def __create_get_token(service_id): if service_id: return create_jwt_token(request_method="GET", request_path=url_for('service.get_service', service_id=service_id), secret=get_unsigned_secrets(service_id)[0], client_id=service_id) else: return create_jwt_token(request_method="GET", request_path=url_for('service.get_service'), secret=get_unsigned_secrets(service_id)[0], client_id=service_id)
def __create_get_token(service_id): if service_id: return create_jwt_token( request_method="GET", request_path=url_for("service.get_service", service_id=service_id), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, ) else: return create_jwt_token( request_method="GET", request_path=url_for("service.get_service"), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, )
def fetch_client(client): from flask import current_app if client == current_app.config.get("ADMIN_CLIENT_USER_NAME"): return {"client": client, "secret": [current_app.config.get("ADMIN_CLIENT_SECRET")]} else: return {"client": client, "secret": get_unsigned_secrets(client)}
def create_authorization_header(path, method, request_body=None, service_id=None): if service_id: client_id = service_id secret = get_unsigned_secrets(service_id)[0] else: client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') secret = current_app.config.get('ADMIN_CLIENT_SECRET') if request_body: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id, request_body=request_body) else: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id) return 'Authorization', 'Bearer {}'.format(token)
def __create_post_token(service_id, request_body): return create_jwt_token( request_method="POST", request_path=url_for("service.create_service"), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, request_body=request_body, )
def test_should_return_unsigned_api_keys_for_service_id(notify_api, notify_db, notify_db_session, sample_api_key): unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id) assert len(unsigned_api_key) == 1 assert sample_api_key.secret != unsigned_api_key[0] assert unsigned_api_key[0] == _get_secret(sample_api_key.secret)
def test_should_not_allow_service_id_that_is_not_the_wrong_data_type(client, sample_api_key): token = create_jwt_token(secret=get_unsigned_secrets(sample_api_key.service_id)[0], client_id=str('not-a-valid-id')) response = client.get( '/notifications', headers={'Authorization': "Bearer {}".format(token)} ) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['message'] == {"token": ['Invalid token: service id is not the right data type']}
def test_should_not_allow_incorrect_path(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token( request_method="GET", request_path="/bad", secret=get_unsigned_secrets(sample_api_key.service_id)[0], client_id=sample_api_key.service_id, ) response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data["error"] == "Invalid token: request"
def test_should_not_allow_incorrect_path(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token(request_method="GET", request_path="/bad", secret=get_unsigned_secrets( sample_api_key.service_id)[0], client_id=sample_api_key.service_id) response = client.get( url_for('service.get_service'), headers={'Authorization': "Bearer {}".format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['error'] == 'Invalid token: request'
def test_auth_should_not_allow_request_with_extra_claims( client, sample_api_key): iss = str(sample_api_key.service_id) key = get_unsigned_secrets(sample_api_key.service_id)[0] headers = {"typ": 'JWT', "alg": 'HS256'} claims = { 'iss': iss, 'iat': int(time.time()), 'aud': 'notifications.service.gov.uk' # extra claim that we don't support } token = jwt.encode(payload=claims, key=key, headers=headers) request.headers = {'Authorization': 'Bearer {}'.format(token)} with pytest.raises(AuthError) as exc: requires_auth() assert exc.value.short_message == GENERAL_TOKEN_ERROR_MESSAGE
def create_authorization_header(path, method, request_body=None, service_id=None): if service_id: client_id = service_id secret = get_unsigned_secrets(service_id)[0] else: client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') secret = current_app.config.get('ADMIN_CLIENT_SECRET') if request_body: token = create_jwt_token( request_method=method, request_path=path, secret=secret, client_id=client_id, request_body=request_body) else: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id) return 'Authorization', 'Bearer {}'.format(token)
def __create_token(service_id): return create_jwt_token(secret=get_unsigned_secrets(service_id)[0], client_id=str(service_id))
def __create_post_token(service_id, request_body): return create_jwt_token(request_method="POST", request_path=url_for('service.create_service'), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, request_body=request_body)
def test_should_return_unsigned_api_keys_for_service_id(sample_api_key): unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id) assert len(unsigned_api_key) == 1 assert sample_api_key._secret != unsigned_api_key[0] assert unsigned_api_key[0] == sample_api_key.secret
def test_should_return_unsigned_api_keys_for_service_id(sample_api_key): unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id) assert len(unsigned_api_key) == 1 assert sample_api_key.secret != unsigned_api_key[0] assert unsigned_api_key[0] == get_secret(sample_api_key.secret)