Ejemplo n.º 1
0
    def test_decode_unknown_issuer(self):
        token = self.create_auth_token(self.user, 'non-existant-issuer',
                                       'some-secret')
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == 'unknown JWT issuer'
Ejemplo n.º 2
0
    def test_decode_unknown_issuer(self):
        token = self.create_auth_token(self.user, 'non-existant-issuer',
                                       'some-secret')
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == 'unknown JWT issuer'
Ejemplo n.º 3
0
    def test_decode_token_without_issuer(self):
        payload = self.auth_token_payload(self.user, 'some-issuer')
        del payload['iss']
        token = self.encode_token_payload(payload, 'some-secret')
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == 'invalid JWT'
Ejemplo n.º 4
0
    def test_expired_token(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        payload["exp"] = datetime.utcnow() - settings.JWT_AUTH["JWT_EXPIRATION_DELTA"] - timedelta(seconds=10)
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.ExpiredSignatureError):
            handlers.jwt_decode_handler(token)
Ejemplo n.º 5
0
    def test_missing_expiration(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        del payload['exp']
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.MissingRequiredClaimError):
            handlers.jwt_decode_handler(token)
Ejemplo n.º 6
0
    def test_report_token_without_issuer(self):
        payload = self.auth_token_payload(self.user, "some-issuer")
        del payload["iss"]
        token = self.encode_token_payload(payload, "some-secret")
        with self.assertRaises(AuthenticationFailed) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.detail == "JWT iss (issuer) claim is missing"
Ejemplo n.º 7
0
    def test_missing_expiration(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        del payload['exp']
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.MissingRequiredClaimError):
            handlers.jwt_decode_handler(token)
Ejemplo n.º 8
0
    def test_decode_token_without_issuer(self):
        payload = self.auth_token_payload(self.user, 'some-issuer')
        del payload['iss']
        token = self.encode_token_payload(payload, 'some-secret')
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == 'invalid JWT'
Ejemplo n.º 9
0
    def test_incorrect_signature(self):
        api_key = self.create_api_key(self.user)
        token = self.create_auth_token(api_key.user, api_key.key, api_key.secret)

        decoy_api_key = self.create_api_key(self.user, key="another-issuer", secret="another-secret")

        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token, get_api_key=lambda **k: decoy_api_key)

        assert ctx.exception.message == "Signature verification failed"
Ejemplo n.º 10
0
    def test_expired_token(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        payload['exp'] = (datetime.utcnow() -
                          api_settings.JWT_EXPIRATION_DELTA -
                          timedelta(seconds=10))
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.ExpiredSignatureError):
            handlers.jwt_decode_handler(token)
Ejemplo n.º 11
0
    def test_missing_expiration(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        del payload["exp"]
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(AuthenticationFailed) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.detail == 'Invalid JWT: Token is missing the "exp" claim'
Ejemplo n.º 12
0
    def test_invalid_issued_at_time(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        # Simulate clock skew:
        payload["iat"] = datetime.utcnow() + timedelta(seconds=settings.JWT_AUTH["JWT_LEEWAY"] + 10)
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(AuthenticationFailed) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.detail.startswith("JWT iat (issued at time) is invalid")
Ejemplo n.º 13
0
    def test_disallow_long_expirations(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        payload["exp"] = (
            datetime.utcnow() + timedelta(seconds=settings.MAX_JWT_AUTH_TOKEN_LIFETIME) + timedelta(seconds=1)
        )
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(AuthenticationFailed) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.detail == "JWT exp (expiration) is too long"
Ejemplo n.º 14
0
    def test_disallow_long_expirations(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        payload["exp"] = (
            datetime.utcnow() + timedelta(seconds=settings.MAX_JWT_AUTH_TOKEN_LIFETIME) + timedelta(seconds=1)
        )
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == "Declared expiration was too long"
Ejemplo n.º 15
0
    def test_disallow_long_expirations(self):
        api_key = self.create_api_key(self.user)
        payload = self.auth_token_payload(self.user, api_key.key)
        payload['exp'] = (
            datetime.utcnow() +
            timedelta(seconds=settings.MAX_JWT_AUTH_TOKEN_LIFETIME) +
            timedelta(seconds=1))
        token = self.encode_token_payload(payload, api_key.secret)

        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.message == 'Declared expiration was too long'
Ejemplo n.º 16
0
    def test_incorrect_signature(self):
        api_key = self.create_api_key(self.user)
        token = self.create_auth_token(api_key.user, api_key.key,
                                       api_key.secret)

        decoy_api_key = self.create_api_key(self.user,
                                            key='another-issuer',
                                            secret='another-secret')

        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(token,
                                        get_api_key=lambda **k: decoy_api_key)

        assert ctx.exception.message == 'Signature verification failed'
Ejemplo n.º 17
0
    def test_decode_garbage_token(self):
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler("}}garbage{{")

        assert ctx.exception.message == "Not enough segments"
Ejemplo n.º 18
0
    def test_decode_invalid_non_ascii_token(self):
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(u"Ivan Krsti\u0107")

        assert ctx.exception.message == "Not enough segments"
Ejemplo n.º 19
0
    def test_decode_invalid_non_ascii_token(self):
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler(u'Ivan Krsti\u0107')

        assert ctx.exception.message == 'Not enough segments'
Ejemplo n.º 20
0
    def test_decode_garbage_token(self):
        with self.assertRaises(jwt.DecodeError) as ctx:
            handlers.jwt_decode_handler('}}garbage{{')

        assert ctx.exception.message == 'Not enough segments'
Ejemplo n.º 21
0
    def test_report_unknown_issuer(self):
        token = self.create_auth_token(self.user, "non-existant-issuer", "some-secret")
        with self.assertRaises(AuthenticationFailed) as ctx:
            handlers.jwt_decode_handler(token)

        assert ctx.exception.detail == "Unknown JWT iss (issuer)"