def test_pass_scopes_in_constructor(self):
token = ClientCapabilityToken('AC123', 'XXXXX', allow_client_outgoing={
'application_sid': 'AP123',
'param1': 'val1'
})
outgoing_uri = "scope:client:outgoing?appParams=param1%3Dval1&appSid=AP123"
result = Jwt.from_jwt(token.to_jwt(), "XXXXX")
self.assertEqual(outgoing_uri, result.payload["scope"])
def test_decodes_valid_jwt(self):
expiry_time = self.now() + 1000
example_jwt = jwt_lib.encode(
{'hello': 'world', 'iss': 'me', 'sub': 'being awesome', 'exp': expiry_time},
'secret'
)
decoded_jwt = Jwt.from_jwt(example_jwt, 'secret')
self.assertEqual(decoded_jwt.issuer, 'me')
self.assertEqual(decoded_jwt.subject, 'being awesome')
self.assertEqual(decoded_jwt.valid_until, expiry_time)
self.assertIn('hello', decoded_jwt.payload)
self.assertEqual(decoded_jwt.payload['hello'], 'world')
def test_decodes_valid_jwt(self):
expiry_time = self.now() + 1000
example_jwt = jwt_lib.encode(
{'hello': 'world', 'iss': 'me', 'sub': 'being awesome', 'exp': expiry_time},
'secret'
)
decoded_jwt = Jwt.from_jwt(example_jwt, 'secret')
self.assertEqual(decoded_jwt.issuer, 'me')
self.assertEqual(decoded_jwt.subject, 'being awesome')
self.assertEqual(decoded_jwt.valid_until, expiry_time)
self.assertIn('hello', decoded_jwt.payload)
self.assertEqual(decoded_jwt.payload['hello'], 'world')
def test_decode(self):
token = ClientCapabilityToken("AC123", "XXXXX")
token.allow_client_outgoing("AP123", foobar=3)
token.allow_client_incoming("andy")
token.allow_event_stream()
outgoing_uri = "scope:client:outgoing?appParams=foobar%3D3&appSid=AP123&clientName=andy"
incoming_uri = "scope:client:incoming?clientName=andy"
event_uri = "scope:stream:subscribe?path=%2F2010-04-01%2FEvents"
result = Jwt.from_jwt(token.to_jwt(), "XXXXX")
scope = result.payload["scope"].split(" ")
self.assertIn(outgoing_uri, scope)
self.assertIn(incoming_uri, scope)
self.assertIn(event_uri, scope)
def test_encode_decode(self):
test_start = self.now()
jwt = DummyJwt('secret_key', 'issuer', subject='hey', payload={'sick': 'sick'})
decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), 'secret_key')
self.assertGreaterEqual(decoded_jwt.valid_until, self.now() + 3600)
self.assertGreaterEqual(decoded_jwt.nbf, test_start)
self.assertEqual(decoded_jwt.issuer, 'issuer')
self.assertEqual(decoded_jwt.secret_key, 'secret_key')
self.assertEqual(decoded_jwt.algorithm, 'HS256')
self.assertEqual(decoded_jwt.subject, 'hey')
self.assertEqual(decoded_jwt.headers, {'typ': 'JWT', 'alg': 'HS256'})
self.assertDictContainsSubset({
'iss': 'issuer',
'sub': 'hey',
'sick': 'sick',
}, decoded_jwt.payload)
def test_encode_decode(self):
test_start = self.now()
jwt = DummyJwt('secret_key', 'issuer', subject='hey', payload={'sick': 'sick'})
decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), 'secret_key')
self.assertGreaterEqual(decoded_jwt.valid_until, self.now() + 3600)
self.assertGreaterEqual(decoded_jwt.nbf, test_start)
self.assertEqual(decoded_jwt.issuer, 'issuer')
self.assertEqual(decoded_jwt.secret_key, 'secret_key')
self.assertEqual(decoded_jwt.algorithm, 'HS256')
self.assertEqual(decoded_jwt.subject, 'hey')
self.assertEqual(decoded_jwt.headers, {'typ': 'JWT', 'alg': 'HS256'})
self.assertDictContainsSubset({
'iss': 'issuer',
'sub': 'hey',
'sick': 'sick',
}, decoded_jwt.payload)
def test_jwt_signing(self):
vp = ValidationPayload(method='GET',
path='/Messages',
query_string='PageSize=5&Limit=10',
signed_headers=['authorization', 'host'],
all_headers={
'authorization': 'foobar',
'host': 'api.twilio.com'
},
body='foobar')
expected_hash = '4dc9b67bed579647914587b0e22a1c65c1641d8674797cd82de65e766cce5f80'
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = private_key.public_key().public_bytes(
Encoding.PEM, PublicFormat.PKCS1)
private_key = private_key.private_bytes(Encoding.PEM,
PrivateFormat.PKCS8,
NoEncryption())
jwt = ClientValidationJwt('AC123', 'SK123', 'CR123', private_key, vp)
decoded = Jwt.from_jwt(jwt.to_jwt(), public_key)
self.assertDictContainsSubset(
{
'hrh': 'authorization;host',
'rqh': expected_hash,
'iss': 'SK123',
'sub': 'AC123',
}, decoded.payload)
self.assertGreaterEqual(decoded.payload['exp'], time.time(),
'JWT exp is before now')
self.assertLessEqual(decoded.payload['exp'],
time.time() + 501, 'JWT exp is after now + 5m')
self.assertDictEqual(
{
'alg': 'RS256',
'typ': 'JWT',
'cty': 'twilio-pkrv;v=1',
'kid': 'CR123'
}, decoded.headers)
def test_jwt_signing(self):
vp = ValidationPayload(
method='GET',
path='/Messages',
query_string='PageSize=5&Limit=10',
signed_headers=['authorization', 'host'],
all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'},
body='foobar'
)
expected_hash = '4dc9b67bed579647914587b0e22a1c65c1641d8674797cd82de65e766cce5f80'
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key().public_bytes(Encoding.PEM, PublicFormat.PKCS1)
private_key = private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption())
jwt = ClientValidationJwt('AC123', 'SK123', 'CR123', private_key, vp)
decoded = Jwt.from_jwt(jwt.to_jwt(), public_key)
self.assertDictContainsSubset({
'hrh': 'authorization;host',
'rqh': expected_hash,
'iss': 'SK123',
'sub': 'AC123',
}, decoded.payload)
self.assertGreaterEqual(decoded.payload['exp'], time.time(), 'JWT exp is before now')
self.assertLessEqual(decoded.payload['exp'], time.time() + 501, 'JWT exp is after now + 5m')
self.assertDictEqual({
'alg': 'RS256',
'typ': 'JWT',
'cty': 'twilio-pkrv;v=1',
'kid': 'CR123'
}, decoded.headers)
def test_decode_allows_skip_verification(self):
jwt = DummyJwt('secret', 'issuer', payload={'get': 'rekt'})
decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), key=None)
self.assertEqual(decoded_jwt.issuer, 'issuer')
self.assertEqual(decoded_jwt.payload['get'], 'rekt')
self.assertIsNone(decoded_jwt.secret_key)
def test_decode_allows_skip_verification(self):
jwt = DummyJwt('secret', 'issuer', payload={'get': 'rekt'})
decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), key=None)
self.assertEqual(decoded_jwt.issuer, 'issuer')
self.assertEqual(decoded_jwt.payload['get'], 'rekt')
self.assertIsNone(decoded_jwt.secret_key)