def expected_filter_by_role_result(token_id1, token_id4):
return [
Token(cid="username", r=["admin", "lead", "analyst"], cts=datetime(2020, 1, 1),
ets=datetime(2020, 2, 1), rcid="username", tid=token_id1),
Token(cid="username", r=["analyst"], cts=datetime(2019, 1, 1), ets=datetime(2019, 2, 1),
rcid="username", tid=token_id4)
]
def create_token(self,
client_id,
roles=[],
requesting_client=None,
expiration=None):
"""Create a JWT token for use in Lowball applications.
:param client_id: client id for the token
:type client_id: str
:param roles: list of roles to give the client
:type roles: list(str)
:param requesting_client: The user requesting the token
:type requesting_client: str
:param expiration: time of expiration for this token
:type expiration: datetime
:return: Token and token data
:rtype: str, Token
"""
if not client_id or not isinstance(client_id, str):
raise BadRequestException("Invalid client id")
if not roles:
roles = []
if not isinstance(roles, list) or not all(
isinstance(r, str) for r in roles):
raise BadRequestException("Roles must be a list of strings")
if requesting_client is not None and not isinstance(
requesting_client, str):
raise BadRequestException("Invalid requesting client id")
now = datetime.datetime.utcnow()
if not requesting_client:
requesting_client = client_id
if expiration is None:
expiration = now + datetime.timedelta(
seconds=self.config.default_token_life)
token_id = generate_token_id()
token_data = Token(cid=client_id,
r=roles,
cts=now,
ets=expiration,
rcid=requesting_client,
tid=token_id)
if token_data.expiration - now > datetime.timedelta(
seconds=self.config.max_token_life):
raise InvalidTokenLifeException
token = jwt.encode(token_data.to_dict(),
self.config.token_secret,
algorithm="HS256")
return token, token_data
def test_to_dict_method_returns_proper_data(self, username, roles, created,
expiration, issued_by,
token_id, token_dict):
token = Token(cid=username,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
assert token.to_dict() == token_dict
def test_setting_roles_to_bad_value_raises_type_error(
self, username, roles, created, expiration, issued_by, token_id,
not_list):
token = Token(cid=username,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
with pytest.raises(TypeError):
token.roles = not_list
def test_setting_expiration_to_bad_string_raises_value_error(
self, username, roles, created, expiration, issued_by, token_id,
bad_date_string):
token = Token(cid=username,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
with pytest.raises(ValueError):
token.expiration = bad_date_string
def test_setting_expiration_to_not_datetime_raises_type_error(
self, username, roles, created, expiration, issued_by, token_id,
not_datetime):
token = Token(cid=username,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
with pytest.raises(TypeError):
token.expiration = not_datetime
def test_setting_roles_to_bad_value_after_init_raises_value_error(
self, username, roles, created, expiration, issued_by, token_id,
invalid_roles):
token = Token(cid=username,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
with pytest.raises(ValueError):
token.roles = invalid_roles
def expired_token(token_id):
return Token(cid="username",
r=[],
cts=datetime.datetime(2019, 11, 1),
ets=datetime.datetime(2019, 12, 1),
rcid="another_user",
tid=token_id)
def token(token_id, all_roles):
return Token(cid="username",
r=all_roles,
cts=datetime.datetime(2020, 1, 1),
ets=datetime.datetime(2020, 2, 1),
rcid="username",
tid=token_id)
def mock_list_tokens(monkeypatch, token_id1, token_id2, token_id3, token_id5, token_id4):
mock_return = Mock()
mock_return.return_value = [
Token(cid="username", r=["admin", "lead", "analyst"], cts=datetime(2020, 1, 1),
ets=datetime(2020, 2, 1), rcid="username", tid=token_id1),
Token(cid="other_user", r=["admin"], cts=datetime(2020, 1, 1), ets=datetime(2020, 2, 1),
rcid="username", tid=token_id2),
Token(cid="username", r=["admin", "lead"], cts=datetime(2019, 1, 1),
ets=datetime(2019, 2, 1), rcid="username", tid=token_id5),
Token(cid="other_user", r=[], cts=datetime(2020, 1, 1), ets=datetime(2020, 2, 1),
rcid="username", tid=token_id3),
Token(cid="username", r=["analyst"], cts=datetime(2019, 1, 1), ets=datetime(2019, 2, 1),
rcid="username", tid=token_id4)
]
monkeypatch.setattr(DefaultAuthDB, "list_tokens", mock_return)
def decoded_data(token_id):
return Token(cid="username1",
r=['admin', 'lead', 'analyst'],
cts='2020-01-01 00:00:00',
ets='2020-01-01 00:30:00',
rcid="username1",
tid=token_id)
def create_token3(token_id, fake_now, all_roles):
return Token(cid="username1",
r=all_roles,
cts=fake_now,
ets=datetime.datetime(2020, 1, 1, 0, 30),
rcid="username2",
tid=token_id)
def mocked_decode_token(self, token):
return Token(cid="username",
r=[],
cts=datetime.datetime(2019, 11, 1),
ets=datetime.datetime(2019, 12, 1),
rcid="another_user",
tid=token_id)
def mocked_lookup_token(token):
return Token(cid="different_user",
r=[],
cts=datetime.datetime(2019, 11, 1),
ets=datetime.datetime(2020, 12, 1),
rcid="another_user",
tid=token_id)
def _load_token(self, token_id):
"""Load token data from the file system into a token object.
If there is a token file for the given token ID, but the data cannot be loaded
into a Token object, then the file will automatically be deleted by this
method, as this could cause issues with other operations.
:param token_id: the identifier of the token to be loaded
:return: token object
:rtype: Token
"""
if not valid_token_id(token_id):
raise ValueError(f"invalid token_id: {token_id}")
token_file = self.token_path.joinpath(token_id)
if not token_file.exists():
return None
with open(token_file, "r") as f:
data = self._YAML.load(f)
try:
return Token(**data)
except (TypeError, ValueError):
self._delete_token(token_id)
def test_init_raises_type_error_when_improper_data_passed_in(
self, user, roles, created, expiration, issued_by, token_id):
with pytest.raises(TypeError):
Token(cid=user,
r=roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
def test_not_all_roles_strings_raises_value_error(self, username, created,
expiration, issued_by,
token_id, invalid_roles):
with pytest.raises(ValueError):
Token(cid=username,
r=invalid_roles,
cts=created,
ets=expiration,
rcid=issued_by,
tid=token_id)
def decode_token(self, token):
"""Decode a Lowball token.
:param token: JWT Lowball token string
:type token: str
:return: token data object
:rtype: Token
"""
try:
payload = jwt.decode(token,
self.config.token_secret,
algorithms=["HS256"])
except Exception as err:
raise InvalidTokenException(str(err))
return Token(**payload)