def testFailedSignatureKey(self): """Test requests with an invalid JWT Token.""" assertion_header = ( "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsI" "mtpZCI6IjZCRWVvQSJ9.eyJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20" "vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaDciLCJlbWFpbCI6ImFaaaaaaaazaaaaaaaaaaaaaaaaaaaaaa8iLCJhd" "WQiOiIvcHJvamVjdaaaaaaaaaaaaaaaaaayaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaayOegyMzkzOTQ2NCIsImV4cCI6MTU0Njk4MDUwNiwiaWF0Ijo" "xNTQ2OTc5OTA2LCJaaCI6InNwb3apaaaaaaaaaaaaaaapayJ9.NZwDs0U_fubYS" "OmYNJAI9ufgoC84zXOCzZkxclWBVXhb1dBVQHpO-VZW-lworDvKxX_BWqagKYTq" "wc4ELBcKTQ") environ = werkzeug_test.EnvironBuilder( path="/", headers={ "X-Goog-IAP-JWT-Assertion": assertion_header }, ).get_environ() request = wsgiapp.HttpRequest(environ) def Handler(request, *args, **kwargs): del request, args, kwargs # Unused. self.fail("Handler shouldn't have been executed.") manager = webauth.IAPWebAuthManager() response = manager.SecurityCheck(Handler, request) self.assertEqual(response.status_code, 401)
def testNoHeader(self): """Test requests sent to the Admin UI without an IAP Header.""" environ = werkzeug_test.EnvironBuilder(path="/").get_environ() request = wsgiapp.HttpRequest(environ) def Handler(request, *args, **kwargs): del request, args, kwargs # Unused. return http_response.HttpResponse("foobar", status=200) manager = webauth.IAPWebAuthManager() response = manager.SecurityCheck(Handler, request) self.assertEqual(response.status_code, 401)
def testSuccessfulKey(self, mock_method): """Validate account creation upon successful JWT Authentication.""" environ = werkzeug_test.EnvironBuilder( path="/", headers={ "X-Goog-IAP-JWT-Assertion": ("valid_key") }).get_environ() request = wsgiapp.HttpRequest(environ) def Handler(request, *args, **kwargs): del args, kwargs # Unused. self.assertEqual(request.user, "temp") return http_response.HttpResponse("success", status=200) manager = webauth.IAPWebAuthManager() response = manager.SecurityCheck(Handler, request) self.assertEqual(response.status_code, 200)
def testFailedSignatureKey(self, mock_get): """Test requests with an invalid JWT Token.""" mock_get.return_value.status_code = 200 mock_get.return_value.json.return_value = { "6BEeoA": ("-----BEGIN PUBLIC KEY-----\n" "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElmi1hJdqtbvdX1INOf5B9dWvkydY\n" "oowHUXiw8ELWzk/YHESNr8vXQoyOuLOEtLZeCQbFkeLUqxYp1sTArKNu/A==\n" "-----END PUBLIC KEY-----\n"), } assertion_header = ( "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsI" "mtpZCI6IjZCRWVvQSJ9.eyJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20" "vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaDciLCJlbWFpbCI6ImFaaaaaaaazaaaaaaaaaaaaaaaaaaaaaa8iLCJhd" "WQiOiIvcHJvamVjdaaaaaaaaaaaaaaaaaayaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaayOegyMzkzOTQ2NCIsImV4cCI6MTU0Njk4MDUwNiwiaWF0Ijo" "xNTQ2OTc5OTA2LCJaaCI6InNwb3apaaaaaaaaaaaaaaapayJ9.NZwDs0U_fubYS" "OmYNJAI9ufgoC84zXOCzZkxclWBVXhb1dBVQHpO-VZW-lworDvKxX_BWqagKYTq" "wc4ELBcKTQ") environ = werkzeug_test.EnvironBuilder( path="/", headers={ "X-Goog-IAP-JWT-Assertion": assertion_header }, ).get_environ() request = wsgiapp.HttpRequest(environ) def Handler(request, *args, **kwargs): del request, args, kwargs # Unused. self.fail("Handler shouldn't have been executed.") manager = webauth.IAPWebAuthManager() response = manager.SecurityCheck(Handler, request) mock_get.assert_called_once_with( "https://www.gstatic.com/iap/verify/public_key") self.assertEqual(response.status_code, 401)