def _verify_refresh_token(token, public_jwk):
try:
decoded = JWTAuthenticator(public_jwk).validate(token)
except Exception as e:
_LOGGER.error(f'[_verify_refresh_token] {e}')
raise ERROR_AUTHENTICATE_FAILURE(message='Token validation failed.')
if decoded.get('cat') != 'REFRESH_TOKEN':
raise ERROR_INVALID_REFRESH_TOKEN()
return {
'user_id': decoded['aud'],
'user_type': decoded['user_type'],
'key': decoded['key'],
'ttl': decoded['ttl']
}
def _authenticate(self, token, domain_id, meta):
public_key = self._get_public_key(domain_id, meta)
payload = JWTAuthenticator(json.loads(public_key)).validate(token)
# TODO: if payload is api_key type and record is delete in database, raise ERROR_AUTHENTICATE_FAILURE exception.
return payload
class TestJWTAuthenticator(unittest.TestCase):
@classmethod
def setUpClass(cls):
super(TestJWTAuthenticator, cls).setUpClass()
@classmethod
def tearDownClass(cls):
super(TestJWTAuthenticator, cls).tearDownClass()
def setUp(self):
self._generate_key()
def _generate_key(self):
self._prv_jwk, self._pub_jwk = JWTUtil.generate_jwk()
self._jwt_auth = JWTAuthenticator(self._pub_jwk)
def tearDown(self):
pass
def test_validate(self):
payload = {'hello': 'world', 'did': 'domain-0436002f575f'}
encoded = JWTUtil.encode(payload, self._prv_jwk)
decoded = self._jwt_auth.validate(encoded)
self.assertDictEqual(payload, decoded)
def test_invalid_token_content(self):
encoded = '12345.12345.12345'
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(encoded)
encoded = '1234512a34512345'
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(encoded)
decimal = 1
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(decimal)
dictionary = {}
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(dictionary)
boolean = {}
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(boolean)
float = 1.1
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(float)
list = []
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(list)
obj = object
with self.assertRaises(ERROR_AUTHENTICATE_FAILURE):
self._jwt_auth.validate(obj)
def _generate_key(self):
self._prv_jwk, self._pub_jwk = JWTUtil.generate_jwk()
self._jwt_auth = JWTAuthenticator(self._pub_jwk)