class JWTTest(TestCase):
def setUp(self):
self.inst = JWT()
self.key = jwk_from_dict(json.loads(load_testdata('oct.json', 'r')))
self.message = {
'iss': 'joe',
'exp': 1300819380,
'http://example.com/is_root': True,
}
self.compact_jws = (
'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9'
'.'
'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt'
'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
'.'
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
@freeze_time("2011-03-22 18:00:00", tz_offset=0)
def test_decode(self):
message = self.inst.decode(self.compact_jws, self.key)
self.assertEqual(message, self.message)
def test_decode_with_do_time_check_disabled(self):
message = self.inst.decode(self.compact_jws,
self.key,
do_time_check=False)
self.assertEqual(message, self.message)
def test_expiration(self):
self.assertRaisesRegex(JWTDecodeError, 'JWT Expired', self.inst.decode,
self.compact_jws, self.key)
def test_no_before_used_before(self):
compact_jws = self.inst.encode(
{
'nbf':
get_int_from_datetime(
datetime.now(timezone.utc) + timedelta(hours=1))
}, self.key)
self.assertRaisesRegex(JWTDecodeError, 'JWT Not valid yet',
self.inst.decode, compact_jws, self.key)
def test_no_before_used_after(self):
message = {
'nbf':
get_int_from_datetime(
datetime.now(timezone.utc) - timedelta(hours=1))
}
compact_jws = self.inst.encode(message, self.key)
self.assertEqual(self.inst.decode(compact_jws, self.key), message)
class JWTTest(TestCase):
def setUp(self):
self.inst = JWT()
self.key = jwk_from_dict(
json.loads(load_testdata('oct.json', 'r')))
self.message = {
'iss': 'joe',
'exp': 1300819380,
'http://example.com/is_root': True,
}
self.compact_jws = (
'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9'
'.'
'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt'
'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
'.'
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
)
def test_decode(self):
message = self.inst.decode(self.compact_jws, self.key)
self.assertEqual(message, self.message)
def test_answer_with_token(self):
inst = self.target()
inst.update({
'client_id': self.client.id,
'redirect_uri': self.client.get_redirect_uri(),
'response_type': 'id_token token',
'scope': 'openid profile',
'nonce': 'noncestring',
'state': 'statestring',
})
inst.validate()
resp = inst.answer(self.provider, self.owner)
resp.validate()
token = self.store.get_access_token(resp.access_token)
self.assertEqual(resp.token_type, token.get_type())
self.assertEqual(resp.scope, ' '.join(token.get_scope()))
self.assertEqual(resp.expires_in, token.get_expires_in())
self.assertEqual(resp.state, 'statestring')
jwt = JWT(self.jwkset.copy())
self.assertTrue(jwt.verify(resp.id_token))
id_token = json.loads(jwt.decode(resp.id_token).decode('utf8'))
self.assertEqual(id_token['nonce'], 'noncestring')
self.assertEqual(id_token['at_hash'],
self.provider.left_hash(self.client.get_jws_alg(),
resp.access_token))
class JWTTest(TestCase):
def setUp(self):
self.inst = JWT()
self.key = jwk_from_dict(json.loads(load_testdata('oct.json', 'r')))
self.message = {
'iss': 'joe',
'exp': 1300819380,
'http://example.com/is_root': True,
}
self.compact_jws = (
'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9'
'.'
'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt'
'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
'.'
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
def test_decode(self):
message = self.inst.decode(self.compact_jws, self.key)
self.assertEqual(message, self.message)
def test_answer(self):
inst = self.target()
inst.update({
'client_id': self.client.id,
'redirect_uri': self.client.get_redirect_uri(),
'response_type': 'id_token',
'scope': 'openid profile',
'nonce': 'noncestring',
'state': 'statestring',
})
inst.validate()
resp = inst.answer(self.provider, self.owner)
resp.validate()
self.assertEqual(resp.state, 'statestring')
jwt = JWT(self.jwkset.copy())
self.assertTrue(jwt.verify(resp.id_token))
id_token = json.loads(jwt.decode(resp.id_token).decode('utf8'))
self.assertEqual(id_token['nonce'], 'noncestring')
def test_answer(self):
inst = self.target()
inst.update({
'client_id': self.client.id,
'grant_type': 'authorization_code',
'code': self.code.get_code(),
})
inst.validate()
with mock.patch.object(self.provider, 'authorize_client',
return_value=True):
resp = inst.answer(self.provider, self.owner)
jwt = JWT(self.jwkset.copy())
self.assertTrue(jwt.verify(resp.id_token))
id_token = json.loads(jwt.decode(resp.id_token).decode('utf8'))
self.assertEqual(
id_token['at_hash'],
self.provider.left_hash(self.client.get_jws_alg(),
resp.access_token))
def test_answer(self):
inst = self.target()
inst.update({
'client_id': self.client.id,
'grant_type': 'authorization_code',
'code': self.code.get_code(),
})
inst.validate()
with mock.patch.object(self.provider,
'authorize_client',
return_value=True):
resp = inst.answer(self.provider, self.owner)
jwt = JWT(self.jwkset.copy())
self.assertTrue(jwt.verify(resp.id_token))
id_token = json.loads(jwt.decode(resp.id_token).decode('utf8'))
self.assertEqual(
id_token['at_hash'],
self.provider.left_hash(self.client.get_jws_alg(),
resp.access_token))
def jwt_decode_handler(keys, jwt):
_jwt = JWT(keys)
return _jwt.decode(jwt)
def jwt_decode_handler(keys, jwt):
_jwt = JWT(keys)
return _jwt.decode(jwt)
