def test_post_form_failing_jwt_auth_changed_user_secret_key(self):
        """
        Ensure changin secret key on USER level makes tokens invalid
        """
        # fine tune settings
        api_settings.JWT_GET_USER_SECRET_KEY = get_jwt_secret

        tmp_user = CustomUser.objects.create(email='*****@*****.**')
        payload = utils.jwt_payload_handler(tmp_user)
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth,
                                         format='json')

        self.assertEqual(response.status_code, status.HTTP_200_OK)

        # change token, verify
        tmp_user.jwt_secret = uuid.uuid4()
        tmp_user.save()

        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth)

        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

        # revert api settings
        api_settings.JWT_GET_USER_SECRET_KEY = DEFAULTS[
            'JWT_GET_USER_SECRET_KEY']
Ejemplo n.º 2
0
    def test_jwt_encode(self):
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)

        payload_data = base64url_decode(token.split('.')[1].encode('utf-8'))
        payload_from_token = json.loads(payload_data.decode('utf-8'))

        self.assertEqual(payload_from_token, payload)
Ejemplo n.º 3
0
    def test_jwt_decode_verify_exp(self):
        api_settings.JWT_VERIFY_EXPIRATION = False

        payload = utils.jwt_payload_handler(self.user)
        payload['exp'] = 1
        token = utils.jwt_encode_handler(payload)
        utils.jwt_decode_handler(token)

        api_settings.JWT_VERIFY_EXPIRATION = True
Ejemplo n.º 4
0
    def test_jwt_payload_handler_no_email_address(self):
        user = CustomUserWithoutEmail.objects.create(username=self.username)

        payload = utils.jwt_payload_handler(user)
        self.assertTrue(isinstance(payload, dict))
        self.assertFalse(hasattr(payload, 'email'))
        self.assertEqual(payload['user_id'], self.user.pk)
        self.assertEqual(payload['username'], self.username)
        self.assertTrue('exp' in payload)
Ejemplo n.º 5
0
    def test_jwt_payload_handler(self):
        payload = utils.jwt_payload_handler(self.user)

        pytest.deprecated_call(utils.jwt_payload_handler, self.user)

        self.assertTrue(isinstance(payload, dict))
        self.assertEqual(payload['user_id'], self.user.pk)
        self.assertEqual(payload['email'], self.email)
        self.assertEqual(payload['username'], self.username)
        self.assertTrue('exp' in payload)
Ejemplo n.º 6
0
    def create_token(self, user, exp=None, orig_iat=None):
        payload = utils.jwt_payload_handler(user)
        if exp:
            payload['exp'] = exp

        if orig_iat:
            payload['orig_iat'] = timegm(orig_iat.utctimetuple())

        token = utils.jwt_encode_handler(payload)
        return token
    def test_post_json_passing_jwt_auth(self):
        """
        Ensure POSTing JSON over JWT auth with correct credentials
        passes and does not require CSRF
        """
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth,
                                         format='json')

        self.assertEqual(response.status_code, status.HTTP_200_OK)
    def test_post_passing_jwt_auth_with_oauth2_priority(self):
        """
        Ensure POSTing over JWT auth with correct credentials
        passes and does not require CSRF when OAuth2Authentication
        has priority on authentication_classes
        """
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        response = self.csrf_client.post('/oauth2-jwt/',
                                         {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth,
                                         format='json')

        self.assertEqual(response.status_code, status.HTTP_200_OK, response)
    def test_post_expired_token_failing_jwt_auth(self):
        """
        Ensure POSTing over JWT auth with expired token fails
        """
        payload = utils.jwt_payload_handler(self.user)
        payload['exp'] = 1
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth,
                                         format='json')

        msg = 'Signature has expired.'

        self.assertEqual(response.data['detail'], msg)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
        self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
Ejemplo n.º 10
0
    def test_jwt_login_with_expired_token(self):
        """
        Ensure JWT login view works even if expired token is provided
        """
        payload = utils.jwt_payload_handler(self.user)
        payload['exp'] = 1
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        client = APIClient(enforce_csrf_checks=True)
        response = client.post('/auth-token/',
                               self.data,
                               HTTP_AUTHORIZATION=auth,
                               format='json')

        decoded_payload = utils.jwt_decode_handler(response.data['token'])

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(decoded_payload['username'], self.username)
    def test_different_auth_header_prefix(self):
        """
        Ensure using a different setting for `JWT_AUTH_HEADER_PREFIX` and
        with correct credentials passes.
        """
        api_settings.JWT_AUTH_HEADER_PREFIX = 'Bearer'

        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)

        auth = 'Bearer {0}'.format(token)
        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth,
                                         format='json')

        self.assertEqual(response.status_code, status.HTTP_200_OK)

        # Restore original settings
        api_settings.JWT_AUTH_HEADER_PREFIX = DEFAULTS[
            'JWT_AUTH_HEADER_PREFIX']
    def test_post_form_passing_jwt_auth(self):
        """
        Ensure POSTing form over JWT auth with correct credentials
        passes and does not require CSRF
        """
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)

        auth = 'JWT {0}'.format(token)
        response = self.csrf_client.post('/jwt/', {'example': 'example'},
                                         HTTP_AUTHORIZATION=auth)

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response.content, b'mockview-post')

        # Ensure `authenticate` returned the decoded payload.
        self.assertEqual(response.wsgi_request.user, self.user)
        payload = response.wsgi_request.auth
        self.assertIsInstance(payload, dict)
        self.assertEqual(set(payload.keys()),
                         {'user_id', 'username', 'exp', 'email'})
Ejemplo n.º 13
0
 def test_fail_issuer_wrong(self):
     payload = utils.jwt_payload_handler(self.user)
     payload['iss'] = 'example2.com'
     token = utils.jwt_encode_handler(payload)
     with self.assertRaises(jwt.exceptions.InvalidIssuerError):
         utils.jwt_decode_handler(token)
Ejemplo n.º 14
0
    def test_jwt_response_payload(self):
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)
        response_data = utils.jwt_response_payload_handler(token)

        self.assertEqual(response_data, dict(token=token))
Ejemplo n.º 15
0
    def test_jwt_decode(self):
        payload = utils.jwt_payload_handler(self.user)
        token = utils.jwt_encode_handler(payload)
        decoded_payload = utils.jwt_decode_handler(token)

        self.assertEqual(decoded_payload, payload)
Ejemplo n.º 16
0
 def test_fail_audience_missing(self):
     payload = utils.jwt_payload_handler(self.user)
     del payload['aud']
     token = utils.jwt_encode_handler(payload)
     with self.assertRaises(jwt.exceptions.MissingRequiredClaimError):
         utils.jwt_decode_handler(token)
Ejemplo n.º 17
0
 def test_fail_audience_wrong(self):
     payload = utils.jwt_payload_handler(self.user)
     payload['aud'] = 'my_aud2'
     token = utils.jwt_encode_handler(payload)
     with self.assertRaises(jwt.exceptions.InvalidAudienceError):
         utils.jwt_decode_handler(token)