Adding signature validation test for pop tokens

Prithvi Kanherkar · Prithvi Kanherkar · commit 65db2f037138 · 2020-10-01T19:34:28.000-07:00
diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/graph.js b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/graph.js
@@ -24,6 +24,7 @@ function callMSGraph(endpoint, accessToken, callback) {
         .catch(error => console.log(error));
 }
 
+let popToken = "";
 function callPopResource(endpoint, method, accessToken, callback) {
     const headers = new Headers();
     const authHeader = `PoP ${accessToken}`;
@@ -49,6 +50,7 @@ async function popRequest() {
         const response = await getTokenPopup(loginRequest, currentAcc).catch(error => {
             console.log(error);
         });
+        popToken = response.accessToken;
         callPopResource(popConfig.endpoint, "POST", response.accessToken, updateUI);
     }
 }
@@ -59,6 +61,7 @@ async function seeProfile() {
         const response = await getTokenPopup(loginRequest, currentAcc).catch(error => {
             console.log(error);
         });
+        popToken = response.accessToken;
         callMSGraph(graphConfig.graphMeEndpoint, response.accessToken, updateUI);
         profileButton.style.display = "none";
     }
@@ -70,6 +73,7 @@ async function readMail() {
         const response = await getTokenPopup(tokenRequest, currentAcc).catch(error => {
             console.log(error);
         });
+        popToken = response.accessToken;
         callMSGraph(graphConfig.graphMailEndpoint, response.accessToken, updateUI);
         mailButton.style.display = "none";
     }
@@ -81,6 +85,7 @@ async function seeProfileRedirect() {
         const response = await getTokenRedirect(loginRequest, currentAcc).catch(error => {
             console.log(error);
         });
+        popToken = response.accessToken;
         callMSGraph(graphConfig.graphMeEndpoint, response.accessToken, updateUI);
         profileButton.style.display = "none";
     }
@@ -92,6 +97,7 @@ async function readMailRedirect() {
         const response = await getTokenRedirect(tokenRequest, currentAcc).catch(error => {
             console.log(error);
         });
+        popToken = response.accessToken;
         callMSGraph(graphConfig.graphMailEndpoint, response.accessToken, updateUI);
         mailButton.style.display = "none";
     }
diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/test/browser.spec.ts b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/test/browser.spec.ts
@@ -6,6 +6,7 @@ import { BrowserCacheUtils } from "../../../../../e2eTestUtils/BrowserCacheTestU
 import { LabApiQueryParams } from "../../../../../e2eTestUtils/LabApiQueryParams";
 import { AzureEnvironments, AppTypes } from "../../../../../e2eTestUtils/Constants";
 import { LabClient } from "../../../../../e2eTestUtils/LabClient";
+import { JWK, JWT } from "jose";
 
 const SCREENSHOT_BASE_FOLDER_NAME = `${__dirname}/screenshots`;
 const SAMPLE_HOME_URL = "http://localhost:30662/";
@@ -74,4 +75,40 @@ describe("Browser tests", function () {
         await context.close();
         await browser.close();
     });
+
+    it("Performs loginRedirect", async () => {
+        const testName = "redirectBaseCase";
+        const screenshot = new Screenshot(`${SCREENSHOT_BASE_FOLDER_NAME}/${testName}`);
+        // Home Page
+        await screenshot.takeScreenshot(page, "samplePageInit");
+        // Click Sign In
+        await page.click("#SignIn");
+        await screenshot.takeScreenshot(page, "signInClicked");
+        // Click Sign In With Redirect
+        await page.click("#loginRedirect");
+        // Enter credentials
+        await enterCredentials(page, screenshot);
+        // Wait for return to page
+        await page.waitForNavigation({ waitUntil: "networkidle0"});
+        await screenshot.takeScreenshot(page, "samplePageLoggedIn");
+        await page.click("#popRequest");
+        const tokenStore = await BrowserCache.getTokens();
+        expect(tokenStore.idTokens).to.be.length(1);
+        expect(tokenStore.accessTokens).to.be.length(1);
+        expect(tokenStore.refreshTokens).to.be.length(1);
+        const cachedAccount = await BrowserCache.getAccountFromCache(tokenStore.idTokens[0]);
+        const defaultCachedToken = await BrowserCache.accessTokenForScopesExists(tokenStore.accessTokens, ["openid", "profile", "user.read"]);
+        expect(cachedAccount).to.not.be.null;
+        expect(defaultCachedToken).to.be.true;
+        // Check pop token
+        const token: string = await page.evaluate(() => window.eval("popToken"));
+        const decodedToken: any = JWT.decode(token);
+        const pubKey = decodedToken.cnf.jwk;
+        const pubKeyJwk = JWK.asKey(pubKey);
+        expect(JWT.verify(token, pubKeyJwk)).to.deep.eq(decodedToken);
+        
+        // Expected 5 since the pop request will fail
+        const storage = await BrowserCache.getWindowStorage();
+        expect(Object.keys(storage).length).to.be.eq(5);
+    });
 });
diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/validatePopToken.js b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/pop/validatePopToken.js
diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/package.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/package.json
@@ -8,8 +8,7 @@
     "start": "node server.js",
     "build:package": "cd ../../../lib/msal-browser && npm run build:all",
     "start:build": "npm run build:package && npm start",
-    "test:e2e": "ts-node ./testRunner.ts",
-    "test:pop": "node ./app/pop/validatePopToken.js"
+    "test:e2e": "ts-node ./testRunner.ts"
   },
   "dependencies": {
     "@azure/identity": "^1.0.2",
