Skip to content

Commit d05b7fd

Browse files
Merge pull request #64 from POORT8/codex/update-conditions-in-verifylifetime-and-add-tests
Fix lifetime check
2 parents 31474fd + 130cd82 commit d05b7fd

2 files changed

Lines changed: 46 additions & 2 deletions

File tree

Poort8.Ishare.Core.Tests/AuthorizationRegistryServiceTests.cs

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,50 @@ public void VerifyInvalidLifetimeShouldFail()
8686
permit.Should().BeFalse();
8787
}
8888

89+
[Fact]
90+
public void VerifyDelegationEvidencePermit_NotBeforeEqualNow_ShouldPass()
91+
{
92+
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
93+
var fakeDelegationEvidence = CreateFakeDelegationEvidence() with
94+
{
95+
NotBefore = now,
96+
NotOnOrAfter = now + 10
97+
};
98+
99+
var permit = _authorizationRegistryService.VerifyDelegationEvidencePermit(
100+
fakeDelegationEvidence,
101+
fakeDelegationEvidence.PolicyIssuer,
102+
fakeDelegationEvidence.Target.AccessSubject,
103+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Environment.ServiceProviders[0],
104+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Resource.Type,
105+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Resource.Identifiers[0],
106+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Actions[0]);
107+
108+
permit.Should().BeTrue();
109+
}
110+
111+
[Fact]
112+
public void VerifyDelegationEvidencePermit_NotOnOrAfterEqualNow_ShouldFail()
113+
{
114+
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
115+
var fakeDelegationEvidence = CreateFakeDelegationEvidence() with
116+
{
117+
NotBefore = now - 10,
118+
NotOnOrAfter = now
119+
};
120+
121+
var permit = _authorizationRegistryService.VerifyDelegationEvidencePermit(
122+
fakeDelegationEvidence,
123+
fakeDelegationEvidence.PolicyIssuer,
124+
fakeDelegationEvidence.Target.AccessSubject,
125+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Environment.ServiceProviders[0],
126+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Resource.Type,
127+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Resource.Identifiers[0],
128+
fakeDelegationEvidence.PolicySets[0].Policies[0].Target.Actions[0]);
129+
130+
permit.Should().BeFalse();
131+
}
132+
89133
[Fact]
90134
public void VerifyDelegationEvidencePermit_ValidConditions_ShouldPass()
91135
{

Poort8.Ishare.Core/AuthorizationRegistryService.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -214,8 +214,8 @@ private static DelegationEvidence DecodeDelegationToken(string token)
214214
private static bool VerifyLifetime(ILogger<AuthorizationRegistryService> logger, DelegationEvidence delegationEvidence)
215215
{
216216
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
217-
if (delegationEvidence.NotBefore >= now ||
218-
delegationEvidence.NotOnOrAfter < now)
217+
if (delegationEvidence.NotBefore > now ||
218+
delegationEvidence.NotOnOrAfter <= now)
219219
{
220220
logger.LogWarning("Invalid token lifetime, notBefore {notBefore} or notOnOrAfter {NotOnOrAfter} is not valid: now {now}", delegationEvidence.NotBefore, delegationEvidence.NotOnOrAfter, now);
221221
return false;

0 commit comments

Comments
 (0)