def testFailedSignatureKey(self):
"""Test requests with an invalid JWT Token."""
assertion_header = (
"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsI"
"mtpZCI6IjZCRWVvQSJ9.eyJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20"
"vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaDciLCJlbWFpbCI6ImFaaaaaaaazaaaaaaaaaaaaaaaaaaaaaa8iLCJhd"
"WQiOiIvcHJvamVjdaaaaaaaaaaaaaaaaaayaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaayOegyMzkzOTQ2NCIsImV4cCI6MTU0Njk4MDUwNiwiaWF0Ijo"
"xNTQ2OTc5OTA2LCJaaCI6InNwb3apaaaaaaaaaaaaaaapayJ9.NZwDs0U_fubYS"
"OmYNJAI9ufgoC84zXOCzZkxclWBVXhb1dBVQHpO-VZW-lworDvKxX_BWqagKYTq"
"wc4ELBcKTQ")
environ = werkzeug_test.EnvironBuilder(
path="/",
headers={
"X-Goog-IAP-JWT-Assertion": assertion_header
},
).get_environ()
request = wsgiapp.HttpRequest(environ)
def Handler(request, *args, **kwargs):
del request, args, kwargs # Unused.
self.fail("Handler shouldn't have been executed.")
manager = webauth.IAPWebAuthManager()
response = manager.SecurityCheck(Handler, request)
self.assertEqual(response.status_code, 401)
def testNoHeader(self):
"""Test requests sent to the Admin UI without an IAP Header."""
environ = werkzeug_test.EnvironBuilder(path="/").get_environ()
request = wsgiapp.HttpRequest(environ)
def Handler(request, *args, **kwargs):
del request, args, kwargs # Unused.
return http_response.HttpResponse("foobar", status=200)
manager = webauth.IAPWebAuthManager()
response = manager.SecurityCheck(Handler, request)
self.assertEqual(response.status_code, 401)
def testSuccessfulKey(self, mock_method):
"""Validate account creation upon successful JWT Authentication."""
environ = werkzeug_test.EnvironBuilder(
path="/", headers={
"X-Goog-IAP-JWT-Assertion": ("valid_key")
}).get_environ()
request = wsgiapp.HttpRequest(environ)
def Handler(request, *args, **kwargs):
del args, kwargs # Unused.
self.assertEqual(request.user, "temp")
return http_response.HttpResponse("success", status=200)
manager = webauth.IAPWebAuthManager()
response = manager.SecurityCheck(Handler, request)
self.assertEqual(response.status_code, 200)
def testFailedSignatureKey(self, mock_get):
"""Test requests with an invalid JWT Token."""
mock_get.return_value.status_code = 200
mock_get.return_value.json.return_value = {
"6BEeoA":
("-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElmi1hJdqtbvdX1INOf5B9dWvkydY\n"
"oowHUXiw8ELWzk/YHESNr8vXQoyOuLOEtLZeCQbFkeLUqxYp1sTArKNu/A==\n"
"-----END PUBLIC KEY-----\n"),
}
assertion_header = (
"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsI"
"mtpZCI6IjZCRWVvQSJ9.eyJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20"
"vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaDciLCJlbWFpbCI6ImFaaaaaaaazaaaaaaaaaaaaaaaaaaaaaa8iLCJhd"
"WQiOiIvcHJvamVjdaaaaaaaaaaaaaaaaaayaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaayOegyMzkzOTQ2NCIsImV4cCI6MTU0Njk4MDUwNiwiaWF0Ijo"
"xNTQ2OTc5OTA2LCJaaCI6InNwb3apaaaaaaaaaaaaaaapayJ9.NZwDs0U_fubYS"
"OmYNJAI9ufgoC84zXOCzZkxclWBVXhb1dBVQHpO-VZW-lworDvKxX_BWqagKYTq"
"wc4ELBcKTQ")
environ = werkzeug_test.EnvironBuilder(
path="/",
headers={
"X-Goog-IAP-JWT-Assertion": assertion_header
},
).get_environ()
request = wsgiapp.HttpRequest(environ)
def Handler(request, *args, **kwargs):
del request, args, kwargs # Unused.
self.fail("Handler shouldn't have been executed.")
manager = webauth.IAPWebAuthManager()
response = manager.SecurityCheck(Handler, request)
mock_get.assert_called_once_with(
"https://www.gstatic.com/iap/verify/public_key")
self.assertEqual(response.status_code, 401)
