From 88f7295cfd4c1d7cea0f7a16e662f2ec290ba2ab Mon Sep 17 00:00:00 2001
From: davidpatrick <davidwalterpatrick@gmail.com>
Date: Fri, 31 Jan 2020 12:02:23 -0800
Subject: [PATCH] Modify Cache Defaults

- enables cache by default (previously not)
- changes cache time from 10h to 10m
- updated tests to reflect the intent of the cache
---
 README.md                |  7 +++---
 src/JwksClient.js        |  2 +-
 src/wrappers/cache.js    |  2 +-
 tests/cache.tests.js     | 52 ++++++++++++++++++----------------------
 tests/rateLimit.tests.js |  1 +
 5 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/README.md b/README.md
index f9e0d85..c1a0be0 100644
--- a/README.md
+++ b/README.md
@@ -39,15 +39,15 @@ Integrations are also provided with:
 
 ### Caching
 
-In order to prevent a call to be made each time a signing key needs to be retrieved you can also configure a cache as follows. If a signing key matching the `kid` is found, this will be cached and the next time this `kid` is requested the signing key will be served from the cache instead of calling back to the JWKS endpoint.
+In order to prevent a call to be made each time a signing key needs to be retrieved a cache is implemented. If a signing key matching the `kid` is found, this will be cached and the next time this `kid` is requested the signing key will be served from the cache instead of calling back to the JWKS endpoint.
 
 ```js
 const jwksClient = require('jwks-rsa');
 
 const client = jwksClient({
-  cache: true,
+  cache: true, // Default Value
   cacheMaxEntries: 5, // Default value
-  cacheMaxAge: ms('10h'), // Default value
+  cacheMaxAge: ms('10m'), // Default value
   jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
 });
 
@@ -67,7 +67,6 @@ Even if caching is enabled the library will call the JWKS endpoint if the `kid`
 const jwksClient = require('jwks-rsa');
 
 const client = jwksClient({
-  cache: true,
   rateLimit: true,
   jwksRequestsPerMinute: 10, // Default value
   jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
diff --git a/src/JwksClient.js b/src/JwksClient.js
index 4e1574e..411b930 100644
--- a/src/JwksClient.js
+++ b/src/JwksClient.js
@@ -18,7 +18,7 @@ export class JwksClient {
   constructor(options) {
     this.options = {
       rateLimit: false,
-      cache: false,
+      cache: true,
       strictSsl: true,
       ...options
     };
diff --git a/src/wrappers/cache.js b/src/wrappers/cache.js
index cdb7105..0dc2554 100644
--- a/src/wrappers/cache.js
+++ b/src/wrappers/cache.js
@@ -2,7 +2,7 @@ import ms from 'ms';
 import debug from 'debug';
 import memoizer from 'lru-memoizer';
 
-export default function(client, { cacheMaxEntries = 5, cacheMaxAge = ms('10h') } = options) {
+export default function(client, { cacheMaxEntries = 5, cacheMaxAge = ms('10m') } = options) {
   const logger = debug('jwks');
   const getSigningKey = client.getSigningKey;
 
diff --git a/tests/cache.tests.js b/tests/cache.tests.js
index b883ed6..a58154f 100644
--- a/tests/cache.tests.js
+++ b/tests/cache.tests.js
@@ -11,49 +11,43 @@ describe('JwksClient (cache)', () => {
     nock.cleanAll();
   });
 
-  describe('#getSigningKeys', () => {
-    it('should cache requests', (done) => {
-      nock(jwksHost)
+  describe('#getSigningKey', () => {
+    describe('should cache requests per kid', () => {
+      let client;
+
+      before((done) => {
+        nock(jwksHost)
         .get('/.well-known/jwks.json')
         .reply(200, x5cSingle);
 
-      const client = new JwksClient({
-        cache: true,
-        jwksUri: `${jwksHost}/.well-known/jwks.json`
-      });
-
-      client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
-        expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
-        nock.cleanAll();
+        client = new JwksClient({
+          jwksUri: `${jwksHost}/.well-known/jwks.json`
+        });
 
+        // Cache the Key
         client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
           expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
+
+          // Stop the JWKS server
+          nock.cleanAll();
           done();
         });
-      });
-    });
-
-    it('should cache requests per kid', (done) => {
-      nock(jwksHost)
-        .get('/.well-known/jwks.json')
-        .reply(200, x5cSingle);
+      })
 
-      const client = new JwksClient({
-        cache: true,
-        jwksUri: `${jwksHost}/.well-known/jwks.json`
-      });
-
-      client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
-        expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
-        nock.cleanAll();
-
-        // This second call should fail because we "stopped the server" and this key was not cached.
+      it('should ignore the cache when the KID isnt cached and make a requst', (done) => {
         client.getSigningKey('12345', (err) => {
           expect(err).not.to.be.null;
           expect(err.code).to.equal('ENOTFOUND');
           done();
         });
-      });
+      })
+
+      it('should fetch the key from the cache', (done) => {
+        client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA', (err, key) => {
+          expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
+          done();
+        });
+      })
     });
   });
 });
diff --git a/tests/rateLimit.tests.js b/tests/rateLimit.tests.js
index badb155..2705c79 100644
--- a/tests/rateLimit.tests.js
+++ b/tests/rateLimit.tests.js
@@ -14,6 +14,7 @@ describe('JwksClient (cache)', () => {
   describe('#getSigningKeys', () => {
     it('should prevent too many requests', (done) => {
       const client = new JwksClient({
+        cache: false,
         rateLimit: true,
         jwksRequestsPerMinute: 2,
         jwksUri: `${jwksHost}/.well-known/jwks.json`