def test_fail_invalidated_tokens_after_update(self, api_client_mgmt, api_client_int, init_users_f): users = [ init_users_f[0], init_users_f[1] ] update = { "email": "*****@*****.**", "current_password": "******" } _, r = api_client_mgmt.login(users[0].email, "correcthorsebatterystaple") assert r.status_code == 200 token_one = r.text auth = {"Authorization": "Bearer " + token_one} _, r = api_client_mgmt.login(users[1].email, "correcthorsebatterystaple") assert r.status_code == 200 token_two = r.text _, r = api_client_int.verify(token_two) assert r.status_code == 200 # test update _, r = api_client_mgmt.update_user(users[1].id, update, auth) assert r.status_code == 204 # verify tokens _, r = api_client_int.verify(token_one) assert r.status_code == 200 with pytest.raises(bravado.exception.HTTPError) as excinfo: _, r = api_client_int.verify(token_two) assert excinfo.value.response.status_code == 401
def verify_token(api_client_int, token, status_code): try: _, r = api_client_int.verify(token) except bravado.exception.HTTPError as herr: assert herr.response.status_code == status_code else: assert r.status_code == status_code
def test_tamper_claims(self, api_client_int, init_users, user_tokens): for user, token in zip(init_users, user_tokens): hdr, claims, sign = explode_jwt(token) claims['mender.tenant'] = 'foobar' tampered = '.'.join([urlsafe_b64encode(json.dumps(hdr).encode()).decode(), urlsafe_b64encode(json.dumps(claims).encode()).decode(), urlsafe_b64encode(sign).decode()]) try: _, r = api_client_int.verify(tampered) except bravado.exception.HTTPError as herr: assert herr.response.status_code == 401
def _do_test_ok( self, api_client_int, api_client_mgmt, init_users, token_request, tenant_id=None, ): user = init_users[0] _, r = api_client_mgmt.login(user.email, "correcthorsebatterystaple") assert r.status_code == 200 user_token = r.text auth = {"Authorization": "Bearer " + user_token} _, r = api_client_mgmt.create_token(token_request, auth) assert r.status_code == 200 personal_access_token = r.text # check if the token is valid _, r = api_client_int.verify(personal_access_token) assert r.status_code == 200 # get tokens tokens, r = api_client_mgmt.list_tokens(auth) assert r.status_code == 200 assert len(tokens) == 1 # revoke token r = api_client_mgmt.delete_token(tokens[0].id, auth) assert r.status_code == 204 # verify token has been removed tokens, r = api_client_mgmt.list_tokens(auth) assert r.status_code == 200 assert len(tokens) == 0 with pytest.raises(bravado.exception.HTTPError) as e: _, r = api_client_int.verify(personal_access_token) assert e.response.status_code == 401
def test_ok(self, api_client_int, api_client_mgmt, init_users): email = "*****@*****.**" password = "******" # log in _, r = api_client_mgmt.login(email, password) assert r.status_code == 200 token = r.text # token is valid _, r = api_client_int.verify(token) assert r.status_code == 200 # log out _, r = api_client_mgmt.logout(auth={"Authorization": "Bearer {}".format(token)}) assert r.status_code == 202 # token is not valid anymore try: _, r = api_client_int.verify(token) except bravado.exception.HTTPError as herr: assert herr.response.status_code == 401
def test_bad_x_original(self, api_client_int, init_users, user_tokens): user, token = init_users[0], user_tokens[0] try: _, r = api_client_int.verify(token, uri='/foobar') except bravado.exception.HTTPError as herr: assert herr.response.status_code == 500
def test_ok(self, api_client_int, init_users, user_tokens): for user, token in zip(init_users, user_tokens): _, r = api_client_int.verify(token) assert r.status_code == 200
def test_fail(self, api_client_int, init_users, token): try: _, r = api_client_int.verify(token) except bravado.exception.HTTPError as herr: assert herr.response.status_code == 401