp: 456, iss: "//lycos.com:9867")
|
||||
end
|
||||
|
||||
it "doesn't honor expired tokens" do
|
||||
token = SessionToken.issue_to(user, iat: 000, exp: 1, iss: "//lycos.com:9867")
|
||||
result = Auth::FromJWT.run(jwt: token.encoded)
|
||||
expect(result.success?).to be(false)
|
||||
expect(result.errors.values.first.message).to include("is not valid")
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue