Beispiel #1
0
    def test_no_preferred_username(self):
        """
        Ensure the service gracefully handles an inability to extract a username from the id token.
        """
        # with preferred_username: all good
        authentication = JwtAuthentication()
        user = authentication.authenticate_credentials(
            {'preferred_username': self.USERNAME})
        self.assertEqual(user.username, self.USERNAME)

        # missing preferred_username: exception
        authentication = JwtAuthentication()
        with self.assertRaises(AuthenticationFailed):
            authentication.authenticate_credentials({})
Beispiel #2
0
 def test_required_claims(self, claim):
     """
     Verify that tokens that do not carry 'exp' or 'iat' claims are rejected
     """
     authentication = JwtAuthentication()
     user = UserFactory()
     jwt_payload = self.default_payload(user)
     del jwt_payload[claim]
     jwt_value = self.generate_token(jwt_payload)
     request = APIRequestFactory().get(
         'dummy', HTTP_AUTHORIZATION=f'JWT {jwt_value}')
     with self.assertRaises(AuthenticationFailed):
         authentication.authenticate(request)
Beispiel #3
0
 def test_admin_user(self):
     """
     Ensure the service gracefully handles an admin role from the id token.
     """
     authentication = JwtAuthentication()
     user = authentication.authenticate_credentials({
         'preferred_username':
         self.USERNAME,
         'administrator':
         True
     })
     self.assertEqual(user.username, self.USERNAME)
     self.assertEqual(len(user.groups.all()), 1)
     self.assertEqual(user.groups.all()[0].name, Role.ADMINS)
Beispiel #4
0
    def test_leeway(self, claim, offset):
        """
        Verify that the service allows the specified amount of leeway (in
        seconds) when nonzero and validating "exp" and "iat" claims.
        """
        authentication = JwtAuthentication()
        user = UserFactory()
        jwt_value = self.generate_id_token(
            user, **{claim: int(time.time()) + offset})
        request = APIRequestFactory().get(
            'dummy', HTTP_AUTHORIZATION='JWT {}'.format(jwt_value))

        # with no leeway, these requests should not be authenticated
        with mock.patch.object(drf_jwt_settings, 'JWT_LEEWAY', 0):
            with self.assertRaises(AuthenticationFailed):
                authentication.authenticate(request)

        # with enough leeway, these requests should be authenticated
        with mock.patch.object(drf_jwt_settings, 'JWT_LEEWAY', abs(offset)):
            self.assertEqual((user, jwt_value),
                             authentication.authenticate(request))