Beispiel #1
0
def test_not_authenticated():
    a = Identity({
        'oid': 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    })

    assert a.authentication_mode is None
    assert a.is_authenticated() is False
Beispiel #2
0
def test_has_claim():
    a = Identity({
        'oid': 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    })

    assert a.has_claim('oid')
    assert a.has_claim('foo') is False
Beispiel #3
0
def test_authenticated():
    a = Identity({
        'oid': 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    }, 'JWT Bearer')

    assert a.authentication_mode == 'JWT Bearer'
    assert a.is_authenticated()
Beispiel #4
0
def test_has_claim_value():
    a = Identity({
        'hello': 'world',
        'foo': 'foo'
    })

    assert a.has_claim_value('foo', 'foo')
    assert a.has_claim_value('hello', 'world')
    assert a.has_claim_value('hello', 'World') is False
Beispiel #5
0
def test_user_identity_dictionary_notation():
    a = Identity({
        'oid': 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    })

    assert a['oid'] == 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    assert a['foo'] is None
Beispiel #6
0
 async def authenticate(self, context: Any) -> Optional[Identity]:
     context.identity = Identity(
         {
             'id': '007',
         }
     )  # NB: an identity without authentication scheme is treated as anonymous identity
     return context.identity
Beispiel #7
0
def test_anonymous_policy():
    strategy = AuthorizationStrategy(default_policy=AnonymousPolicy())

    strategy.authorize(None, None)

    strategy.authorize(None, Identity({}))

    assert True
Beispiel #8
0
 async def authenticate(self, context):
     header_value = context.get_first_header(b"Authorization")
     if header_value:
         data = json.loads(urlsafe_b64decode(header_value).decode("utf8"))
         context.identity = Identity(data, "FAKE")
     else:
         context.identity = None
     return context.identity
Beispiel #9
0
async def test_identity_binder():
    request = Request("GET", b"/", None)
    request.identity = Identity({})

    parameter = IdentityBinder(Identity)

    value = await parameter.get_value(request)

    assert value is request.identity
Beispiel #10
0
def test_policy_without_requirements_always_succeeds():
    # a policy without requirements is a no-op policy that always succeeds,
    # even when there is no known identity
    strategy = AuthorizationStrategy(Policy('default'))

    strategy.authorize('default', None)

    strategy.authorize('default', Identity({}))

    assert True
Beispiel #11
0
 def decode(self, access_token, key, issuer) -> Optional[Identity]:
     try:
         decoded = jwt.decode(access_token,
                              key,
                              verify=True,
                              algorithms=self.permitted_algorithms,
                              audience=self.valid_audiences,
                              issuer=issuer)
     except jwt.exceptions.InvalidAudienceError:
         raise InvalidAudienceError()
     except DecodeError as de:
         raise JWTAuthorizationError(de)
     else:
         return Identity(decoded, self.scheme)
Beispiel #12
0
async def test_authorization_policy_success(app, mock_receive, mock_send):
    admin = Identity({"id": "001", "name": "Charlie Brown", "role": "admin"}, "JWT")

    app.use_authentication().add(MockAuthHandler(admin))

    app.use_authorization().add(AdminsPolicy())

    @auth("admin")
    @app.router.get("/")
    async def home():
        return None

    app.prepare()
    await app(get_example_scope("GET", "/"), mock_receive(), mock_send)

    assert app.response.status == 204
Beispiel #13
0
    def authorize(self, policy_name: Optional[str], identity: Identity):
        if policy_name:
            policy = self.get_policy(policy_name)

            if not policy:
                raise PolicyNotFoundError(policy_name)

            self._handle_with_policy(policy, identity)
        else:
            if self.default_policy:
                self._handle_with_policy(self.default_policy, identity)
                return

            if not identity:
                raise UnauthorizedError('Missing identity', [])
            if not identity.is_authenticated():
                raise UnauthorizedError('The resource requires authentication',
                                        [])
Beispiel #14
0
async def test_authorization_policy_success():
    app = FakeApplication()

    admin = Identity({
        'id': '001',
        'name': 'Charlie Brown',
        'role': 'admin'
    }, 'JWT')

    app.use_authentication()\
        .add(MockAuthHandler(admin))

    app.use_authorization()\
        .add(AdminsPolicy())

    @auth('admin')
    @app.router.get(b'/')
    async def home():
        return None

    app.prepare()
    await app(get_example_scope('GET', '/'), MockReceive(), MockSend())

    assert app.response.status == 204
Beispiel #15
0
def test_claims_default():
    a = Identity({})

    assert a.claims.get('oid') is None
Beispiel #16
0
 def __init__(self, identity=None):
     if identity is None:
         identity = Identity({"id": "001", "name": "Charlie Brown"}, "JWT")
     self.identity = identity
Beispiel #17
0
 def __init__(self, identity=None):
     if identity is None:
         identity = Identity({'id': '001', 'name': 'Charlie Brown'}, 'JWT')
     self.identity = identity
Beispiel #18
0
def test_claims():
    a = Identity({
        'oid': 'bc5f60df-4c27-49c1-8466-acf32618a6d2'
    })

    assert a.claims['oid'] == 'bc5f60df-4c27-49c1-8466-acf32618a6d2'