Beispiel #1
0
    def test_using_claim_data_in_salt(self):
        jti = base64.urlsafe_b64encode(random_bytes())
        claims = self.jwt_claims
        claims['jti'] = jti

        def generate_custom_salt(claims):
            if claims is None:
                return "foobar"

            # Obviously you'd never do _literally_ this, but you might want
            # To use some of this data to generate the salt, or to look it
            # up in a db somewhere based on some of this info.
            return "%s%d%s" % (claims['aud'], claims['iat'], claims['jti'])

        issued_at = datetime.datetime.utcnow()

        token_gen = self.token_generator

        token = token_gen.issue_token(user_id='12345',
                                      scope=['email', 'profile'],
                                      jti=jti,
                                      issued_at=issued_at)

        # change the salt generator
        joat.salt_generator = generate_custom_salt
        salted_token = token_gen.issue_token(user_id='12345',
                                             scope=['email', 'profile'],
                                             jti=jti,
                                             issued_at=issued_at)
        self.assertNotEqual(token, salted_token)

        # token with original salt shouldn't parse
        self.assertIsNone(joat.parse_token(token))

        # but this one should
        salted_token_data = joat.parse_token(salted_token)
        expected_payload = self.joat_payload
        expected_payload.update({'jti': jti})
        self.assertIsNotNone(salted_token_data)
        self.assertDictEqual(salted_token_data, expected_payload)

        # restore the original salt generator
        joat.salt_generator = self.generate_salt

        # custom salted token shouldnt parse anymore
        self.assertIsNone(joat.parse_token(salted_token))

        # but this one should
        token_data = joat.parse_token(token)
        self.assertIsNotNone(token_data)
        self.assertDictEqual(token_data, self.joat_payload)
Beispiel #2
0
    def test_using_claim_data_in_salt(self):
        jti = base64.urlsafe_b64encode(random_bytes())
        claims = self.jwt_claims
        claims["jti"] = jti

        def generate_custom_salt(claims):
            if claims is None:
                return "foobar"

            # Obviously you'd never do _literally_ this, but you might want
            # To use some of this data to generate the salt, or to look it
            # up in a db somewhere based on some of this info.
            return "%s%d%s" % (claims["aud"], claims["iat"], claims["jti"])

        issued_at = datetime.datetime.utcnow()

        token_gen = self.token_generator

        token = token_gen.issue_token(user_id="12345", scope=["email", "profile"], jti=jti, issued_at=issued_at)

        # change the salt generator
        joat.salt_generator = generate_custom_salt
        salted_token = token_gen.issue_token(user_id="12345", scope=["email", "profile"], jti=jti, issued_at=issued_at)
        self.assertNotEqual(token, salted_token)

        # token with original salt shouldn't parse
        self.assertIsNone(joat.parse_token(token))

        # but this one should
        salted_token_data = joat.parse_token(salted_token)
        expected_payload = self.joat_payload
        expected_payload.update({"jti": jti})
        self.assertIsNotNone(salted_token_data)
        self.assertDictEqual(salted_token_data, expected_payload)

        # restore the original salt generator
        joat.salt_generator = self.generate_salt

        # custom salted token shouldnt parse anymore
        self.assertIsNone(joat.parse_token(salted_token))

        # but this one should
        token_data = joat.parse_token(token)
        self.assertIsNotNone(token_data)
        self.assertDictEqual(token_data, self.joat_payload)
Beispiel #3
0
    def test_validate_token(self):
        valid_token = jwt.encode(self.jwt_claims, self.generate_salt(self.jwt_claims))

        cred = joat.parse_token(valid_token)
        self.assertEqual(cred["provider"], self.jwt_claims["iss"])
        self.assertEqual(cred["user_id"], self.jwt_claims["sub"])
        self.assertEqual(cred["client_id"], self.jwt_claims["aud"])
        self.assertListEqual(cred["authorized_scope"], self.jwt_claims["scp"])
        self.assertEqual(cred["jti"], self.jwt_claims["jti"])
Beispiel #4
0
    def test_validate_expired_token(self):
        lifetime = datetime.timedelta(seconds=1)

        generator = joat.TokenGenerator("My Provider")
        generator.client_id = "abc123DEF"
        token = generator.issue_token(user_id="12345", scope=["email", "profile"], lifetime=lifetime)

        time.sleep(2)

        self.assertIsNone(joat.parse_token(token))
Beispiel #5
0
    def test_validate_token(self):
        valid_token = jwt.encode(self.jwt_claims,
                                 self.generate_salt(self.jwt_claims))

        cred = joat.parse_token(valid_token)
        self.assertEqual(cred['provider'], self.jwt_claims['iss'])
        self.assertEqual(cred['user_id'], self.jwt_claims['sub'])
        self.assertEqual(cred['client_id'], self.jwt_claims['aud'])
        self.assertListEqual(cred['authorized_scope'], self.jwt_claims['scp'])
        self.assertEqual(cred['jti'], self.jwt_claims['jti'])
Beispiel #6
0
    def test_validate_expired_token(self):
        lifetime = datetime.timedelta(seconds=1)

        generator = joat.TokenGenerator("My Provider")
        generator.client_id = 'abc123DEF'
        token = generator.issue_token(user_id='12345',
                                      scope=['email', 'profile'],
                                      lifetime=lifetime)

        time.sleep(2)

        self.assertIsNone(joat.parse_token(token))
Beispiel #7
0
 def test_validate_token_after_setting_salter(self):
   joat.salt_generator = self.generate_salt
   token = joat.parse_token(self.jwt_token)
Beispiel #8
0
 def test_validate_token_without_setting_salter(self):
   with self.assertRaises(NotImplementedError):
     joat.parse_token(self.jwt_token)
Beispiel #9
0
    def test_validate_with_incorrect_salt(self):
        invalid_token = jwt.encode(self.jwt_claims, self.generate_wrong_salt(None))

        credential = joat.parse_token(invalid_token)
        self.assertIsNone(credential)
Beispiel #10
0
 def test_validate_token_after_setting_salter(self):
     joat.salt_generator = self.generate_salt
     token = joat.parse_token(self.jwt_token)
Beispiel #11
0
 def test_validate_token_without_setting_salter(self):
     with self.assertRaises(NotImplementedError):
         joat.parse_token(self.jwt_token)
Beispiel #12
0
    def test_validate_with_incorrect_salt(self):
        invalid_token = jwt.encode(self.jwt_claims,
                                   self.generate_wrong_salt(None))

        credential = joat.parse_token(invalid_token)
        self.assertIsNone(credential)