Beispiel #1
0
    def jwt_claim(self, expiration_s=150):
        """
        Build a JWT claim used to obtain token from auth provider.
        Logic and naming explained here:
        https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.html
        https://tools.ietf.org/html/rfc7523

        Args:
            expiration_s (int): value for `exp` claim field. Per RFC has to be <= 180s

        Returns:
            str: claim as base64 string
        """
        claim = urlsafe_b64encode('{"alg":"RS256"}'.encode()).decode()
        claim += "."
        expiration_ts = int(datetime_to_float(timezone.now() + timedelta(seconds=expiration_s)))
        claim_template = '{{"iss": "{iss}", "sub": "{sub}", "aud": "{aud}", "exp": {exp}}}'
        payload = claim_template.format(
            iss=self.app.client_id,  # issuer
            sub=self.app.extra_settings['subject'],
            aud=self._audience(),
            exp=expiration_ts
        )
        log.debug("JWT flow claim payload: %s", payload)
        claim += urlsafe_b64encode(payload.encode()).decode()
        return claim
Beispiel #2
0
 def test_datetime_to_float_timezone_naive(self):
     """
     2h after the epoch begins.
     Return a timezone-naive object.
     """
     dt = datetime(1970, 1, 1, 2, 0)
     expected_ts = 3600 * 2
     actual_ts = datetime_to_float(dt)
     self.assertAlmostEqual(expected_ts, actual_ts)
Beispiel #3
0
 def test_datetime_to_float_timezone_aware_zero(self):
     """
     The epoch start in UTC sure equals ts=0.
     Return a timezone-aware object.
     """
     dt = datetime(1970, 1, 1, 0, 0, tzinfo=pytz.UTC)
     expected_ts = 0
     actual_ts = datetime_to_float(dt)
     self.assertAlmostEqual(expected_ts, actual_ts)
Beispiel #4
0
 def test_expires_in_the_past_raises(self):
     """
     Ensure `expires` timestamp (on the token) in the past raises an exception.
     This means either parsing issues on our side, or auth provider gone insane.
     """
     raw_token = {'expires_at': datetime_to_float(timezone.now() - timedelta(hours=40))}
     expected_msg = "This means either parsing issue on our side or auth provider gone insane"
     with six.assertRaisesRegex(self, ValueError, expected_msg):
         expiry_date(raw_token)
Beispiel #5
0
 def test_datetime_to_float_timezone_aware(self):
     """
     2h into the epoch in CET is 1h into the epoch in UTC.
     Return a timezone-aware object.
     """
     cet_tz = timezone('CET')
     dt = datetime(1970, 1, 1, 2, 0, 0, 123000, tzinfo=cet_tz)
     expected_ts = 3600.123  # 123000 microseconds = 123 milliseconds
     actual_ts = datetime_to_float(dt)
     self.assertAlmostEqual(expected_ts, actual_ts)