actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-05-01 15:28:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

remove hard-coded issuer from JWT verification

Browse Source 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer
2024-08-08 15:10:57 -07:00
parent f003268b32
commit a7e08af9b5
4 changed files with 31 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/attest/__tests__/oidc.test.ts
View File

@@ -4,7 +4,7 @@ import {getIDTokenClaims} from '../src/oidc'
describe('getIDTokenClaims', () => {
const originalEnv = process.env
const issuer = 'https://example.com'
const issuer = 'https://token.actions.example.ghe.com'
const audience = 'nobody'
const requestToken = 'token'
const openidConfigPath = '/.well-known/openid-configuration'
@@ -63,7 +63,7 @@ describe('getIDTokenClaims', () => {
})
it('returns the ID token claims', async () => {
const result = await getIDTokenClaims(issuer)
const result = await getIDTokenClaims()
expect(result).toEqual(claims)
})
})
@@ -83,7 +83,7 @@ describe('getIDTokenClaims', () => {
})
it('throws an error', async () => {
await expect(getIDTokenClaims(issuer)).rejects.toThrow(/missing claims/i)
await expect(getIDTokenClaims()).rejects.toThrow(/missing claims/i)
})
})
@@ -99,7 +99,7 @@ describe('getIDTokenClaims', () => {
})
it('throws an error', async () => {
await expect(getIDTokenClaims(issuer)).rejects.toThrow(/unexpected "iss"/)
await expect(getIDTokenClaims()).rejects.toThrow(/issuer mismatch/i)
})
})
@@ -115,7 +115,7 @@ describe('getIDTokenClaims', () => {
})
it('throw an error', async () => {
await expect(getIDTokenClaims(issuer)).rejects.toThrow(/unexpected "aud"/)
await expect(getIDTokenClaims()).rejects.toThrow(/verification failed/i)
})
})
@@ -140,9 +140,7 @@ describe('getIDTokenClaims', () => {
})
it('throws an error', async () => {
await expect(getIDTokenClaims(issuer)).rejects.toThrow(
/failed to get id/i
)
await expect(getIDTokenClaims()).rejects.toThrow(/failed to get id/i)
})
})
})

2
packages/attest/__tests__/provenance.test.ts
View File

@@ -8,7 +8,7 @@ import {attestProvenance, buildSLSAProvenancePredicate} from '../src/provenance'
describe('provenance functions', () => {
const originalEnv = process.env
const issuer = 'https://example.com'
const issuer = 'https://token.actions.githubusercontent.com'
const audience = 'nobody'
const jwksPath = '/.well-known/jwks.json'
const tokenPath = '/token'