Beispiel #1
0
    def test_login_with_cas(self):
        token = JwtPrincipal(
            dict(email='*****@*****.**', title='user2',
                 referenceId=2)).dump().decode()
        self._authentication_token = token

        with cas_mockup_server():
            settings.merge(f'''
                oauth:
                  member:
                    url: {settings.tokenizer.url}/apiv1/members
                    verb: get
            ''')
            with self.given(title='Try to access an authorized resource',
                            description='Members are got from the cas',
                            url='/apiv1/resources',
                            headers={'X-Oauth2-Access-Token: access token2'}):
                assert status == 200
                mismathc_token = JwtPrincipal(
                    dict(email='*****@*****.**',
                         title='user3',
                         referenceId=3)).dump().decode()

                when('Token not match the CAS member',
                     authorization=mismathc_token)
                assert status == 400

                when('Try to pass with bad token',
                     authorization='Invalid Token')
                assert status == 400

                when('Try to access an unauthorized resource',
                     authorization=None)
                assert status == 401

                member_token = JwtPrincipal(
                    dict(email='*****@*****.**',
                         title='user1',
                         referenceId=1)).dump().decode()
                when('Member exist in database',
                     authorization=member_token,
                     headers=Remove('X-Oauth2-Access-Token'))
                assert status == 200

                with cas_server_status('503 Service Not Available'):
                    when('CAS server is not available')
                    assert status == '800 CAS Server Not Available'

                with cas_server_status('500 Internal Service Error'):
                    when('CAS server faces with internal error')
                    assert status == '801 CAS Server Internal Error'

                with cas_server_status('404 Not Found'):
                    when('CAS server is not found')
                    assert status == '617 CAS Server Not Found'
    def test_root(self):

        principal = JwtPrincipal(dict(
            email='*****@*****.**',
            name='mohammad',
            family='sheikhian',
            id=1,
            sessionId=1,
            roles=['admin']
        ))
        self.login_token = principal.dump().decode("utf-8")

        call = dict(
            title='GET',
            description='',
            url='/',
            verb='GET',
            autodoc=f'{document_directory}/root_get_with_authorization.md'
        )
        with self.given(**call):
            then(response.status_code == 200)

        self.login_token = None
        call = dict(
            title='GET',
            description='',
            url='/',
            verb='GET',
            autodoc=f'{document_directory}/root_get_without_authorization.md'
        )
        with self.given(**call):
            then(response.status_code == 200)

        call = dict(
            title='POST',
            description='',
            url='/',
            verb='POST',
            form={
                'url': 'www.varzesh3.com'
            },
            autodoc=f'{document_directory}/root_post.md'
        )
        with self.given(**call):
            then(response.status_code == 200)

        call = dict(
            title='POST',
            description='',
            url='/',
            verb='POST',
            form={}
        )
        with self.given(**call):
            then(response.status_code == 400)
Beispiel #3
0
    def test_login(self):
        call = dict(
            title='Login',
            description='Login to system as god',
            url='/apiv1/members',
            verb='LOGIN',
            form={
                'email': '*****@*****.**',
                'password': '******',
            }
        )
        with self.given(**call):
            then(response.status_code == 200)
            and_('token' in response.json)
            principal = JwtPrincipal.load(response.json['token'])
            and_('sessionId' in principal.payload)

            when(
                'Trying to login with invalid email and_ password',
                form={
                    'email': '*****@*****.**',
                    'password': '******',
                }
            )
            then(response.status_code == 400)

            when(
                'Trying to login with invalid password',
                form={
                    'email': '*****@*****.**',
                    'password': '******',
                }
            )
            then(response.status_code == 400)
Beispiel #4
0
    def create_jwt_principal(self, session_id=None):
        # FIXME: IMPORTANT Include user password as salt in signature

        if session_id is None:
            session_id = str(uuid.uuid4())

        return JwtPrincipal(
            dict(id=self.id,
                 roles=self.roles,
                 email=self.email,
                 sessionId=session_id))
Beispiel #5
0
    def get(self):

        if(context.query_string.get('code') is None) or \
                (client_secret_data['client_id'] is None) or \
                (client_secret_data['client_secret'] is None):
            raise HttpBadRequest

        body_token = dict()
        body_token['grant_type'] = 'authorization_code'
        body_token['code'] = context.query_string.get('code')
        body_token['client_id'] = client_secret_data['client_id']
        body_token['redirect_uri'] = settings.redirect_uri_auth
        body_token['client_secret'] = client_secret_data['client_secret']

        response_token = requests.post(settings.auth_google_uri_token,
                                       body_token)

        if response_token.status_code != 200:
            raise HttpForbidden()

        response_get_profile = requests.get(
            settings.oauth_url_google_api,
            headers={
                'Authorization':
                'OAuth ' +
                json_library.loads(response_token.text)['access_token']
            })

        if response_get_profile.status_code != 200:
            raise HttpNotFound()

        profile = json_library.loads(response_get_profile.text)

        if 'refresh_token' in response_token.text:
            member = Member(given_name=profile['given_name'],
                            family_name=profile['family_name'],
                            email=profile['email'],
                            google_access_token=json_library.loads(
                                response_token.text)['access_token'],
                            google_refresh_token=json_library.loads(
                                response_token.text)['refresh_token'])
            DBSession.add(member)
            DBSession.commit()

        return dict(authorization=JwtPrincipal(profile).dump().decode("utf-8"))
Beispiel #6
0
    def test_create_user(self):
        token = JwtPrincipal(
            dict(email='*****@*****.**', title='user1',
                 referenceId=2)).dump().decode()

        with cas_mockup_server(), self.given(
                'Create a member',
                '/apiv1/members',
                'ENSURE',
                headers=dict(authorization=token,
                             x_oauth2_access_token='access token1'),
                form=dict(title='example')):
            assert status == 200
            assert response.json['title'] == 'user1'

            when('Access token is not in headers',
                 headers=Remove('x_oauth2_access_token'))
            assert status == 400
Beispiel #7
0
    async def test_websocket(self, websocket_session, asyncpg):
        self.login('*****@*****.**')

        async with websocket_session(token=self._authentication_token) as ws:
            token = JwtPrincipal.load(self._authentication_token)
            member_id = self.member.id
            session_id = token.session_id.encode()

            member_sessions = await sessions.get_sessions(member_id)
            assert len(member_sessions) == 1
            assert member_sessions == {
                session_id: b'jaguar_websocket_server_1'
            }
            await ws.send_str('close')
            assert await ws.receive_str() == 'closing'

            active_sessions = await sessions.get_sessions(member_id)
            assert len(active_sessions) == 0
Beispiel #8
0
def test_principal():
    __configuration__ = '''
    jwt:
      secret: JWT-SECRET
      algorithm: HS256
      max_age: 86400  # 24 Hours
      refresh_token:
        secret: JWT-REFRESH-SECRET
        algorithm: HS256
        max_age: 2678400  # 30 Days
    '''
    configure(force=True)
    settings.merge(__configuration__)

    principal = JwtPrincipal(
        dict(email='*****@*****.**', id=1, sessionId=1, roles=['admin']))

    assert principal.email == '*****@*****.**'
    assert principal.id == 1
    assert principal.session_id == 1
    assert principal.roles == ['admin']
    assert principal.is_in_roles('admin') is True
    assert principal.is_in_roles('admin', 'god') is True

    encoded = principal.dump()

    principal = JwtPrincipal.load(encoded.decode())
    assert principal.email == '*****@*****.**'
    assert principal.id == 1
    assert principal.session_id == 1
    assert principal.roles == ['admin']
    assert principal.is_in_roles('admin') is True
    assert principal.is_in_roles('admin', 'god') is True

    principal = JwtPrincipal.load(encoded.decode(), force=True)
    assert principal.email == '*****@*****.**'
    assert principal.id == 1
    assert principal.session_id == 1
    assert principal.roles == ['admin']
    assert principal.is_in_roles('admin') is True
    assert principal.is_in_roles('admin', 'god') is True

    principal =\
        JwtPrincipal.load((b'Bearer %s' % encoded).decode(), force=True)
    assert principal.email == '*****@*****.**'
    assert principal.id == 1
    assert principal.session_id == 1
    assert principal.roles == ['admin']
    assert principal.is_in_roles('admin') is True
    assert principal.is_in_roles('admin', 'god') is True
Beispiel #9
0
 def create_principal(self, member_id=None, session_id=None):
     return JwtPrincipal(
         dict(id=1, email='*****@*****.**', roles=roles, sessionId='1'))
Beispiel #10
0
    def test_principal(self):
        principal = JwtPrincipal(
            dict(email='*****@*****.**', id=1, sessionId=1, roles=['admin']))

        self.assertEqual(principal.email, '*****@*****.**')
        self.assertEqual(principal.id, 1)
        self.assertEqual(principal.session_id, 1)
        self.assertEqual(principal.roles, ['admin'])
        self.assertTrue(principal.is_in_roles('admin'))
        self.assertTrue(principal.is_in_roles('admin', 'god'))

        encoded = principal.dump()

        principal = JwtPrincipal.load(encoded.decode())
        self.assertEqual(principal.email, '*****@*****.**')
        self.assertEqual(principal.id, 1)
        self.assertEqual(principal.session_id, 1)
        self.assertEqual(principal.roles, ['admin'])
        self.assertTrue(principal.is_in_roles('admin'))
        self.assertTrue(principal.is_in_roles('admin', 'god'))

        principal = JwtPrincipal.load(encoded.decode(), force=True)
        self.assertEqual(principal.email, '*****@*****.**')
        self.assertEqual(principal.id, 1)
        self.assertEqual(principal.session_id, 1)
        self.assertEqual(principal.roles, ['admin'])
        self.assertTrue(principal.is_in_roles('admin'))
        self.assertTrue(principal.is_in_roles('admin', 'god'))

        principal = JwtPrincipal.load((b'Bearer %s' % encoded).decode(),
                                      force=True)
        self.assertEqual(principal.email, '*****@*****.**')
        self.assertEqual(principal.id, 1)
        self.assertEqual(principal.session_id, 1)
        self.assertEqual(principal.roles, ['admin'])
        self.assertTrue(principal.is_in_roles('admin'))
        self.assertTrue(principal.is_in_roles('admin', 'god'))
Beispiel #11
0
 def create_jwt_principal(self):
     return JwtPrincipal(dict(id=self.id, email=self.email,
                              name=self.title))
Beispiel #12
0
 def __call__(self, args):
     payload = ujson.loads(args.payload)
     print(JwtPrincipal(payload).dump(args.expire_in).decode())
 def verify_token(self, encoded_token):
     return JwtPrincipal.load(encoded_token)
Beispiel #14
0
 def launch(self):
     payload = ujson.loads(self.args.payload)
     print(JwtPrincipal(payload).dump(self.args.expire_in).decode())