packages/pass/lib/auth/session.spec.ts

   1 import { generateKey, importSymmetricKey } from '@proton/pass/lib/crypto/utils/crypto-helpers';
   2 import { getDecryptedBlob } from '@proton/shared/lib/authentication/sessionBlobCryptoHelper';
   3
   4 import { SESSION_DIGEST_VERSION, digestSession } from './integrity';
   5 import { LockMode } from './lock/types';
   6 import { type AuthSession, encryptPersistedSessionWithKey, getSessionEncryptionTag } from './session';
   7
   8 describe('Session utilities', () => {
   9     describe('`getSessionEncryptionTag`', () => {
  10         test('should return correct tag for `payloadVersion: 2`', () => {
  11             const tag = new Uint8Array([115, 101, 115, 115, 105, 111, 110]); // 'session'
  12             expect(getSessionEncryptionTag(2)).toStrictEqual(tag);
  13         });
  14
  15         test('should return `undefined` for "untagged" sessions', () => {
  16             expect(getSessionEncryptionTag()).toEqual(undefined);
  17         });
  18     });
  19
  20     describe('`encryptPersistedSessionWithKey`', () => {
  21         const session: AuthSession = {
  22             AccessToken: '',
  23             RefreshToken: '',
  24             RefreshTime: -1,
  25             keyPassword: 'keypassword-test',
  26             lockMode: LockMode.PASSWORD,
  27             UID: 'UID-test',
  28             UserID: 'userID-test',
  29             offlineKD: 'offlineKD-test',
  30             sessionLockToken: 'sessionLockToken-test',
  31             payloadVersion: 2,
  32         };
  33
  34         test('should encrypt sensitive components in the encrypted blob', async () => {
  35             const clientKey = await importSymmetricKey(generateKey());
  36             const result = await encryptPersistedSessionWithKey(session, clientKey);
  37             const data = JSON.parse(result);
  38
  39             expect(data.blob).toBeDefined();
  40             expect(data.keyPassword).not.toBeDefined();
  41             expect(data.offlineKD).not.toBeDefined();
  42             expect(data.sessionLockToken).not.toBeDefined();
  43
  44             const decrypted = await getDecryptedBlob(clientKey, data.blob, getSessionEncryptionTag(2));
  45             const decryptedData = JSON.parse(decrypted);
  46
  47             expect(decryptedData.keyPassword).toEqual(session.keyPassword);
  48             expect(decryptedData.offlineKD).toEqual(session.offlineKD);
  49             expect(decryptedData.sessionLockToken).toEqual(session.sessionLockToken);
  50             expect(decryptedData.digest).toBeDefined();
  51         });
  52
  53         test('should compute an integrity digest of the session data', async () => {
  54             const clientKey = await importSymmetricKey(generateKey());
  55             const result = await encryptPersistedSessionWithKey(session, clientKey);
  56             const decrypted = await getDecryptedBlob(clientKey, JSON.parse(result).blob, getSessionEncryptionTag(2));
  57             const decryptedData = JSON.parse(decrypted);
  58
  59             const digest = await digestSession(session, SESSION_DIGEST_VERSION);
  60             expect(decryptedData.digest).toEqual(digest);
  61         });
  62     });
  63 });