def main_sync():
"""main sync loop."""
logging.info("Starting ejabberd_external_auth_jwt in sync mode")
# loading conf
conf = load_config(CONFIG_PATH)
while True:
data = from_ejabberd()
sys.stderr.write("### AUTH based on data: %s" % data)
success = False
if data[0] == "auth":
success = jwt_auth(login="******" % (data[1], data[2]),
token=data[3],
conf=conf)
elif data[0] == "isuser":
success = isuser(data[1], data[2])
to_ejabberd(success)
def test_auth_simple_nok_2(conf_simple, payload_simple):
"""simple auth test nok because bad secret."""
jwt_token = jwt.encode(payload_simple, "BADSECRET",
"HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_simple) is False
def test_auth_simple_nok_1(conf_simple, payload_simple):
"""simple auth test nok because login does not match."""
jwt_token = jwt.encode(payload_simple, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_simple) is False
def test_auth_simple_ok_1(conf_simple, payload_simple):
"""simple auth test."""
jwt_token = jwt.encode(payload_simple, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_simple) is True
def test_auth_empty_nok_1(conf_empty, payload_simple):
"""simple auth test, mandatory secret not given."""
jwt_token = jwt.encode(payload_simple, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_empty) is False
def test_auth_full_nok_nbf_1(conf_full, payload_full):
"""full auth test with all controls enabled in conf, not yet active"""
payload_full["nbf"] = datetime.datetime.utcnow() + datetime.timedelta(
seconds=11)
jwt_token = jwt.encode(payload_full, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_full) is False
def test_auth_full_nok_aud_1(conf_full, payload_full):
"""full auth test with all controls enabled in conf, bad aud"""
payload_full["aud"] = "bad_aud"
jwt_token = jwt.encode(payload_full, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_full) is False
def test_auth_full_ok_2(conf_full, payload_full):
"""full auth test with all controls enabled in conf, encoded with old secret"""
jwt_token = jwt.encode(payload_full, "OLDSECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_full) is True
def test_auth_simple2_nok_3(conf_simple2, payload_simple):
"""simple auth test nok because bad user claim."""
jwt_token = jwt.encode(payload_simple, "SECRET", "HS256").decode("utf-8")
assert jwt_auth("*****@*****.**", jwt_token, conf_simple2) is False
