def test__validate_jwt_data__fails_when_jit_is_blacklisted(
self, app, user_class,
):
guard = Praetorian(app, user_class, is_blacklisted=(lambda jti: True))
data = dict(jti='jti')
with pytest.raises(BlacklistedError):
guard._validate_jwt_data(data, AccessType.access)
def test__validate_jwt_data__fails_when_exp_is_missing(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = dict(jti='jti', id=1)
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing exp' in str(err_info.value)
def test__validate_jwt_data__fails_when_missing_jti(
self,
app,
user_class,
):
guard = Praetorian(app, user_class)
data = dict()
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert "missing jti" in str(err_info.value)
def test__validate_jwt_data__fails_when_refresh_is_missing(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = {
'jti': 'jti',
'id': 1,
'exp': pendulum.parse('2017-05-21 19:54:30').int_timestamp,
}
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing {}'.format(
REFRESH_EXPIRATION_CLAIM
) in str(err_info.value)
def test__validate_jwt_data__succeeds_when_refreshing(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = {
'jti': 'jti',
'id': 1,
'exp': pendulum.parse('2017-05-21 19:54:30').int_timestamp,
REFRESH_EXPIRATION_CLAIM: pendulum.parse(
'2017-05-21 20:54:30'
).int_timestamp,
}
moment = pendulum.parse('2017-05-21 19:54:32')
with freezegun.freeze_time(moment):
guard._validate_jwt_data(data, AccessType.refresh)
def test__validate_jwt_data__fails_on_early_refresh(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = {
'jti': 'jti',
'id': 1,
'exp': pendulum.parse('2017-05-21 19:54:30').int_timestamp,
REFRESH_EXPIRATION_CLAIM: pendulum.parse(
'2017-05-21 20:54:30'
).int_timestamp,
}
moment = pendulum.parse('2017-05-21 19:54:28')
with freezegun.freeze_time(moment):
with pytest.raises(EarlyRefreshError):
guard._validate_jwt_data(data, AccessType.refresh)
def test__validate_jwt_data__fails_when_access_has_expired(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = {
'jti': 'jti',
'id': 1,
'exp': pendulum.parse('2017-05-21 19:54:30').int_timestamp,
REFRESH_EXPIRATION_CLAIM: pendulum.parse(
'2017-05-21 20:54:30'
).int_timestamp,
}
moment = pendulum.parse('2017-05-21 19:54:32')
with freezegun.freeze_time(moment):
with pytest.raises(ExpiredAccessError):
guard._validate_jwt_data(data, AccessType.access)
def test__validate_jwt_data__succeeds_when_registering(
self,
app,
user_class,
):
guard = Praetorian(app, user_class)
data = {
"jti": "jti",
"id": 1,
"exp": pendulum.parse("2017-05-21 19:54:30").int_timestamp,
REFRESH_EXPIRATION_CLAIM:
pendulum.parse("2017-05-21 20:54:30").int_timestamp,
IS_REGISTRATION_TOKEN_CLAIM: True,
}
with plummet.frozen_time('2017-05-21 19:54:28'):
guard._validate_jwt_data(data, AccessType.register)
def test__validate_jwt_data__fails_on_access_with_reset_claim(
self, app, user_class,
):
guard = Praetorian(app, user_class)
data = {
'jti': 'jti',
'id': 1,
'exp': pendulum.parse('2017-05-21 19:54:30').int_timestamp,
REFRESH_EXPIRATION_CLAIM: pendulum.parse(
'2017-05-21 20:54:30'
).int_timestamp,
IS_RESET_TOKEN_CLAIM: True,
}
moment = pendulum.parse('2017-05-21 19:54:28')
with freezegun.freeze_time(moment):
with pytest.raises(MisusedResetToken):
guard._validate_jwt_data(data, AccessType.access)
def test__validate_jwt_data__fails_on_access_with_reset_claim(
self,
app,
user_class,
):
guard = Praetorian(app, user_class)
data = {
"jti": "jti",
"id": 1,
"exp": pendulum.parse("2017-05-21 19:54:30").int_timestamp,
REFRESH_EXPIRATION_CLAIM:
pendulum.parse("2017-05-21 20:54:30").int_timestamp,
IS_RESET_TOKEN_CLAIM: True,
}
with plummet.frozen_time('2017-05-21 19:54:28'):
with pytest.raises(MisusedResetToken):
guard._validate_jwt_data(data, AccessType.access)
def test__validate_jwt_data__fails_when_refresh_has_expired(
self,
app,
user_class,
):
guard = Praetorian(app, user_class)
data = {
"jti":
"jti",
"id":
1,
"exp":
pendulum.parse("2017-05-21 19:54:30").int_timestamp,
REFRESH_EXPIRATION_CLAIM:
pendulum.parse("2017-05-21 20:54:30").int_timestamp,
}
with plummet.frozen_time('2017-05-21 20:54:32'):
with pytest.raises(ExpiredRefreshError):
guard._validate_jwt_data(data, AccessType.refresh)
def test__validate_jwt_data(self, app, user_class):
"""
This test verifies that the _validate_jwt_data method properly
validates the data for a jwt token. It checks that the proper
exceptions are raised when validation fails and that no exceptions are
raised when validation passes
"""
guard = Praetorian(
app,
user_class,
is_blacklisted=(lambda jti: jti == 'blacklisted'),
)
data = dict()
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing jti' in str(err_info.value)
data = dict(jti='blacklisted')
with pytest.raises(BlacklistedError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
data = dict(jti='jti')
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing id' in str(err_info.value)
data = dict(jti='jti', id=1)
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing exp' in str(err_info.value)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
)
with pytest.raises(MissingClaimError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
assert 'missing rf_exp' in str(err_info.value)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
rf_exp=pendulum.parse('2017-05-21 20:54:30').int_timestamp,
)
moment = pendulum.parse('2017-05-21 19:54:32')
with freezegun.freeze_time(moment):
with pytest.raises(ExpiredAccessError) as err_info:
guard._validate_jwt_data(data, AccessType.access)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
rf_exp=pendulum.parse('2017-05-21 20:54:30').int_timestamp,
)
moment = pendulum.parse('2017-05-21 19:54:28')
with freezegun.freeze_time(moment):
with pytest.raises(EarlyRefreshError) as err_info:
guard._validate_jwt_data(data, AccessType.refresh)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
rf_exp=pendulum.parse('2017-05-21 20:54:30').int_timestamp,
)
moment = pendulum.parse('2017-05-21 20:54:32')
with freezegun.freeze_time(moment):
with pytest.raises(ExpiredRefreshError) as err_info:
guard._validate_jwt_data(data, AccessType.refresh)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
rf_exp=pendulum.parse('2017-05-21 20:54:30').int_timestamp,
)
moment = pendulum.parse('2017-05-21 19:54:28')
with freezegun.freeze_time(moment):
guard._validate_jwt_data(data, AccessType.access)
data = dict(
jti='jti',
id=1,
exp=pendulum.parse('2017-05-21 19:54:30').int_timestamp,
rf_exp=pendulum.parse('2017-05-21 20:54:30').int_timestamp,
)
moment = pendulum.parse('2017-05-21 19:54:32')
with freezegun.freeze_time(moment):
guard._validate_jwt_data(data, AccessType.refresh)
