Add test to assert key is cached

marickvantuil · marickvantuil · commit 2ad69341722a · 2020-12-06T17:40:38.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 /vendor/
 composer.lock
 .idea/
+.phpunit.result.cache
diff --git a/src/OpenIdVerificator.php b/src/OpenIdVerificator.php
@@ -3,6 +3,7 @@
 namespace Stackkit\LaravelGoogleCloudTasksQueue;
 
 use Firebase\JWT\JWT;
+use Firebase\JWT\SignatureInvalidException;
 use GuzzleHttp\Client;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Cache;
@@ -17,12 +18,33 @@ class OpenIdVerificator
 
     private $guzzle;
     private $rsa;
+    private $jwt;
     private $maxAge = [];
 
-    public function __construct(Client $guzzle, RSA $rsa)
+    public function __construct(Client $guzzle, RSA $rsa, JWT $jwt)
     {
         $this->guzzle = $guzzle;
         $this->rsa = $rsa;
+        $this->jwt = $jwt;
+    }
+
+    public function decodeOpenIdToken($openIdToken, $kid, $cache = true)
+    {
+        if (!$cache) {
+            $this->forgetFromCache();
+        }
+
+        $publicKey = $this->getPublicKey($kid);
+
+        try {
+            return $this->jwt->decode($openIdToken, $publicKey, ['RS256']);
+        } catch (SignatureInvalidException $e) {
+            if (!$cache) {
+                throw $e;
+            }
+
+            return $this->decodeOpenIdToken($openIdToken, $kid, false);
+        }
     }
 
     public function getPublicKey($kid = null)
diff --git a/src/TaskHandler.php b/src/TaskHandler.php
@@ -2,13 +2,11 @@
 
 namespace Stackkit\LaravelGoogleCloudTasksQueue;
 
-use Firebase\JWT\SignatureInvalidException;
 use Google\Cloud\Tasks\V2\CloudTasksClient;
 use Illuminate\Http\Request;
 use Illuminate\Queue\Worker;
 use Illuminate\Queue\WorkerOptions;
 use Firebase\JWT\JWT;
-use Illuminate\Support\Facades\Cache;
 
 class TaskHandler
 {
@@ -50,30 +48,11 @@ public function authorizeRequest()
         $openIdToken = $this->request->bearerToken();
         $kid = $this->publicKey->getKidFromOpenIdToken($openIdToken);
 
-        $decodedToken = $this->decodeOpenIdToken($openIdToken, $kid);
+        $decodedToken = $this->publicKey->decodeOpenIdToken($openIdToken, $kid);
 
         $this->validateToken($decodedToken);
     }
 
-    private function decodeOpenIdToken($openIdToken, $kid, $cache = true)
-    {
-        if (!$cache) {
-            $this->publicKey->forgetFromCache();
-        }
-
-        $publicKey = $this->publicKey->getPublicKey($kid);
-
-        try {
-            return $this->jwt->decode($openIdToken, $publicKey, ['RS256']);
-        } catch (SignatureInvalidException $e) {
-            if (!$cache) {
-                throw $e;
-            }
-
-            return $this->decodeOpenIdToken($openIdToken, $kid, false);
-        }
-    }
-
     /**
      * https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken
      *
diff --git a/tests/GooglePublicKeyTest.php b/tests/GooglePublicKeyTest.php
@@ -2,8 +2,14 @@
 
 namespace Tests;
 
+use Carbon\Carbon;
+use Firebase\JWT\JWT;
 use GuzzleHttp\Client;
+use Illuminate\Cache\Events\CacheHit;
+use Illuminate\Cache\Events\CacheMissed;
+use Illuminate\Cache\Events\KeyWritten;
 use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Event;
 use Mockery;
 use phpseclib\Crypt\RSA;
 use Stackkit\LaravelGoogleCloudTasksQueue\OpenIdVerificator;
@@ -26,7 +32,7 @@ protected function setUp(): void
 
         $this->guzzle = Mockery::mock(new Client());
 
-        $this->publicKey = new OpenIdVerificator($this->guzzle, new RSA());
+        $this->publicKey = new OpenIdVerificator($this->guzzle, new RSA(), new JWT());
     }
 
     /** @test */
@@ -48,10 +54,42 @@ public function it_caches_the_gcloud_public_key()
     /** @test */
     public function it_will_return_the_cached_gcloud_public_key()
     {
+        Event::fake();
+
         $this->publicKey->getPublicKey();
 
+        Event::assertDispatched(CacheMissed::class);
+        Event::assertDispatched(KeyWritten::class);
+
         $this->publicKey->getPublicKey();
 
+        Event::assertDispatched(CacheHit::class);
+
         $this->guzzle->shouldHaveReceived('get')->twice();
     }
+
+    /** @test */
+    public function public_key_is_cached_according_to_cache_control_headers()
+    {
+        Event::fake();
+
+        $this->publicKey->getPublicKey();
+        Event::assertDispatched(CacheMissed::class);
+        Event::assertDispatched(KeyWritten::class);
+        Event::fake(); // reset
+
+        $this->publicKey->getPublicKey();
+        Event::assertDispatched(CacheHit::class);
+        Event::fake(); // reset
+
+        Carbon::setTestNow(Carbon::now()->addSeconds(3600));
+        $this->publicKey->getPublicKey();
+        Event::assertDispatched(CacheHit::class);
+        Event::fake(); // reset
+
+        Carbon::setTestNow(Carbon::now()->addSeconds(1));
+        $this->publicKey->getPublicKey();
+        Event::assertDispatched(CacheMissed::class);
+        Event::assertDispatched(KeyWritten::class);
+    }
 }
