def test_token_lifecycle(mock_app_config): # noqa: F811
context = _setup_event_context(mock_app_config)
payload = {
'test': 'test_value',
'iat': datetime.now().astimezone(timezone.utc).timestamp(),
'exp': datetime.now().astimezone(timezone.utc) + timedelta(seconds=2)
}
token = auth.new_token(payload)
assert token is not None
decoded = auth.validate_token(token, context)
assert decoded == payload
time.sleep(3)
assert auth.validate_token(token, context) is None
with pytest.raises(ExpiredSignatureError):
auth.decode_token(token)
with pytest.raises(DecodeError):
auth.decode_token('INVALID_TOKEN!!')
token = auth.new_token(payload={
'test': 'test_value',
'iat': datetime.now().astimezone(timezone.utc),
'exp': datetime.now().astimezone(timezone.utc) + timedelta(seconds=2)
})
auth.init(AuthConfig(
secrets_location=f"/tmp/{uuid.uuid4()}",
auth_passphrase='test',
enabled=True,
create_keys=True
))
assert auth.validate_token(token, context) is None
with pytest.raises(InvalidSignatureError):
auth.decode_token(token)
def _create_access_token(self, now_ts: int, timeout: int,
renew: int) -> str:
"""
Returns a new access token encoding `info` and expiring in `access_token_expiration` seconds
"""
auth_payload = {"iat": now_ts, "exp": now_ts + timeout}
return auth.new_token(self.app_key, auth_payload)
def test_client_tokens(mock_app_config, mock_client_app_config): # noqa: F811
server_context = _setup_server_context(mock_app_config)
assert auth.app_private_key(server_context.app_key) is not None
assert auth.app_public_key(server_context.app_key) is not None
client_context = _setup_client_context(mock_client_app_config, mock_app_config, register_client_key=True)
assert auth.app_private_key(client_context.app_key) is not None
assert auth.app_public_key(client_context.app_key) is not None
payload = {
'test': 'test_value',
'iat': datetime.now(tz=timezone.utc),
'exp': datetime.now(tz=timezone.utc) + timedelta(seconds=2)
}
# Client-generated token validated in server
token = auth.new_token(client_context.app_key, payload)
assert token is not None
_switch_auth_context(mock_app_config)
decoded = auth.validate_token(token, server_context)
assert decoded == {
'test': 'test_value',
'iat': int(payload['iat'].timestamp()),
'exp': int(payload['exp'].timestamp()),
"app": client_context.app_key
}
def _new_refresh_token(info: dict, context: EventContext, now: datetime,
timeout: int):
"""
Returns a new refresh token encoding `info` and expiring in `refresh_token_expiration` seconds
"""
auth_payload = {
**info, "iat": now,
"exp": now + timedelta(seconds=timeout)
}
return auth.new_token(context.app_key, auth_payload)
def _new_access_token(info: dict, context: EventContext, now: datetime,
timeout: int, renew: int):
"""
Returns a new access token encoding `info` and expiring in `access_token_expiration` seconds
"""
auth_payload = {
**info, "iat": now,
"exp": now + timedelta(seconds=timeout),
"renew": renew
}
return auth.new_token(context.app_key, auth_payload)
def test_auth_method_refresh(mock_app_config): # noqa: F811
context = _setup_event_context(mock_app_config)
payload = {'test': 'test_value', 'exp': datetime.now().astimezone(timezone.utc) + timedelta(seconds=2)}
token = auth.new_token(payload)
assert auth.validate_auth_method(
AuthType.REFRESH,
data=token,
context=context) is None
assert context.auth_info['allowed']
assert context.auth_info['auth_type'] == AuthType.REFRESH
assert context.auth_info['payload'] == auth.decode_token(token)
def test_auth_method_bearer(mock_app_config): # noqa: F811
context = _setup_server_context(mock_app_config)
payload = {
'test': 'test_value',
'exp': datetime.now(tz=timezone.utc) + timedelta(seconds=2)
}
token = auth.new_token(mock_app_config.app_key(), payload)
assert auth.validate_auth_method(
AuthType.BEARER,
data=token,
context=context) is None
assert context.auth_info['allowed']
assert context.auth_info['auth_type'] == AuthType.BEARER
assert context.auth_info['payload'] == auth.decode_token(token)
def test_client_not_registered(mock_app_config, mock_client_app_config): # noqa: F811
server_context = _setup_server_context(mock_app_config)
client_context = _setup_client_context(
mock_client_app_config, mock_app_config, register_client_key=False
)
payload = {
'test': 'test_value',
'iat': datetime.now(tz=timezone.utc),
'exp': datetime.now(tz=timezone.utc) + timedelta(seconds=2)
}
# Client-generated token validated in server
token = auth.new_token(client_context.app_key, payload)
assert token is not None
_switch_auth_context(mock_app_config)
decoded = auth.validate_token(token, server_context)
assert decoded is None