def test_get_guest_user_no_resource(self): user = {"username": "******"} resources = [] rls = {} token = security_manager.create_guest_access_token(user, resources, rls) fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token security_manager.get_guest_user_from_request(fake_request) self.assertRaisesRegex( ValueError, "Guest token does not contain a resources claim" )
def test_get_guest_user_bad_audience(self): now = time.time() user = {"username": "******"} resources = [{"some": "resource"}] aud = get_url_host() claims = { "user": user, "resources": resources, "rls_rules": [], # standard jwt claims: "aud": "bad_audience", "iat": now, # issued at "type": "guest", } token = jwt.encode( claims, self.app.config["GUEST_TOKEN_JWT_SECRET"], algorithm=self.app.config["GUEST_TOKEN_JWT_ALGO"], ) fake_request = FakeRequest() fake_request.headers[ current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token guest_user = security_manager.get_guest_user_from_request(fake_request) self.assertRaisesRegex(jwt.exceptions.InvalidAudienceError, "Invalid audience") self.assertIsNone(guest_user)
def test_get_guest_user(self): token = self.create_guest_token() fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token guest_user = security_manager.get_guest_user_from_request(fake_request) self.assertIsNotNone(guest_user) self.assertEqual("test_guest", guest_user.username)
def test_get_guest_user_no_user(self): user = None resources = [{"type": "dashboard", "id": 1}] rls = {} token = security_manager.create_guest_access_token(user, resources, rls) fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token guest_user = security_manager.get_guest_user_from_request(fake_request) self.assertIsNone(guest_user) self.assertRaisesRegex(ValueError, "Guest token does not contain a user claim")
def test_get_guest_user_expired_token(self, get_time_mock): # make a just-expired token get_time_mock.return_value = ( time.time() - (self.app.config["GUEST_TOKEN_JWT_EXP_SECONDS"] * 1000) - 1 ) token = self.create_guest_token() fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token guest_user = security_manager.get_guest_user_from_request(fake_request) self.assertIsNone(guest_user)